Tuesday

How Safe is your Hotel Wifi Connection?

How safe are the Wifi connections that you use when away from home, who owns them, who runs them and how secure are they?   Well chances are, like most of us, you're likely to  have virtually no idea about the answers to any of these questions.  For sure, you might hazard that the owner is Starbucks or the hotel management, but that will probably be only a guess based on your location (many firms outsource their internet provision in any case).

The reality is that you have little or no information concerning any wifi connection you use, when away from your office or home.  Most of us expect to see half a dozen available networks whenever we try and connect from a coffee shop or hotel room.   Something like this, is fairly typical -

A selection of wifi access points, some secured, others completely open.  There is only one common element, the fact that you have no idea who runs the majority of them.   Of course if you're at a hotel or airport, you can look for a name representative of that location.  However anyone can name an access point whatever they like, there are no restrictions on what you can call any access point.

What most people do is click on the most obvious culprit, then  name of the hotel or initials or something similar.  

So What's the Danger?

Well the dangers are very real and growing all the time, due to the increasing number of attacks targeting public wifi access points.  The attacks have a variety of names from 'evil twin' (referring to a duplicate access point) to session hijacking but they all share a common goal - to harvest people's credentials in order to profit.  They basically consist of setting up rogue access points, often free, to get unsuspecting users to connect to them.

The problem is that whenever you connect to an access point anywhere, you are entrusting your connection and details to the administrator of that connection.   All your information will flow through that access point and it's perfectly possible to intercept and log all those details without the user being aware.  Tools which help perform MITM (man in the middle) attacks like responder, evilgrade and sslsplit are easily available and fairly simple to use. 

Imagine, that every piece of data that flows through your connection is logged and recorded.  Perhaps you login to your webmail account, check that auction in ebay or perhaps set up a standing order in Paypal or using online banking.   All these credentials are then compromised and become available to the bad guy.  It doesn't matter that they're supposed to be protected by SSL, because that data can be intercepted. Or the attackers can merely spoof DNS entries to direct users to duplicate copies of the legitimate sites and steal login details directly.

Unfortunately it's actually very difficult to tell whether you're using a legitimate access point, often the rogue access point will even have the same web portal as the real site.  Others simply advertise their connections as 'free wifi' or something equally as tempting.
If you are using unfamiliar wifi connections you should restrict your web usage to non-secure sites, do not login to webmail or banking sites.  Anything where you need to authenticate should be avoided,  if you must use these then use a VPN like Identity Cloaker to protect your data while using it.


0 comments: