November 2006 / Hotspot Hacking

The most common method of hacking unsecured wireless networks is through the use of tools called packet sniffers. A packet sniffer is a software program or hardware device that monitors all information passing through an unsecured (or hacked-into) wireless network. Packet sniffers give hackers a complete picture of the data that is being sent and received over the network. This can include passwords, email messages, and other sensitive information.  Another method used by hackers to prey on unsuspecting users is to create fake hotspots. Taking advantage of public networks, hackers may set up fake access points that clone the look and feel of legitimate hotspots. This allows hackers to get around security features that some hotspots put in place to block potentially-dangerous communication between users. Even worse, some fake hotspots may pretend to provide Internet access for a fee. So when you enter your financial information for payment, it will go directly to the hacker.

What Is At Risk?

In addition to financial information, there is plenty of other data that hackers might be able to access through unsecured wireless hotspots:  

• The history of web sites that you’ve visited
• Login information to unsecured sites along with site content
• Login information and content for POP3 e-mail and FTP
• Access to shared files on your laptop or mobile device
• Outright control of your laptop or mobile device

Protecting Yourself

Just because you’re on an unsecured network doesn’t mean you can’t protect yourself from hackers. The following tips will help you prevent hackers from accessing your information or taking control of your machine.

• Utilize a VPN whenever possible for all web-based activity. A VPN will provide you with a secure communication channel that you can use to access confidential information or websites.  
• Turn off shared folders. Hackers can easily view shared files and load malicious spyware to your machine that will follow you even after you disconnect from the network. 
• Shut off your wireless card if you're not planning to connect to the Web or another machine. It will protect you from intrusion and also save your battery life. 
• If you can’t connect to a VPN, be careful with the information you share in hotspots. Even seemingly harmless logins to websites such as web-mail can be intercepted by hackers and used against you. Make sure that any site you access which requires logins or displays sensitive information is secured by SSL or TLS encryption. Look in the address bar, if the site begins with https:// then it’s secure.   
• Verify the network name (SSID) to make sure you’re connecting to the legitimate network and not a fake hotspot. 
• For Windows users: in the advanced settings of the Wireless Network Connect properties, choose “Access Point (infrastructure) networks only”. The default setting, “Any available network”, is not safe and may leave you open to connecting to fake hotspots unknowingly.   
• Have a comprehensive suite of security software on your laptop and keep it up to date to prevent spyware and viruses.
• If you find yourself using wireless hotspots often, you should consider implementing an alternative wireless access solution. Most cell phone providers offer PC cards that connect your laptop to the Internet. This will give you a private, secure wireless connection that will work almost anywhere at anytime.

Knowledge is the best way to prevent yourself from becoming a hacking victim at hotspots. If you put into practice the tips I’ve listed above and always stay alert when on a public wireless network then you can rest assured that your sensitive information will remain secure. If you have any questions about wireless security, please Contact Thrive at any time.

Sincerely,

Dylan O'Connor, MCSE, CCA
Chief Technology Officer

email: doconnor@thrivenetworks.com
phone: 978.461.3999
web: www.thrivenetworks.com