I just read a news about fake Wi-Fi networks discovered in the North Station in Paris! What a nice place like a train station to steal personal information. While waiting for their train, businessmen are perfect victims. A SSID like “Orange”, “Cegetel” (or any big player on the wireless market) is enough to catch the victim.
How does it work?
Quite simple: The potential victim connects his notebook to the bad one via an Ad-Hoc connections. The peer uses NAT to pass your traffic to the Internet and, in the same time, grab all sensitive data like passwords and logins.
How to protect you?
- Don’t use Ad-Hoc network!
- Always use some encryption on top of your Wi-Fi connection (SSH-tunnel, VPN)
- Take care of “free” services
One more time, we see that the end-user is the weakest point in the security process! Never trust anybody! Is it normal to surf via a free Wi-Fi access provided by a major player?
Really amazing!
I’ll have a look…
I just would like to comment that these ad-hoc networks are just the scriptkiddies in the wifi world.
Nowadays, there is also an easy possibility to ‘simulate’ an access point. Even worse. Karma (http://www.theta44.org/karma/) can check for which SSID the victim’s windows pc is looking (ex HOMEWIFI), then automatically sets up an AP called HOMEWIFI, to which the windows pc will automatically connect (since it is his preferred wifi network). Next, if the user tries to connect to his IMAP/POP3 mailserver, Karma can even emulate the mailserver without the need of actually being connected to the internet, it steals his password.
Karma can do more stuff as well and it even supports plugins so you can write your own ’emulated’ server if you like 🙂
Tom