The next time you’re at an airport looking for a wireless hot spot, and you see one called “Free Wi-Fi” or a similar name, beware — you may end up being victimized by the latest hot-spot scam hitting airports across the country.
You could end up being the target of a “man in the middle” attack, in which a hacker is able to steal the information you send over the Internet, including usernames and passwords. And you could also have your files and identity stolen, end up with a spyware-infested PC and have your PC turned into a spam-spewing zombie. The attack could even leave your laptop open to hackers every time you turn it on, by allowing anyone to connect to it without your knowledge.
If you’re a Windows Vista user, you’re especially susceptible to this attack because of the difficulty in identifying it when using Vista. In this article, you’ll learn how the attack works and how to keep yourself safe from it if you use Windows XP or Vista.
How the attack works
First, let’s take a look at how the attack works. You go to an airport or other hot spot and fire up your PC, hoping to find a free hot spot. You see one that calls itself “Free Wi-Fi” or a similar name. You connect. Bingo — you’ve been had!
The problem is that it’s not really a hot spot. Instead, it’s an ad hoc, peer-to-peer network, possibly set up as a trap by someone with a laptop nearby. You can use the Internet, because the attacker has set up his PC to let you browse the Internet via his connection. But because you’re using his connection, all your traffic goes through his PC, so he can see everything you do online, including all the usernames and passwords you enter for financial and other Web sites.
In addition, because you’ve directly connected to the attack PC on a peer-to-peer basis, if you’ve set up your PC to allow file sharing, the attacker can have complete run of your PC, stealing files and data and planting malware on it.
You can’t actually see any of this happening, so you’d be none the wiser. The hacker steals what he wants to or plants malware, such as zombie software, then leaves, and you have no way of tracking him down. All that is bad enough, but it might not be the end of the attack. Depending on how you’ve connected to that ad hoc network, the next time you turn on your PC, it may automatically broadcast the new “Free Wi-Fi” network ID to the world, and anyone nearby can connect to it in ad hoc peer-to-peer mode without your knowledge — and can do damage if you’ve allowed file sharing.
While some of these ad hoc networks advertising themselves as available for connection may be attributable to Windows behavior that the PC’s user is unaware of, wireless ad hoc attacks may be more common that you think. Security company Authentium Inc. has found dozens of ad hoc networks in Atlanta’s airport, New York’s LaGuardia, the West Palm Beach, Fla., airport and Chicago’s O’Hare. Internet users have reported finding them at LAX airport in Los Angeles.
Authentium did an in-depth survey of the ad hoc networks found at O’Hare, visiting on three different occasions. It found more than 20 ad hoc networks each time, with 80% of them advertising free Wi-Fi access. The company also found that many of the networks were displaying fake or misleading MAC addresses, a clear sign that they were bent on mischief.
“You connect to one of these networks at your own peril,” says Corey O’Donnell, vice president of marketing at Authentium. “And you would have no way of tracking down how you were attacked, because you would have thought you were at an ordinary hot spot connection. Enterprises are also at risk, because if someone uses a corporate laptop to connect to one of these networks and gets infected, when he plugs back in to the enterprise network, the whole network is put at risk.”
How to protect yourself in Windows XP
Protecting yourself against these kinds of attacks is quite easy: Never connect to an ad hoc network unless someone you know has set one up and specifically asks you to connect. So no matter where you are, if you see an ad hoc network, don’t connect, no matter the name of the network.
Be aware that someone can name an ad hoc network anything they want, so they can even duplicate the name of a legitimate network. For example, if you’re at an airport, and the name of the airport’s free hot spot is AirNet, someone can set up an ad hoc network with that exact same name. You’d see two networks called AirNet, one being the legitimate one and the other being the scam ad hoc network.
In Windows XP, it’s easy to differentiate between an ad hoc network and a normal Wi-Fi network (Microsoft calls connecting to a hot spot or access point being in “infrastructure mode”). In Windows XP, in order to connect to a wireless network, you click the wireless network icon in the system tray, and the “Choose a wireless network” connection screen appears. You’ll see a list of all nearby wireless networks.
As you can see in the nearby figure, each network includes a name and a description. Look at the description. If it’s an ad hoc network, it will be called a “computer-to-computer” network; normal wireless networks are simply called wireless networks. In the figure, the “Free Airport WiFi” network is an ad hoc network. You should stay away from it
There are other steps you can take to make sure you don’t accidentally connect to an ad hoc network created by a scamster. For example, you can make sure that XP never connects to an ad hoc network. To do it:
1. Click the wireless icon in the System Tray.
2. Click “Change advanced settings.”
3. Select the Wireless Networks tab.
4. Click “Advanced.”
5. On the screen that appears (pictured in the nearby figure), select “Access point (infrastructure) networks only.”
6. Click Close, and keep clicking OK until the dialog boxes disappear.
Note: If a wireless icon isn’t displayed in your System Tray, you can get to your wireless connection by clicking on Start, going to Settings, then Control Panel and then Network Connections. Then double-click on the wireless connection icon to bring up the panel that displays the “Change advanced settings” link. An alternate path on some systems might be Start –> Control Panel –> Network and Internet Connections –> Network Connections, then double-click on the wireless network connection icon.
When you’re at the “Advanced” screen, you should also make sure the box next to “Automatically connect to non-preferred networks” is not checked. If that box is checked, your PC will connect to any nearby wireless network, without alerting you, which is a serious security risk.
It’s also a good idea when you’re on the Wireless Networks tab to look at all the wireless networks listed in the Preferred networks area (shown in the nearby figure). These are networks that at one time or another you’ve connected to. Highlight any that you are not absolutely sure are secure, then click Remove. That way, your PC won’t attempt to connect to them.
There’s more you should do as well. You should also configure your remaining preferred networks so that you don’t connect to them automatically. Why do that? Let’s say your home network uses the default name it shipped with — for example, Linksys for a Linksys network. A scamster can create an ad hoc network called Linksys, and then anyone nearby who has Linksys listed as a preferred network will automatically connect to that ad hoc network. So in the Preferred networks area, highlight each netwo