Back in the days when “The A-Team” was a popular television show, Mr T had a catch-phrase: “I pity the fool.”
I was almost the fool, today. I’m sitting here in the Pittsburgh, PA airport, waiting on my homeward flight, and I had hours to kill, since all earlier flights were booked solid. “No problem,” says I to myself. “They have free wireless here! I’ll just while away the hours surfing the ‘Net.”
So I dig out the company laptop, fired ‘er up, and let the trusty wireless device search for the local free wireless network.
And I was almost caught. Not by the cops, but by those folks who have nothing better to do than look for ways to steal data from other folks.
My wireless program found several wireless networks, all listed as free. And because I was tired, at the end of a long 2-week stint imparting knowledge to our customers, I didn’t notice at first that the network I selected, labeled “Free wireless network” was, in fact, an ad-hoc network created by someone else’s laptop. NOT the actual, true wireless network provided by the airport.
Happily, I noticed before I had ever typed in any passwords.
I’ve been in a lot of airports with my laptop, and used a lot of airport wireless connections. This is the first time I’ve noticed ad-hoc networks in my list. And it wasn’t just the one. When I powered up again after lunch, in a different part of the airport, I noticed 2-3 other ad-hoc networks next to the official airport wireless.
I do, indeed, pity the “fool” who doesn’t know the difference between the ad-hoc network hosted by someone’s laptop, and the official wireless networks offered by the airport. It could be an expensive lesson for them.
I’d rather pity the fool who is out there creating bogus networks for nefarious reasons, but if that’s really what they’re doing, they have my disgust rather than my pity.
Uh, Wi-fi is a broadcast network. When you recieve packets, they’re sent to everyone attached to that particular access point. Computers just normally discard packets they receive that don’t have their network ID on them. Sniffing the packets you send back to the access point isn’t much harder. So basically, snooping your data is pretty much just as easy when you attach to the airport’s proper network as when you attach to someone else’s adhoc network.
Your only real protection is if you’re running sort of encryption ontop of the wi-fi, such as a secure HTTP connection, which encrypts sensitive data (such as passwords) as it transfers between you and the server. If on the other hand you’re using a site that’s transmitting unencrypted password, you’re vulnerable no matter what wi-fi network you attach to (or indeed, even if you’re using a wired broadcast network such as ethernet).
Comment by Stormy Dragon — 20070331 @ 1228
I doubt those were attempts to steal passwords - as Stormy said, anything that isn’t encrypted (using, say, SSL as any even half-serious e-commerce site will) is going out plain over the air anyway, if you’re using an open wireless connection.
SSL is serious enough that you don’t need to lose sleep over traffic sent through it, unless the NSA’s after you (and even then, hard to say) - of course, if the NSA was after you, one imagines someone would just slip some unnoticed software straight into your computer one night while you slept…
(I suspect the ad-hoc networks you saw were mostly just people with no idea how to set up wireless on their computers, trying to use the free network. I can’t think of a *likely* attack plan for such a network.)
Comment by Sigivald — 20070402 @ 1050