Public WiFi Hotspots Ripe for MITM Attacks

Global public WiFi hotspots are set to grow from 1.3 million in 2011, to 5.8 million by 2015, marking a 350% increase in just four years
Global public WiFi hotspots are set to grow from 1.3 million in 2011, to 5.8 million by 2015, marking a 350% increase in just four years

It’s a way of life to rely on WiFi access to get connected when out and about, but unfortunately consumer security practices aren’t keeping up. More than a third of users take no additional precautions when logging on to public WiFi, according to the Kaspersky Consumer Security Risks survey.

Global public WiFi hotspot numbers are set to grow from 1.3 million in 2011, to 5.8 million by 2015, marking a 350% increase in just four years, according to the Wireless Broadband Alliance.

“Nowadays it's easy to get online – in addition to cellular networks and broadband cable communication networks, there is often at least one hotspot which can connect computers and mobile devices to the Internet,” the Kaspersky noted. “It's almost second nature now, whiling away a few moments online using a WiFi hot spot. But hooking up to the network can carry hidden risks.”

At issue is the fact that many if not most of these hotspots skimp on protection for users – and many users are unaware or unconcerned about the potential problems this can cause. The survey showed that 34% of users said they took no special measures to protect online activity while using a hotspot, while 14% were happy to bank or shop online using any network that came to hand. Only 13% take the time to check the encryption standard of any given access point.

The security firm also raised the specter of a potential man-in-the-middle attack.

“You never know what that guy with the laptop at the next table might be doing,” it explained. “Maybe, like you, he's checking his email or chatting with friends. But maybe he's monitoring the Internet traffic of everyone around him – including yours.”

Unlike most home networks, the data flowing around a public hotspot is usually unencrypted. And because of its hub-and-spoke architecture, any WiFi access point is a window to the internet for all the devices attached to it. Every request from a device goes via an access point, and only then reaches the sites that users want to visit. Without any encryption of communications between users and the access point, it's a simple task for a cybercriminal to intercept all the data a user enters. That might include data sent to a bank, or an online store. 

MITM attacks aren’t the only threat though. The Lifestore blog laid out all the ways a hotspot hacker can hurt consumers, including sniffer software, which allows a hacker to monitor the traffic traveling to and from a computer that's connected to a public network. Address Resolution Protocolor (ARP) spoofing redirects the network traffic to the hacker, modifying it or blocking it altogether without being detected.

Session hijacking, meanwhile, happens when a hacker sniffs a hotspot user's web session. That information is used to clone the user's account, allowing the hacker to do anything the user can do while logged into a website. Evil Twin attacks use a fake access point that is designed to look like a real hotspot. But when users log in to them, they unknowingly expose their passwords and other sensitive information to hackers.

Rogue ad hoc networks, which usually have names like Free Public WiFi, can turn up wherever there are public WiFi hotspots and can be used to trick unsuspecting users into connecting to them. “Not all ad hoc networks are created by hackers,” Lifestore noted. “But it's impossible to distinguish the real ones from the fakes. So to be safe, you should steer clear of them all.”

Critically, most users assume that if a hotspot is password-protected, then they are working securely. But MITM attacks are possible even if the hotspot is password-protected and a secure https-connection between the required site and the user's browser is established.

So how do users protect themselves?

Those whose laptops were hacked can file complaints with the US Federal Trade Commission (FTC) and the Better Business Bureau. Kaspersky Lab recommends only using secure connections to access points as a first step. “This alone will greatly reduce the risk of the traffic being intercepted by cybercriminals,” it said. 


What’s hot on Infosecurity Magazine?