Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Free Wi-Fi" Scam In the Wild

Posted by kdawson on from the click-to-get-pwned dept.

DeadlyBattleRobot writes in with a story from Computerworld about a rather simple scam that has been observed in the wild in several US airports. Bad guys set up a computer-to-computer (ad hoc) network and name it "Free Wi-Fi." You join it and, if you have file sharing enabled, your computer becomes a zombie. The perp has set up Internet sharing so you actually get the connectivity you expected, and you are none the wiser. Of course no one reading this would fall for such an elementary con. The article gives detailed instructions on how to make sure your computer doesn't connect automatically to any offered network, and how to tell if an access point is really an ad hoc network (it's harder on Vista).

8 of 332 comments (clear)

  1. Avoid ad-hoc connections by GreyPoopon · · Score: 3, Informative

    To avoid this, just avoid ad-hoc connections. That will work until the perps start using Infrastructure (Access Point) connections with a bridge to the real one. You can even set up Windows XP so that it won't allow you to make ad-hoc connections.

    --

    GreyPoopon
    --
    Why is it I can write insightful comments but can't come up with a clever signature?

    1. Re:Avoid ad-hoc connections by Wanker · · Score: 4, Informative

      Uh, they already use Infrastructure connections. Bummer, eh?

      Even worse, their 200mW cards will out-power the real 40mW access points so Windows will prefer to use the attacker's "closer" "access point".

      http://www.remote-exploit.org/backtrack.html

  2. Not that hard in Vista by jfurdell · · Score: 5, Informative

    When you connect to a network, a little wizard pops up asking you if it's "Home", "Work", or "Public Location". Choose Public Location and sharing will be disabled automatically.

  3. Re:Quick question by Vellmont · · Score: 3, Informative


    eg. if I ssh to my home computer, or use access an https site am I still ok?

    As long as you exchange keys with the actual end host, and not the man-in-the-middle, you're fine.

    If the Man-in-the-middle tries to give you his own SSL key, your browser will throw up an error message that the key is invalid. If you click "accept key", then you're hosed and the attacker can read all your traffic.

    As far as ssh goes, if you've connected to the host before, SSH will (or at least on the clients I've used) throw up a big warning message that someone is trying to hack you. If you haven't connected, no such warning will appear and if you type in your password the attacker will get your password, and everything you type in your ssh session.

    --
    AccountKiller
  4. Re:Free is still free for me by singularity · · Score: 3, Informative

    This is one of the funniest threads I have read in a while, partly because I turned to a friend while reading the Slashdot write-up and said "Wow, they still give Internet access? My machine is secure enough, I would use that instead of paying the $7.95/day they want in some airports!"

    Then I read this thread.

    And pointed out my UserID to the same friend.

    Too bad - I have actually seen that "Free Wi-Fi" ad-hoc network in a few airports in the last month or so (I think in Midway airport in Chicago). I did not join it, since I knew the SSID of the official wireless service (and knew that it was paid access)

    In interesting thing to do is to join the network, fire up a Bonjour Browser (or your other favorite ZeroConf browser) and see available services. If people are sharing their iTunes libraries, if they have a ZerConf chat program, and so on...

    --
    - (c) 2018 Hank Zimmerman
  5. Why just ad hoc? by BubbaFett · · Score: 4, Informative

    With Linux and the hostap driver I can set up a legitimate access point. Ad hoc isn't a necessary part of this scam, and I don't see how avoiding ad hoc networks will prevent anything.

  6. Old problem, Old solutions by frostilicus2 · · Score: 3, Informative

    Besides the possible risk from malware infection if you have enabled file sharing, this really is the same man-in-the-middle attack that was so prominant in the 80's and early 90's. A problem which has been mostly fixed by the adoption of SSH over telnet. And is practically non-existant over HTTP today beacuse of the use of SSL on servers. And with regards to malware, how does this differ from picking up some spyware from the pr0n site you "accidently" visited?

    I see no problem here that cannot be solved by adopting the same principles that you would use for ordinary domestic internet access:

    1) Turn on your firewall and close all open ports.
    2) Don't send sensitive data over an unsecured network.

    --
    Nothing sucks like a Vax, nothing blows like a PowerMac G4
  7. forget about the network by rsw · · Score: 3, Informative

    The network isn't the problem here, your computer's configuration is. All of my machines can safely connect to an untrusted network (and they do---my non-firewalled, non-NATted internet feed) without being turned into zombies.

    The message here shouldn't be "don't connect to untrusted networks," it should be "secure your machine."

    Once you do that, these guys are just being nice and giving you a free connection!

    -rsw