Why You See 'Free Public WiFi' In So Many Places

An anonymous reader writes "Almost anywhere you go these days (particularly at airports), if you check for available WiFi settings, you have a pretty good chance of seeing an ad hoc network for 'Free Public WiFi.' Of course, since it's ad hoc (computer to computer) it's not actually access to the internet. So why is this in so many places? Turns out it's due to a bug in Windows XP. Apparently, the way XP works is that if it can't find a 'favorite' WiFi hotspot, it automatically sets up the computer to broadcast itself as an ad hoc network point, using the name of the last connection the computer attempted. So... people see 'Free Public WiFi' and they try to log on. Then their own computer starts broadcasting the same thing, because it can't find a network it knows. And, like a virus, the 'Free Public WiFi' that doesn't work lives on and on and on."

Possible attack vector

[TamCaP]

I guess I am not the only one that is thinking that "Free Internet" SSID is a perfect vector for a MIM attack. Has anyone heard of any cases where it has already been exploited?

Re:Possible attack vector

That's like using a scope when you're shooting ducks in a barrel.

Well, no, it's more like using bait.

Your average hipster walks sits down in an urban coffee shop and opens his laptop: the first thing he does is look for a signal from which he can leech access. Free? Public? Sounds like it's free, a virtue of which your average hipster whole-heartedly approves. Public sounds good too: it's like natural or organic or community (as an adjective) or recycled or [x]-friendly or tolerant or sustainable or any other epithet that reinforces his hipsterish sense of righteousness. Naturally, the hipster connects and begins surfing and checking e-mail. MITM gets to read his e-mail and his web reading habits (organic hipster porn).

Old news

[lavagolemking]

Steve Gibson covered this over 3 years ago. https://www.grc.com/sn/sn-082.htm

Re:I see this alot

[TrisexualPuppy]

The "hpsetup" ESSID is from HP bloatware. It is used to connect the computer to wireless peripherals, namely HP wifi-enable printers.

I researched this myself, and it ended up that there were a bunch of better ways to implement it, but HP flat out didn't care.

Re:I don't see it very often...

[clone53421]

I can remember seeing it a few times... like 2 years ago. Sort of like this story...

Your machine would have to be years out of date

to be affected. This was fixed in XP SP3. Love lines like "When a computer running an older version of XP ...." without further explanation. Haters gonna hate!

Re:Slashdot reading Hack A Day?

[A.+B3ttik]

Almost anywhere you go these days (particularly on slashdot), if you check for new stories, you have a pretty good chance of seeing a a duped story from another site. Of course, since it's a duped story (news site to news site) it's not actually news. So why is this in so many places? Turns out it's due to a bug in site moderators. Apparently, the way they work is that if they can't find a 'new' story, they automatically sets up their site to broadcast a duped story, using the title of the last story that was popular. So... people see this and they try to read it. Then their own favorite sites start broadcasting the same thing, because it can't find a good story on its own. And, like a virus, the 'Duped Story' that doesn't work lives on and on and on."

Re:So...

[cjb658]

Windows really *is* a virus!

Ah!

No. Viruses are:
-Small
-Free
-Well-written

Re:I see this alot

[sumdumass]

Actually, it is pretty easy to hijack about any wireless network using WPA. WPA2 is only a tad bit more harder and both are easier then wep until you get into some business class security. Basically, all you need to do is flood the connection to force a reconnect between the devices then run a script or program on those packets.

It's actually a little more difficult then that, but once you find the right programs and the right hardware to work with them, it's not much more difficult then that. And the most difficult parts are already taken care of and reusable for the most part.

I have a laptop set up specifically to do this. Whenever I have a customer claim their rocket scientist nephew, or son, or the neibor's- dog's- sister's- aunt's cousin, or the time warner cable guy swears that wireless is safe and I don't know what I'm talking about, I simply tell them to go ahead and install it, then show up to ask how it's going with the wireless and show them that I'm already on the network. Sometimes I have to wait outside for about a half hour before I get it cracked, but I haven't ran into one wireless network yet that took longer then 2 hours to crack into. And yes, all the software needed is pretty much free and available on the interweb waiting to be downloaded and used. There is a pretty steep learning curve though but it's not that hard and there are a lot if tutorials out there. This is especially easy when the time warner guy and most outside techs try to use a phone number for the key phrase. Often, if you have a list of phone numbers to a building with wireless, going through those will get you a working key without needing all the monitoring and cracking software. Start with the Fax numbers as they are often tied to the DSL or the Cable Internet Phone which makes it easy for the technicians to find if they have to service it again.

Anyways, once you are on the network, it's pretty trivial to send command to any windows box to do things that give you more control. Especially if they have the power shell installed. Most firewalls don't screen addresses on the network as it seems to be universally trusted in most environments.