03 Mar A new WiFi threat
While working on the east coast I discovered a new WiFi threat, a small box with 2 radios and interesting software.
It can fake the ID of a friendly WiFi system luring unsuspecting users to connect. The technology inside performs a man-in-the-middle attack. This can grab packets that contain important stuff.
In a test in our own WiFi lab I surfed to a bank. My connection showed up in a browser as http://my-bank.com and the other side of the box it came out as https://my-bank.com. This switch between encrypted (https) and unsecure (http) connections suppresses the normal browser alerts about certificate problems. Using a made up username and password I tried the bank login process. I had set up the box to grab credentials. It did! It got my username and password and ignored all the other stuff in my surfing session.
Bottom line — Every day there are new threats to WiFi users. Better alternatives are:
- Wire connections
- Phone company USB-connected modems
- Corporate-quality WiFi security.