Research shows that free wireless public networks located in airports and other public places are ripe for exploitation by hackers. Launch a freely available network stumbler and you will quickly see far more advertised WiFi spots than are sanctioned by the airport and its tenants-these are typically consumers' computers attempting to connect. The ability to set up fake "free" WiFi hotspots in public places and potentially use them to steal sensitive data, such as online banking passwords or personal information, is alarmingly easy to do. In fact, hacker Web sites provide instructions on how such frauds can be accomplished.
What most users do not know is that systems like Windows XP automatically prompt the user to accept or decline connections to available wireless networks. Naturally, most users will choose to connect to the 'Free WiFi' access point, which may unknowingly connect them to a hacker's computer--a computer-to-computer connection--rather than a direct connection to the airport's official wireless access hub. To make matters worse, the SSID's (network names) of wireless networks you've joined before are saved on your system. Your PC will automatically log on to any network with that saved name. So if a hacker offers a name familiar to you, he's just created a clear path to fraud.
Users who connect to these "free" networks are at great risk of experiencing a "channeling" attack. "Channeling" is a common practice used by hackers and identity thieves to conduct man-in-the-middle attacks, with the objective of stealing user names, passwords, and other sensitive data transmitted by the user. The practice is disturbingly simple to carry out: By setting up an unauthorized access point in an airport lounge, hackers can easily trap passwords and other information without the user's knowledge.
With a large number of Windows XP devices configured to connect automatically to ad-hoc networks, it is possible that a purpose-built 'WiFi worm' could be used by criminals to infect laptops as they pass through highly-trafficked WiFi hotspots, such as airports. This trend will undoubtedly raise concerns among security administrators, as it is highly likely, given the large percentage of non-updated computers, that these road warriors will bring these infections back to the office with them, or infect other wireless users in their travels.
What can you do? Here are some basic tips for protecting yourself in public WiFi environments:
• Before connecting to a network, look around and locate a sign that advertises the network you are connecting to and verify that the network name (SSID) you are connecting to is a legitimate service.
• Shut off your wireless card if you're not planning to connect to the Web or another machine. It will protect you from intrusion and save your battery life.
• Beware of the information you share in public locations. Even seemingly innocuous logins to Web-mail accounts could give hackers access to get into your more important data, since most people utilize the same password with a few variants for almost all online activities.
• Utilize a VPN whenever possible to encrypt your data, and stronger tools if you need to conduct secure transactions.
• Turn off shared folders. If you join a malicious network, a hacker could easily load a malicious spyware agent to follow you even after you leave the public location.
• Run a comprehensive security suite and keep it up to date to prevent spyware and viruses.
If you're a Windows user:
• In the Advanced settings of Wireless Network Connection properties ("Advanced" button on "Wireless Networks" tab), choose "Access Point (infrastructure) networks only". The default is "Any available network" and this is not safe.
• Turn off "Automatic Connection" to preferred networks in the Wireless Network Connection properties so your network reads "On Demand". This will prevent your computer connecting to unsafe networks that have the same name as your home or office network.
If you're a Mac user:
• In Network Preferences, choose By Default, join "Preferred Networks" and edit your preferred network SSID's to include only trusted sources.
• Click "Options," and ensure "Ask before joining an open network" is selected. Check the "Require Administrator Password to change networks" box, and deselect the option to automatically add new networks to the preferred list.
By setting up open access points, criminals get you to step willingly onto their turf, putting your sensitive data and everyone you connect to at risk. But if we continue to play it safe and smart, we can stay one step ahead of them and enjoy all the comforts of a secure WiFi world.
Corey O'Donnell is vice president of Marketing at Authentium, the leading developer of security software-as-a-service technologies. For more information visit Authentium.