Researchers investigate FBI Wi-Fi claim

Summary:Security researchers have put out a call to the public to help verify the claim that hackers that are targeting Wi-Fi networks in hotels.

Security researchers have put out a call to the public to help verify the claim that hackers that are targeting Wi-Fi networks in hotels.

The warning was sounded last week, with the US Federal Bureau of Investigation (FBI) issuing an intelligence note stating that its recent analysis has found that travellers are being targeted when they connect to their hotel room internet connections.

"In these instances, the traveller was attempting to set up the hotel room internet connection, and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop," the note said.

In light of this claim, Errata Security researcher Robert Graham has put out a call, asking information security professionals to send back information whenever they are in a hotel, so that the issue can be investigated further.

Graham has four theories on how the hackers are carrying out the attack:

  1. They have an evil Wi-Fi access point you connect to instead of the hotel's

  2. They compromise the hotel's access point and install OpenWRT on it

  3. They compromise a deep-packet-inspect device inside the hotel's network

  4. They compromise a device in the upstream network.

In order to figure out which method is being used, however, Graham requires fresh information.

He says that the easiest way to determine whether hackers are on the network is by viewing the source of a web page that is not using SSL encryption, and see whether anything suspicious has been added, such as a portion of JavaScript code.

Novice users can easily email the source code of web pages to Graham if they are don't know what suspicious code to look for, but Graham hopes that the more technical minded will also be able to send dumps of raw capture logs when a user attempts to access a log-in page.

Topics: Security, Networking


A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.