Ken Munro
Ken Munro
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Bugwatch: Access point impersonation

Is that coffee-shop Wi-Fi connection the real thing?

Ken Munro, managing director, SecureTest, vnunet.com 08 Dec 2004
ADVERTISEMENT

Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.

This week Ken Munro, managing director of SecureTest, warns that personal information and company data is at risk from rogue access points set up to lure unsuspecting wireless surfers.

Most corporate IT departments have now realised that wireless local area network (Lan) security is a necessity not an option. In any modern office it is not so much denial, as negligence to say that we have no wireless networks, therefore we need no wireless security policy.

Executives will have Bluetooth and Wi-Fi enabled smartphones and PDAs which hold company data. Many new notebook PCs now have integrated Wi-Fi chips. Even where this is not the case, with Wi-Fi being offered as a value-add on many home broadband offerings, employees will add Wi-Fi cards to office laptops for use on their home networks.

Companies must have a wireless policy in place and ensure that it is enforced, even if this is simply to say that company machines may not be wireless enabled and company data may not be stored on wireless enabled devices.

But for the many companies which are embracing wireless technology, there is another, possibly even greater, threat emerging which could offer a new set of challenges to security personnel: access point impersonation.

Public access wireless hotspots are becoming widely available in coffee shops, airport lounges, hotels and even on trains. Mobile users simply connect to the access point web server, purchase connection time or log on, and obtain internet connectivity.

By positioning a rogue access point near a legitimate access point and offering a stronger signal, fraudsters can tempt the user to join the rogue access point.

A fraudulent access point acting as a proxy or snooping device can be run on a wireless enabled iPaq. Once the user joins the rogue access point, a copy of the legitimate access point website is shown to the user who, unaware of any problem, enters their credit card or corporate access details.

The user either believes that the access point isn't working correctly or, with a more sophisticated attack, can be allowed to continue surfing unaware.

Having already gained the user's credit card or access details, the fraudsters now have a connection to the target laptop, and can start interrogating it for information, either harvesting user credentials or extracting sensitive data.

The accuracy of the attack will also make this type of activity very attractive to criminals. By targeting Wi-Fi users in areas such as hotels, airports and first class train compartments etc, fraudsters can be guaranteed a higher calibre of victim and access to more valuable information.

A variation on this attack poses another threat: many offices now provide wireless access to hot desk workers. It is trivial to 'sniff' the airwaves to determine the name of the access point that the laptop is searching for.

The criminal simply sets up the rogue access point with the same name, and uses a directional aerial to ensure that the rogue access point has a higher signal strength than the valid one. Depending on configuration, the laptop may join the rogue access point, allowing the attacker access to the laptop and useful information.

There are ways to mitigate these problems: Users should take care if relying on the common wireless encryption standards. It doesn't take long to crack even a 128-bit Wired Equivalent Privacy key, and Wi-Fi Protected Access has already been shown to have a problem which may allow brute force cracking of the pre-shared key in some situations.

A far safer, and relatively simple solution for the roaming executive, would be to ensure that all communications are routed via a virtual private network, including email.

Next, ensure that all laptops have a software firewall running to limit inbound access to the device. Make sure that the laptop is kept fully patched (which is a challenge in itself, given the remote location of the machine).

Identifying a rogue access point is hard work for a non-technical mobile user, as the website running on the access point looks like the real thing. One of the few clues may be the Secure Sockets Layer certificate, which will either not exist or will be incorrect. But how do you train a user to spot this?

Using client software provided by the access point service provider to initiate a trusted connection to a wireless access point may solve the problem, but it will restrict the user to only the service provider's access points, which rather flies in the face of the whole 'hotspot' concept.

So, next time you're in the business class lounge at an airport, be careful where you connect to when you log on to a wireless network. Are you sure that's the Starbuck's wireless Lan you're putting your credit card details into?

See also:

Mobile devices the 'new frontier' for viruses
Mobile virus epidemic heading this way
Virus writers target handhelds, mobiles ... and your car  10 Feb 2005
Paul King
Bugwatch: Avoiding hotspot hacks
Simple steps to beat the wireless hackers  26 Jan 2005
Hackers using rogue access points to fool hotspot users
Experts warn of Wi-Fi 'evil twin' scam
Wireless phishing attacks threaten corporate data  21 Jan 2005
Dave Martin
Bugwatch: A happy - and secure - Christmas
Employees are the biggest threat to security, especially at Christmas  16 Dec 2004
Orthogonal Frequency Division Multiplexing
Wireless throughput hits 1Gbps
No mixed signals as Siemens demonstrates 'major module' for future comms  13 Dec 2004
Public wireless Lan market finally taking off
Public Wi-Fi networks limp into life
Market research points to 'substantial growth potential'  02 Dec 2004
Mark Murtagh
Bugwatch: Phishers target the network
The latest scams can affect far more people than the original recipient  01 Dec 2004
Security
Security
The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Become a Microsoft Systems Engineer. Why not sign-up for more information?
United Kingdom | Advent Computer Training
Are you stuck in a dead end job? Do you want to take control of your salary, life and career? Advent IT and computer training offers advanced, professional training and helps you find the right ... more >
Retail and Web Architect
Welwyn Garden City, Hertfordshire, United Kingdom | Tesco.com
Retail and Web Architect - Welwyn Garden CityWho's behind the world's most successful online retailer? Just over 10 years ago we started Tesco.com (aka Dotcom). Today, we've an incredible 750,000 active customers and sales at ... more >
Head of Technology
Central London, United Kingdom | Royal Academy of Music
Head of Technology - London - Competitive salary & benefits The Head of Technology will lead and direct the Academy's Technology department, working with Senior Management to define and implement the IT strategy. The postholder ... more >
Data Assurance Manager
United Kingdom | VOSA
Data Assurance Manager - Up to £30,231 plus benefits - SouthwestEnjoy this exciting opportunity to drive your career forward and really make your mark in our large, national organisation. At VOSA your specialist skills will ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Feedback . Contacts
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503