Internet Wi-Fi Hotspots - Security Concerns

#1
This may of significant concern to anyone who uses Wireless Access Points, such as found in Starbucks, McDonalds or airport lounges.

The IEE Review said:
'Evil twin' hotspots are the latest security threat to Web users, according to wireless Internet and cyber crime experts at Cranfield University, academic partner of the Defence Academy of the UK.
Dr Phil Nobles, wireless Internet and cyber-crime expert at the university, says: "So-called 'evil twin' hotspots present a hidden danger for Web users. In essence, users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's unauthorised base station. The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client – thereby turning itself into an 'evil twin'."

Once the user is connected to the 'evil twin', the cyber criminal can intercept data being transmitted, such as bank details or personal information. "Cyber criminals don't have to be that clever to carry out such an attack," added Dr Nobles. "Because wireless networks are based on radio signals, they can be easily detected by unauthorised users tuning into the same frequency."
Unwitting Web users are invited to log in to the attacker's server with bogus login prompts and can pass sensitive data such as user names and passwords which can then be used by unauthorised third parties. This type of cyber crime goes largely undetected because users are unaware that this is taking place until well after the incident has occurred.
 

chimera

LE
Moderator
#2
Ghost_Rider said:
This may of significant concern to anyone who uses Wireless Access Points, such as found in Starbucks, McDonalds or airport lounges.

The IEE Review said:
'Evil twin' hotspots are the latest security threat to Web users, according to wireless Internet and cyber crime experts at Cranfield University, academic partner of the Defence Academy of the UK.
Dr Phil Nobles, wireless Internet and cyber-crime expert at the university, says: "So-called 'evil twin' hotspots present a hidden danger for Web users. In essence, users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's unauthorised base station. The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client – thereby turning itself into an 'evil twin'."

Once the user is connected to the 'evil twin', the cyber criminal can intercept data being transmitted, such as bank details or personal information. "Cyber criminals don't have to be that clever to carry out such an attack," added Dr Nobles. "Because wireless networks are based on radio signals, they can be easily detected by unauthorised users tuning into the same frequency."
Unwitting Web users are invited to log in to the attacker's server with bogus login prompts and can pass sensitive data such as user names and passwords which can then be used by unauthorised third parties. This type of cyber crime goes largely undetected because users are unaware that this is taking place until well after the incident has occurred.
Yawn. Dont you geeks have lives???
 
#3
Sorry if I have wasted 30 seconds of your valuable time - next time I'll just hack into your pc and steal all your personal data, post it on the web and see how quickly your life turns to rat sh1t!

If its not relevant to you, why not just ignore it? I only posted it to warn off ARRSE users of a potential security issue. Thanks for your valuable input to this subject, your point has been duly noted - now sod off...

:?
 
#4
chimera said:
Ghost_Rider said:
This may of significant concern to anyone who uses Wireless Access Points, such as found in Starbucks, McDonalds or airport lounges.

The IEE Review said:
'Evil twin' hotspots are the latest security threat to Web users, according to wireless Internet and cyber crime experts at Cranfield University, academic partner of the Defence Academy of the UK.
Dr Phil Nobles, wireless Internet and cyber-crime expert at the university, says: "So-called 'evil twin' hotspots present a hidden danger for Web users. In essence, users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's unauthorised base station. The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client – thereby turning itself into an 'evil twin'."

Once the user is connected to the 'evil twin', the cyber criminal can intercept data being transmitted, such as bank details or personal information. "Cyber criminals don't have to be that clever to carry out such an attack," added Dr Nobles. "Because wireless networks are based on radio signals, they can be easily detected by unauthorised users tuning into the same frequency."
Unwitting Web users are invited to log in to the attacker's server with bogus login prompts and can pass sensitive data such as user names and passwords which can then be used by unauthorised third parties. This type of cyber crime goes largely undetected because users are unaware that this is taking place until well after the incident has occurred.
Yawn. Dont you geeks have lives???
Yep. A lot of which is spent clearing up the mess caused by people who dont or cant understand the implications of their IT.

Its important to understand the security side of IT. If i turn on the WIFI on my laptop here, i can pick up 5 advertised networks from my living room (obviously people didnt read the signal power setting page of the instructions of their access points). 1 of the networks has absolutely no security set at all (its network name is RAFCPL003, way to draw attention to yourself mate 8O )

If i was someone else, i may be tempted to break in, maybe use their broadband internet or mess with their files, run a dcom attack or infect their pc with a virus. Its not me being sensationalist, i wont do it but someone else will.

And to quote Bill Gates "Be careful how you treat the geeks, one day you will work for one" :wink:

Boney
 
#7
boney_m said:
Yep. A lot of which is spent clearing up the mess caused by people who dont or cant understand the implications of their IT.

Its important to understand the security side of IT. If i turn on the WIFI on my laptop here, i can pick up 5 advertised networks from my living room (obviously people didnt read the signal power setting page of the instructions of their access points). 1 of the networks has absolutely no security set at all (its network name is RAFCPL003, way to draw attention to yourself mate 8O )

If i was someone else, i may be tempted to break in, maybe use their broadband internet or mess with their files, run a dcom attack or infect their pc with a virus. Its not me being sensationalist, i wont do it but someone else will.

And to quote Bill Gates "Be careful how you treat the geeks, one day you will work for one" :wink:

Boney
Exactly the point. I didn't even need to use bespoke software to connect to my (next-door?) neighbours Broadband. Its great, he pays £25 a month for it, I get it for a one-off £25 for the wireless card! No security, no MAC filters, DHCP enabled gives me so much to work with!!

Why pay for it when you get it free :lol: :lol:











Only pi$$er is I already had it installed when I found it - d'oh!

PS The prize for the worst persec ever goes to .... Crabair! No surprise there then!!
 
#12
Hook into these Wifi points all the time

1 for work beamed right to the desktop, even did a speed test and he/she has a 1 meg downlink. Went on leave with a laptop visited 2 freinds and both had neighbours on unsecured networks. Oh and just to make it easy the network name game me the name of the access point (belkin54g and usr8054 for example) so of course they left the admin password on it too.

What i want to say is please dont secure your networks and dont put a password on your access point because it saves me heap loads.

You just gotta love it

Broadband for free
 
#15
cambrai said:
What i want to say is please dont secure your networks and dont put a password on your access point because it saves me heap loads.

You just gotta love it

Broadband for free
Spot on! Just make sure that your next place, if you end up having to pay for it, secure your own bandwidth before someone else does!!

GR
 
#16
Ghost_Rider said:
Sorry if I have wasted 30 seconds of your valuable time - next time I'll just hack into your pc and steal all your personal data, post it on the web and see how quickly your life turns to rat sh1t! :?
OK - give it a go, and see what happens. PM me when you have got something.
 
#18
Check your PM
 

Similar threads

Latest Threads

Top