Airports, etc:"Free Public Wi-fi" network

[capybara]

Ok, so I’ve been going through a few airports lately. I noticed something strange at the ones at which you’re usually required to shell out some cash to use teh intarweb (arrangements with Boingo or T-Mobile or whoever). I use a Mac-- when I detect wireless networks, the whatever-pay-service and whatever-airline’s closed ‘admiral’s club members’ networks show up as one would expect. However, in addition, a couple of computer-to-computer networks always show up as available, and one of them invariably shows up as “Free Public Wi-Fi.” What is this about? Is it a lure by someone to hook up people with unsecured machines to riffle through for hoots? Or is it some altruistic techie who shares an external network with random strangers and I simply don’t know how this works? What’s the deal here?

[williambaskerville]

I vaguely remember reading something about this a while back. Google found this :-

"Free Public WiFi"? Not!

If that guy is right, it’s a quirk of the way Windows XP remembers wireless connections, and entirely harmless.

[minor7flat5]

Cache, Johnny, and Vincent Liu. Hacking Exposed Wireless: Wireless Security Secrets & Solutions. New York: McGraw-Hill, 2007.

Introduction to Chapter 9: Hacking Hotspots:

The name hotspot fits them well. These networks are truly hot zones of nefarious activity. Some hotspots are also set up for malicious purposes. They can be an effective way to capture passwords, credit card information, and install spyware or Trojans. Users of any type of hotspot need to beware. It may be difficult to figure out what kind of hotspot is being offered locally. Is the hotspot a commercial Internet connection, a corporate guest network, an open network from someone’s house, or a malicious network? Does the owner of the network want you to connect?

The mechanisms available to verify a hotspot is set up by a trusted party are also poor. For example, if you go to a coffeeshop and see a hotspot with an SSID of t-mobile, you don’t know if that hotspot was set up by a national mobile provider or by an attacker trying to steal passwords. Also, due to the nature of wireless, there may be many hotspots within your local connection range. Which one is going to offer the services that you need? Last week at an airport, I found three different wireless networks available for connection. Two of them wanted to take my credit card information. How can I verify who set up the hotspot? Only by truly knowing the idiosyncrasies of hotspots will you be able to make an informed decision.

Well, what do you think about it now?

[capybara]

William B-- that’s exactly it, I bet. I’m not going to shell out credit card info for airport wi-fi anyway (so hooray PDX and Denver with their sane free wi-fi) and my computer’s pretty secure, but this looked much too odd. Interesting.

[minor7flat5]

I strongly recommend looking into the risks surrounding public hotspots.

The book I referenced above covers the subject fairly well; next time you are in a book store, take a gander at the chapter I referenced.

The author not only discusses several schemes for setting up bogus hotspots that are man-in-the-middle attacks, but he shows several step-by-step examples, with screenshots, of how to use commonly available network tools to hack other clients sharing the same hotspot you are on, among other things.

In one example, he ran some diagnostics that pointed out one XP machine attached to the free access point that was missing a critical security patch. He then typed in a simple command that automatically hacked the machine and presented him with a remote command prompt on that XP machine. He then added an admin local user and enabled remote desktop on the victim machine.

The fact that the tool simply told him “machine at 1.2.3.4 is missing patch X” and allowed him to deploy any of dozens of payloads via many dozens of available exploits is unpleasant. Pretty much script kiddie material, no uber-blackhat needed.