Morioh
Login
Precious Heaney

Precious Heaney

3 years ago

It is a warm and sunny afternoon on a weekend. This is a good time to head to a cafe to chill for a bit with a coffee and pastry. It is also perfect for some web surfing using the free Wi-Fi service. The next thing you would need to know is the Wi-Fi access point (i.e. hotspot) and password. Now you are all set and connect to the Internet. For the average user this is fine, but for cybersecurity experts there is a risk to using free Wi-Fi services.

The findings should be a red flag to all users. While some hotspots are secure, many are actually not. Public hotspots may allow users to connect without a password for convenience, but that can also compromise the security of the users. Some Wi-Fi access points, which are the modem/routers, are improperly configured. They allow anyone to access their configuration settings using a web browser without a secure connection. This is very troubling as it can expose users to dangers like data theft.

The Honeypot Is Not So Sweet

If you have been to a DEFCON conference you may have heard the term honeypot used in some of the villages. A honeypot is a type of technique used to lure users for malicious intents. To the user it appears legitimate from the outside, but a hacker is operating it on the inside. Honeypots are implemented using both hardware and software, with Wi-Fi hotspots being popular among hackers.

Anyone can put up a device as a Wi-Fi access point. You can use a smartphone as a free hotspot by enabling it in settings. In fact, many mobile workers use this feature on their smartphones to provide their laptops access to the Internet using their telecom providers 4G LTE network. That provides fast Internet access on the road, where there might not be public Wi-Fi available. Bad actors can provide a free hotspot using this feature as a honeypot.

Most users will fall for a honeypot because it is free. The honeypot will often use the name of the establishment’s hotspot or the most likely name people would assume. When users search for available Wi-Fi networks on their devices and see the name, they will often just connect. This is not a very good practice, but this is how the average user connects to a hotspot. Let us say you were at a cafe called ‘Badbucks’. You want to use the free Wi-Fi so you check for the available networks and you see a hotspot named ‘_Badbucks’ and connect. The red flag may not be obvious to some users, but those who recognize it will be better off not connecting.

Someone might think they got lucky connecting to a hotspot without a password. That was actually by design in order to lure in as many users as possible. Once a user connects, they are at the mercy of whoever setup the hotspot. The bad actor can filter user traffic, allowing them to intercept personal information. This can be bad if the user connected was conducting a transaction with a credit card number or transmitting their social security number.

The Pineapple, The Fruit Of Deceit

One of the most infamous honeypot implementations is called the Wi-Fi Pineapple. It can be any device that provides access as a hotspot. This is used for MITM (Man-In-The-Middle) attacks, which hijacks a user’s connection by redirecting it to a different device. When you attempt to connect to a hotspot, it references the SSID or network name of the device. The SSID is spoofed by the pineapple in order to trick users trying to connect to the real hotspot. If the hotspot users are supposed to connect to is named ‘PublicWiFi’, the pineapple can use the same name in an attempt to get users to connect to it instead. The real hotspot could even be compromised and the pineapple takes its place.

When users have connected to a hotspot before, their device remembers the SSID (unless the user removes it) and will attempt to connect to it the next time it is available. Users are out of luck if they connect to the pineapple instead, which is using the same SSID. The pineapple will still provide the user free Internet, but the contents of the traffic can be captured and filtered. This includes passwords, chat messages not encrypted and the websites the user is visiting. It isn’t easy to spot pineapples, but users should be aware that they exist and always be cautious when connecting to open hotspots.

#cybersecurity #wi-fi #hacking #data-security #honeypot #cyberattacks #hackernoon-top-story #public-wifi-risks

The Security Issues in Using Public Wi-Fi  —  “Honeypots” And “Pineapples”

hackernoon.com

The Security Issues in Using Public Wi-Fi  —  “Honeypots” And “Pineapples”

It is a warm and sunny afternoon on a weekend. This is a good time to head to a cafe to chill for a bit with a coffee and pastry. It is also perfect for some web surfing using the free Wi-Fi service. The next thing you would need to know is the Wi-Fi access point (i.e. hotspot) and password. Now you are all set and connect to the Internet. For the average user this is fine, but for cybersecurity experts there is a risk to using free Wi-Fi services.

1.25 GEEK