Security experts warn of dangers of rogue Wi-Fi hotspots

Wi-Fi users have been warned to protect their computers against potential hackers at Wi-Fi hotspots.
You’re sitting in an airport lounge and seize the chance to check your e-mails before your flight departs. You log on and are tempted by a wireless Internet provider offering free Internet access. So, do you take it?

Security experts warn that hackers may be masquerading as free public Wi-Fi providers to gain access to the laptops of unsuspecting travelers. All it takes, they say, is a computer program downloaded from the Internet, an open access point and a user who has ignored basic security advice. “The difficulty for travelers is differentiating between a good Internet access hotspot and a rogue, or somebody trying to actually glean credentials from you. The issue is that you don’t necessarily know the difference between a good and a bad one,” computer security expert Sean Remnant told CNN. In 2008, AirTight Networks dispatched a number of so-called “white hat” hackers to 27 airports around the world to test the vulnerability of their Wi-Fi systems. They found that 80 percent of the private Wi-Fi networks tested were open or poorly protected. The wireless security company also found that basic services at several airports, including baggage handling systems, were vulnerable to hackers. Operators were using Wired Equivalent Privacy, known as WEP, which was found to provide inadequate protection to hackers as early as 2001. One year after the survey was conducted, CNN Business Traveler met Remnant at London’s Heathrow airport, which was not included in the original survey, to test the potential dangers to unprotected Wi-Fi users. Watch what happened when we took a hacker to Heathrow »

Don’t Miss
Hanging with hackers can make you paranoid

How do I secure my home Wi-Fi network

Magazine picks America’s healthiest airports

Armed with a laptop, our “white hat” hacker took a seat in the crowded departure lounge at Terminal 3 and proceeded to scan the airwaves with his laptop, using a program he downloaded form the Internet called Airodump. “It dumps everything in the air,” Remnant explained. “So if I execute the command to start Airodump, instantly I’m seeing probably 20 wireless networks with four or five of those having relatively weak server security.” “There are several risks just on this screen,” he continued. “One is that we actually don’t know whether the public networks are legitimate or not.” The original survey conducted by AirTight Networks found the most common name for rogue Wi-Fi points was “Free Public Wi-Fi.” “You’d have no idea if somebody sitting down to a laptop was a casual traveler trying to collect their email from an open port, or actually they were setting up a rogue access point,” Remnant said. “Your security guys in the airport aren’t going to spot someone doing this because it’s a technical thing,” he added. Once connected, the hacker would have access to everything on your screen, from passwords, to bank account details, to the contents of e-mails. Do you suspect you’ve been a victim of Wi-Fi hacking Tell us your story in Sound Off

Business Traveller

A monthly show featuring ways to make life easier on the road

Read more »

And it’s not just happening at airports. The rapid spread of Wi-Fi networks to cafes, hotels and even entire cities is providing hackers with more opportunities to ply their trade. Last month, Venice rolled out what is believed to be Europe’s most extensive Wi-Fi network. According to mobile media company Jiwire, there are now more than 273,000 free and pay Wi-Fi locations in 140 countries. The majority can be found in the United States, China, the United Kingdom and France. And most hotspots are located in hotels, along with cafes and restaurants. However, the Wi-Fi Alliance, an industry group that tests and certifies Wi-Fi equipment, says the increased availability of Wi-Fi has not led to a rise in hacking cases. “We certainly haven’t seen any kind of sudden epidemic of hackers in open hotspots or anything like that,” said the group’s marketing director, Kelly Davis-Felner. She said all Wi-Fi enabled devices have in-built security measures, and all users need to do is to switch them on. Users with older devices are encouraged to download WPA2, the most secure system endorsed by the Wi-Fi Alliance. “If you’re updating Facebook, or checking your personal e-mail or surfing the Web, there’s really no reason at all to worry about using an open network,” Davis-Felner said. “Any kind of online shopping or banking or anything that would require you to exchange sensitive data over the airwaves, then we advise people to exercise caution.”

The best way to protect sensitive information is to use a Virtual Private Network, or VPN, which encrypts the data moving to and from your laptop. Kiran Deshpande, president of AirTight Networks, had this advice for travelers: “Connect only to the networks that you trust. Make sure that your communication is secure, disconnect the wireless when you stop using it, and maintain the list of wireless connections that you use on your laptop so that you don’t accidentally connect to networks that may spring up when you’re traveling.”