Thursday, April 26, 2007
A wireless network hazard
When you're on the road and get your Internet fix at a coffee shop, how do you know it's really the coffee shop's network?
It matters because it's easy for a crook to set up a hotspot and give it the same name as the coffee shop's, or a confusingly similar name. Once the crook does that, all your Internet traffic is flowing over the crook's machine, where the crook can eavesdrop on email passwords.
The security world has an annoying habit of coming up with cutesy and less than informative names for attacks. This one is called an evil twin attack.
It's so easy to eavesdrop on wireless signals that I'm not sure why a crook would go to the trouble, unless the network you think you're talking to is encrypted. Then the crook needs to impersonate the network to find out what you're saying to it.
There have been some real-life reports of this attack being used in areas where rich people are likely to be.
The article I linked to says that consumers don't have a way to protect themselves. They must not know about Hotspotvpn, a service that provides you with an encrypted tunnel to the real Internet so that even if you're wireless connection is to a crook the crook won't be able to read anything.
|
It matters because it's easy for a crook to set up a hotspot and give it the same name as the coffee shop's, or a confusingly similar name. Once the crook does that, all your Internet traffic is flowing over the crook's machine, where the crook can eavesdrop on email passwords.
The security world has an annoying habit of coming up with cutesy and less than informative names for attacks. This one is called an evil twin attack.
It's so easy to eavesdrop on wireless signals that I'm not sure why a crook would go to the trouble, unless the network you think you're talking to is encrypted. Then the crook needs to impersonate the network to find out what you're saying to it.
There have been some real-life reports of this attack being used in areas where rich people are likely to be.
The article I linked to says that consumers don't have a way to protect themselves. They must not know about Hotspotvpn, a service that provides you with an encrypted tunnel to the real Internet so that even if you're wireless connection is to a crook the crook won't be able to read anything.
# posted by Frederick @ 5:34 PM Email to a friend:
Haloscan: they provide trackback