One of the most common stealth attack types is creating a fake wireless access point. This attack is common because it;
- Leverages people’s desire for free WiFi
- The software required to do it is widely available for free on the internet and,
- Much sensitive data is passed through wireless networks in the form of unencrypted text strings.
Here’s how it works. With the correct software, a hacker can disguise his connected computer as a wireless network with a name and home page that appears to be from a legitimate source. Targets then connect through the hacker’s fake WiFi access point thinking they are getting legitimate, free internet access. Unfortunately they are passing their entire internet session through the hacker – allowing him to sniff out and grab unencrypted data that contains things like usernames and passwords.
For example, would be hackers might set up shop at the San Francisco airport’s international terminal offering ‘free wifi from SFO.’
This stealth attack is deadly because a surprising amount of data is still passed through wireless networks in the form of easy-to-read, unencrypted text strings.
Moral of the story: Do not connect to any free wireless access point that does not encrypt both sides of the session via SSL.
For more information about how to keep safe while using public Wi-Fi, click this link.