Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals

From: "Dave Farber" <farber () gmail com>
Date: Tue, 4 Dec 2018 13:51:34 +0900



Begin forwarded message:

From: "Bob Frankston" <Bob19-0501 () bobf frankston com>
Subject: RE: [IP] Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
Date: December 4, 2018 13:05:08 JST
To: dave () farber net, "     'ip'" <ip () listbox com>

I checked the date on that article. 2018? Today aren’t people using https now for anything that matters? What bank 
uses unencrypted credentials?

If airports are a problem – what about lightbulbs which can also sniff packets and send them to cloud services? Or 
your refrigerator or toy?
 
The real problem with these scare tactics is that they lead to barriers to connectivity that work against secure 
relationships between end points. You see this when you use WiFi in a plane and find there is a security certificate 
in the middle. You see this when you try to connect your app and find out that it doesn’t work until you manually 
open your browser and then have to login to the access point and that login is the real security problem. Why should 
you trust it?
 
I call anything that requires you to manually login WebFi, not WiFi. Good for the web of yesteryear but not for 
today’s connected devices such as a wrist device monitoring your heart. Preventing medical devices from working seems 
more of a threat than the one remaining bank that doesn’t use encryption – it’s vaults are probably already empty.
 
Bob Frankston
http://Frankston.com <http://frankston.com/>
 
From: Dave Farber <farber () gmail com> 
Sent: Monday, December 3, 2018 17:55
To: ip <ip () listbox com>
Subject: [IP] Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
 



Begin forwarded message:


From: the keyboard of geoff goodfellow <geoff () iconia com <mailto:geoff () iconia com>>
Date: December 4, 2018 at 7:51:34 AM GMT+9
To: Interesting Stuff list <is () iconia com <mailto:is () iconia com>>
Subject: IS: Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals

Airport Wi-Fi can be a security nightmare. Here's what you can do to stop cyber criminals
https://www.latimes.com/travel/la-tr-spot-cyber-security-threats-20181202-story.html 
<https://www.latimes.com/travel/la-tr-spot-cyber-security-threats-20181202-story.html>
EXCERPT:

You may find an evil twin out there — not your own but one that still can do great harm. That nasty double often 
awaits you at your airport, ready to attack when you least expect it.


That’s just one of the findings in a report that assesses the vulnerability of airport Wi-Fi, done not to bust the 
airports’ chops,but to make airports and travelers aware of the problems they could encounter.
 
Of the 45 airports reviewed, the report by Coronet said, two we might use could pose a special risk: San Diego and 
Orange County’s John Wayne, which rated No. 1 and No. 2, respectively, on the “Top 10 Most Vulnerable Airports.”
 
Airports, said Dror Liwer, chief security officer for Coronet, a cyber-security firm, are a fertile field because 
there’s a concentration of “high-value assets,” which include business travelers who may unwittingly open 
themselves up to an attack, he said.
 
That’s where the evil twin comes in. Let’s say you’re sitting in an airport lounge or maybe right outside the 
lounge. You see a Wi-Fi network that says, “FreeAirportWiFi.” Great, you think. Most airports do have free Wi-Fi. 
They may make you watch a couple of commercials (or you may pay a bit to skip those), but otherwise, the 
connectivity is there for you.
 
“I always say that in the balance between convenience and security, convenience always wins,” Liwer said.
 
And you lose. Because if you take the bait and log in, that evil twin posing as the airport Wi-Fi then has access 
to your closely held secrets.
 
In some cases, Liwer said, the person creating this trap may be sitting next to you, which means the signal is 
strong and attractive. It takes only some inexpensive equipment and know-how for a thief to succeed, and presto, 
you’re in the cyber-security soup.
 
“Most attackers … are trying to get your credentials, and if they have those, they have the keys to the kingdom,” 
Liwer said. “If I know your password, I own your life.”
 
Chilling.
 
It is as sinister as it sounds. Liwer said. For theives, “it’s a business,” he said. “What they are looking for is 
something that will make them money.”
 
What makes it worse: You’re getting on a plane and won’t be checking your bank balance any time soon.
 
The sites that will do you harm are hard to detect with the naked, inexperienced eye. How do you protect yourself?
Here are ways to keep your data safe, with help from Liwer; Vyas Sekar, an assistant professor of electrical and 
computer engineering at Carnegie Mellon’s College of Engineering; Jake Lehmann, managing director of Friedman 
CyZen, a cyber-security consulting service; and Michael Tanenbaum, executive vice president North America cyber 
practice for Chubb Ltd.:

[...]
 
-- 
Geoff.Goodfellow () iconia com <mailto:Geoff.Goodfellow () iconia com>
living as The Truth is True
http://geoff.livejournal.com <http://geoff.livejournal.com/>  
 
 


Archives <https://www.listbox.com/member/archive/247/=now> | Modify <https://www.listbox.com/member/?> Your 
Subscription | Unsubscribe Now 
<https://www.listbox.com/unsubscribe/?&&post_id=20181203175446:6C3A7540-F74E-11E8-8A79-EED03C76CEE4>




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20181203235144:4A8F2ADA-F780-11E8-B27A-F7CACFE62C67
Powered by Listbox: https://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: