Related Stories

  • NSA Shown to Operate a MITM Hack in Brazil
    In case any doubts remain, new Snowden revelations first published in Brazil, show that the NSA engages in economic espionage, uses mainstream hacking techniques, and spies on diplomats and the banking system.
  • Data loss, Wi-Fi and NFC identified as top mobile security concerns
    Data loss is the biggest mobile security danger, reveals a new Cloud Security Alliance (CSA) report, but emerging concerns include rogue Wi-Fi access points and Near-Field Communications (NFC) exploitation.
  • Smartphone Wi-Fi searches offer massive new data leakage vector
    Our mobile phones are unwittingly giving away threat vectors to would-be hackers (and, for that matter, physical criminals as well), offering criminals a new way to tap information housed on smartphones.
  • Home and business Wi-Fi networks are vulnerable
    The majority of home computer networks are wireless and configured by non-technical people. Recognizing that this could lead to security weaknesses, the Wi-Fi Alliance developed the Wi-Fi Protected Setup Protocol (WPS) in 2007 to allow easy security configuration; and the majority of wireless router manufacturers have built this into their products as a default.
  • 40 000 wi-fi UK hotspots open to hackers
    In a disturbing echo of Google's mapping of home Wi-Fi networks as part of its Streetview project, an ethical hacker has found nearly half of home Wi-Fi networks can be hacked in less than five seconds, according to a study.

Top 5 Stories


Public WiFi Hotspots Ripe for MITM Attacks

12 October 2013

Ah, the public hotspot: oases of connectivity in airports, coffee shops, bookstores, town centers and at chains that range from Starbucks to Barnes & Noble to McDonalds.

It’s a way of life to rely on WiFi access to get connected when out and about, but unfortunately consumer security practices aren’t keeping up. More than a third of users take no additional precautions when logging on to public WiFi, according to the Kaspersky Consumer Security Risks survey.

Global public WiFi hotspot numbers are set to grow from 1.3 million in 2011, to 5.8 million by 2015, marking a 350% increase in just four years, according to the Wireless Broadband Alliance.

“Nowadays it's easy to get online – in addition to cellular networks and broadband cable communication networks, there is often at least one hotspot which can connect computers and mobile devices to the Internet,” the Kaspersky noted. “It's almost second nature now, whiling away a few moments online using a WiFi hot spot. But hooking up to the network can carry hidden risks.”

At issue is the fact that many if not most of these hotspots skimp on protection for users – and many users are unaware or unconcerned about the potential problems this can cause. The survey showed that 34% of users said they took no special measures to protect online activity while using a hotspot, while 14% were happy to bank or shop online using any network that came to hand. Only 13% take the time to check the encryption standard of any given access point.

The security firm also raised the specter of a potential man-in-the-middle attack.

“You never know what that guy with the laptop at the next table might be doing,” it explained. “Maybe, like you, he's checking his email or chatting with friends. But maybe he's monitoring the Internet traffic of everyone around him – including yours.”

Unlike most home networks, the data flowing around a public hotspot is usually unencrypted. And because of its hub-and-spoke architecture, any WiFi access point is a window to the internet for all the devices attached to it. Every request from a device goes via an access point, and only then reaches the sites that users want to visit. Without any encryption of communications between users and the access point, it's a simple task for a cybercriminal to intercept all the data a user enters. That might include data sent to a bank, or an online store. 

MITM attacks aren’t the only threat though. The Lifestore blog laid out all the ways a hotspot hacker can hurt consumers, including sniffer software, which allows a hacker to monitor the traffic traveling to and from a computer that's connected to a public network. Address Resolution Protocolor (ARP) spoofing redirects the network traffic to the hacker, modifying it or blocking it altogether without being detected.

Session hijacking, meanwhile, happens when a hacker sniffs a hotspot user's web session. That information is used to clone the user's account, allowing the hacker to do anything the user can do while logged into a website. Evil Twin attacks use a fake access point that is designed to look like a real hotspot. But when users log in to them, they unknowingly expose their passwords and other sensitive information to hackers.

Rogue ad hoc networks, which usually have names like Free Public WiFi, can turn up wherever there are public WiFi hotspots and can be used to trick unsuspecting users into connecting to them. “Not all ad hoc networks are created by hackers,” Lifestore noted. “But it's impossible to distinguish the real ones from the fakes. So to be safe, you should steer clear of them all.”

Critically, most users assume that if a hotspot is password-protected, then they are working securely. But MITM attacks are possible even if the hotspot is password-protected and a secure https-connection between the required site and the user's browser is established.

So how do users protect themselves?

Those whose laptops were hacked can file complaints with the US Federal Trade Commission (FTC) and the Better Business Bureau. Kaspersky Lab recommends only using secure connections to access points as a first step. “This alone will greatly reduce the risk of the traffic being intercepted by cybercriminals,” it said. 


This article is featured in:
Data Loss  •  Encryption  •  Identity and Access Management  •  Industry News  •  Internet and Network Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×