If you own a laptop, tablet, or other mobile device, it’s likely that at some point in time you have connected to a WiFi access point. In some cases, this access point might be in your own home while in others it may be at work, a hotel, airport, or your local coffee shop. No matter where you connect, the reality is that WiFi has eliminated the need for wires and enables you to remain connected throughout the day.
Unfortunately, when dealing with technology that everyone is using, cybercriminals are generally also going to have an interest. So it should be no surprise that as WiFi has increased in popularity, so have the ways in which WiFi can be attacked. It was not so long ago that the biggest concern with WiFi was that criminals would try to hack into them to gain access to the networks they were connected to. While this was and still is a real threat, many new security technologies have become available to limit the amount of exposure a WiFi device may have. Yes, many home users may be still be at risk of some random person sitting in a car out front hacking into their networks via their WiFi, but for most organizations the risk has been greatly reduced through technology. That said, it doesn’t mean that the issues related to WiFi have gone away. Unfortunately, cybercriminals have instead just adjusted how they attack WiFi.
When you walk into your office or your home with your mobile device, chances are that your device will automatically connect to the WiFi access point. The same goes for your tablet or laptop. That’s because most devices are set up to learn a location and then remember it the next time you return. This eliminates the need to manually look for the WiFi access point every time you turn on your computer or return to the same location with your mobile device. The problem is that in some cases your device may not actually be connecting to the WiFi access point that you think it is.
You see, criminals realized that they can broadcast a signal that looks just like the WiFi signal at your office. So, when your device sees it, the device connects to the fake WiFi signal instead of the real signal. To makes things worse, in some cases the criminal can also perform what is known as a “denial of service” on the real WiFi device, causing it to stop broadcasting a signal. Then only the fake signal will be available.
There are two primary risks associated with connecting to a malicious WiFi access point. The first risk is that now the criminal has direct access to attack your device on the network. This means if your laptop, tablet, or other device is not up-to-date on the latest patches – or if there is a new vulnerability that does not yet have a patch, the criminal can exploit those issues and gain access to your device. This could lead to spyware, ransomware, or other malicious software being installed.
The second risk comes from using the fake WiFi access point to connect to the Internet. In most cases, when you connect to the fake WiFi access point, your connection will seem normal. You will have access to the Internet and everything will be at full speed. However, when you attempt to connect to a secured site such as online banking, you will receive an error message telling you something is wrong with the connection instead of the website coming up. The reason for this error is that the criminal has inserted himself between you and the sites you are connecting to. This allows him to monitor everything you view and type. That error message is the only indication you will receive that something is wrong. However, most people just assume that it’s no big deal and click the “continue” button to stay on the website. Once they choose to continue, there is no security from that point on, and the cybercriminal will have the ability to record everything including your logins, passwords, and any other personal information that you may type into any website.
Because detecting phony WiFi access points is difficult, the most likely time for you to detect a potential issue is when you browse to a secured site (any site that starts with https://). If you attempt to connect to a secured website and receive a message saying there is an issue or error with the security certificate, you should stop immediately. There is never a situation where a broken security certificate is normal and under no circumstance should you ever proceed. If you receive a warning, error message, or other notification that there is a problem, stop, pick up the phone, and contact your supervisor. If you are not at the office, but are at a public location, again stop. Remember that it does not matter where you are; a WiFi attack can happen at home, at work, or at any public location.
Blog contributed by Stickley on Security