visit
If you have been to a DEFCON conference you may have heard the term honeypot used in some of the villages. A honeypot is a type of technique used to lure users for malicious intents. To the user it appears legitimate from the outside, but a hacker is operating it on the inside. Honeypots are implemented using both hardware and software, with Wi-Fi hotspots being popular among hackers.
Anyone can put up a device as a Wi-Fi access point. You can use a smartphone as a free hotspot by enabling it in settings. In fact, many mobile workers use this feature on their smartphones to provide their laptops access to the Internet using their telecom providers 4G LTE network. That provides fast Internet access on the road, where there might not be public Wi-Fi available. Bad actors can provide a free hotspot using this feature as a honeypot.Most users will fall for a honeypot because it is free. The honeypot will often use the name of the establishment's hotspot or the most likely name people would assume. When users search for available Wi-Fi networks on their devices and see the name, they will often just connect. This is not a very good practice, but this is how the average user connects to a hotspot. Let us say you were at a cafe called ‘Badbucks’. You want to use the free Wi-Fi so you check for the available networks and you see a hotspot named ‘_Badbucks’ and connect. The red flag may not be obvious to some users, but those who recognize it will be better off not connecting.Someone might think they got lucky connecting to a hotspot without a password. That was actually by design in order to lure in as many users as possible. Once a user connects, they are at the mercy of whoever setup the hotspot. The bad actor can filter user traffic, allowing them to intercept personal information. This can be bad if the user connected was conducting a transaction with a credit card number or transmitting their social security number.One of the most infamous honeypot implementations is called the Wi-Fi Pineapple. It can be any device that provides access as a hotspot. This is used for MITM (Man-In-The-Middle) attacks, which hijacks a user’s connection by redirecting it to a different device. When you attempt to connect to a hotspot, it references the SSID or network name of the device. The SSID is spoofed by the pineapple in order to trick users trying to connect to the real hotspot. If the hotspot users are supposed to connect to is named ‘PublicWiFi’, the pineapple can use the same name in an attempt to get users to connect to it instead. The real hotspot could even be compromised and the pineapple takes its place.
When users have connected to a hotspot before, their device remembers the SSID (unless the user removes it) and will attempt to connect to it the next time it is available. Users are out of luck if they connect to the pineapple instead, which is using the same SSID. The pineapple will still provide the user free Internet, but the contents of the traffic can be captured and filtered. This includes passwords, chat messages not encrypted and the websites the user is visiting. It isn’t easy to spot pineapples, but users should be aware that they exist and always be cautious when connecting to open hotspots.White hat hackers (the good guys) also use a pineapple, but for legitimate reasons. Pentesters and network security analysts deploy pineapples for testing the security of a network. One thing they test is how easy it is to compromise the network using the pineapple. This reveals the loophole of the Wi-Fi network so that it can be further hardened to prevent anyone from using this trick to exploit users.SSID — This is the name of the hotspot. It is assigned by the owner and it is the name you will see when searching for available Wi-Fi networks. Hackers can spoof the name of the SSID, so be careful when accessing public Wi-Fi. To be sure it is the real SSID, when you connect to the hotspot you will be greeted with a splash page that opens in a web browser.
Security — This is the protocol used to connect to the hotspot. As of this posting WAP2 or a higher version of it is the best security available for connections. It provides a 256-bit key to encrypt connections. If the hotspot only supports WEP or WAP, which are lower version security protocols, it won’t provide the high level security WAP2 does. Those systems are vulnerable to attacks, so it is not recommended to use those hotspots. If you are using an older device that doesn't support WAP2 or higher, it is time to consider upgrading.
All this information can be found in the device's network settings (Refer to the device's documentation to learn more).- If you are not working from home or at the office, be careful what data you are exposing on public Wi-Fi networks. This is the best time to use a VPN if that is the case. A VPN creates a secure connection through the Internet to prevent MITM and electronic eavesdropping. This creates what is called an end-to-end encryption to provide a secure communications link.
- It is probably not a good idea to use a public Wi-Fi network when filing tax returns, purchasing online items with a credit card, sharing passwords with other users by messaging app or other activities that involve sensitive information. You just don’t know if that data is being seen by others when using public or open hotspot. Perhaps it is ok for typical web surfing, as long as you don’t type in a password or share any personal data. Even if that is the case, it is still no guarantee for security.- An authentic hotspot from an establishment typically has a splash page that identifies itself. It opens up in a web browser with a secure connection that gives the terms and conditions. It also includes the establishment’s policy and guidelines about their Wi-Fi access to customers. Hackers can still spoof the splash page though, but more likely they won’t provide a splash page because they want users to access with no password.- Make sure you have an antivirus or computer security software installed. That is the best you can do with having a layer of protection in an open environment like public Wi-Fi networks. With these applications, direct cyberattacks can be detected and thwarted. Make sure you also have anti-spam and anti-phishing features enabled on your e-mail service. The most common form of attack uses e-mail to trick users into clicking links that execute scripts to open up a system to hackers.- Avoid all public Wi-Fi access. Just use your smartphone as your access device to the Internet whenever necessary. Use Wi-Fi to save on data plan or when there is a weak or no cellular signal available. If you are in an environment where you are not too confident about the hotspot being safe and secure, just use the smartphone’s 3G/4G/LTE network (disable Wi-Fi on device). The smartphone’s mobile hotspot feature can also be enabled to allow your other devices to connect to the Internet. If that is not possible, just wait until you are at a location with better signaling.