3

This article in the Avira (part of NortonLifeLock) security blog discusses (vaguely) security risks of public Wi-Fi. The article states:

Man in the middle attacks are also a very prominent threat, this is when a hacker sets up a network to lure users in by making it look like a free, open network. They will often do this in places where people are expecting some form of free network. Once connected to their network, the hackers can begin to harvest data and financial information. The names of these network will often resemble that of the cafe, hotel, or pub that is nearby, but it is always important to check the name carefully for any spelling mistakes and if unsure, always check with a member of staff to confirm it is their network.

This seems to make little sense. Can't anyone easily set up a fake Wi-Fi network with the exact SSID being used by a legitimate provider (cafe, hotel, pub, or even corporate office)?

Even if the legitimate provider provides a password for access, can't a bad actor with the password simply create a Wi-Fi hotspot using the same SSID and password?

Thus, shouldn't all Wi-Fi hotspots be considered non-secure unless you created it yourself and are sure you are the only one with the password?

schroeder
  • 123,438
  • 55
  • 284
  • 319
RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
  • 1
    *"Thus, shouldn't all Wi-Fi hotspots be considered non-secure unless you created it yourself and are sure you are the only one with the password?"* - I wouldn't go that for to *"unless you created it yourself"* but more "unless you know and trust the person who created it". But in essence, yes. – Steffen Ullrich Nov 18 '21 at 06:07
  • @SteffenUllrich Good point, although the challenge with trusting others is that you are then trusting everyone else that they trust, and trusting all the people those people trust, ad infinitum. Eventually, somewhere down the line, you likely do not trust one of the people you are implicitly forced to trust. Nonetheless, your point is well taken. – RockPaperLz- Mask it or Casket Nov 18 '21 at 06:18
  • I'm not sure what makes little sense. If you check the SSID, and the SSID has been duplicated, then you, or the staff, would see the duplicate SSID. So, it's still good advice. Confirming the correct SSID is also a good idea. This post is looking like you have only just been told of this threat. But this issue has been around and has been warned against for 20 years. – schroeder Nov 18 '21 at 08:28
  • 1
    Not only is it a question about trusting the person that setup the access point (and upstream nodes), but also a question about trusting the other people on the network, as these people can potentially mount an ARP poisoning attack or the like. And, even if you trust these people, their devices could be compromised. The best course of action on any network is to not trust the network, and stick to protocols that ensure secrecy, integrity, and authenticity, e.g. TLS, SSH, etc. – mti2935 Nov 19 '21 at 19:51

2 Answers2

2

Thus, shouldn't all Wi-Fi hotspots be considered non-secure unless you created it yourself and are sure you are the only one with the password?

Yes, and it's not a bad practice to not even trust access points that you've created yourself. In other words, just assume that all wifi access points are rogue, and proceed accordingly:

  • If you're surfing the web, only connect to sites by way of SSL/TLS. Or, use a VPN.

  • Run a firewall on your laptop that blocks all incoming connections

If you do the above, then it really doesn't matter if the access point that you are connecting to is rogue. All traffic passing through the access point will be encrypted, so the access point won't be able to sniff your traffic. If you are surfing the web, and the access point tries a DNS spoofing attack that directs you to a fake site, or a man-in-the-middle attack, your browser will detect a problem with the host's certificate. You'll want to apply the same caution to any other services that you use as well, such as POP3, IMAP, SMTP, SSH, etc. If you assume that all access points and ISP's are rogue, and proceed accordingly, then it won't matter if/when you connect to one that actually is rogue.

mti2935
  • 19,868
  • 2
  • 45
  • 64
1

It depends on what you're worried about.

An attacker can't trick you into giving them the access-point password by setting up a fake AP. The WPA/WPA2/WPA3 authentication mechanism is designed so that the password is never disclosed during the process. Trusting a fake AP here is harmless, since you can't actually connect to it or give the attacker any useful information.

If the attacker knows the password and you're using WPA or WPA2, trusting a fake AP is a minor threat. Simply knowing the password permits an attacker to decrypt or inject packets; a fake AP simply makes active attacks easier.

A fake AP under WPA3 is a more serious threat. Knowing the password alone is insufficient to view or inject traffic, so a fake AP is needed to perform most attacks.

Mark
  • 34,390
  • 9
  • 85
  • 134