Here's a simple illustration of what's being done now, and how a much more subtle variant is possible against those who don't broadcast their SSID:
There have already been reported cases of less-sophisticated "hostile access points" in public places. i.e. you go to an airport or hotel and there's some access point somewhere with the SSID FreeWiFi (or something similar). You either assume it's run by the establishment or you don't care as long as it can get you on the Internet. You connect to it, do some work, and then move on. Most if not all of the Internet traffic to and from your computer passed in plaintext through this hacker's access point. At the very least, he would have an automated process that scans for usernames and passwords. He could also poison your DNS, so that you go to websites under his control instead of the ones you intend to go to. This could be as simple as a malware injection or as complicated as a man-in-the-middle e-commerce or e-banking impersonation attack. The problems with this attack are that the user must choose to connect to this access point, and the access point must broadcast its SSID, which could cause the hacker, or at least the access point, to be physically located. Luckily for this type of hacker, most places do not normally scan for rogue access points, and many users are easy to fool. However, if your laptop announces "I'd like to connect to MyWiFi" whenever it's turned on, a particularly clever hacker could modify his access point so that its SSID was MyWiFi, and they don't even need to broadcast it. Your computer will connect to it without asking you, and by the time you ask yourself "Wait a sec...how am I even connected to the Internet?" you've already given them a lot to play with. And that's the attack vector. Now the attacker's rogue hidden SSID can be discovered just like your home's hidden SSID (an SSID is never hidden if the network is being used at all), so they're not invulnerable. But as I said, most places do not scan for rogue access points at all, let alone know how to scan for a hidden SSID, and it's even less likely they'd choose to scan at the exact moment you're using the rogue access point, which is the only time it would be visible. Whew. -- CatBus ------------------------------------------------------------------------ CatBus's Profile: http://forums.slimdevices.com/member.php?userid=7461 View this thread: http://forums.slimdevices.com/showthread.php?t=29499 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
