×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

"Free Wi-Fi" Scam In the Wild

kdawson posted more than 7 years ago | from the click-to-get-pwned dept.

Security 332

DeadlyBattleRobot writes in with a story from Computerworld about a rather simple scam that has been observed in the wild in several US airports. Bad guys set up a computer-to-computer (ad hoc) network and name it "Free Wi-Fi." You join it and, if you have file sharing enabled, your computer becomes a zombie. The perp has set up Internet sharing so you actually get the connectivity you expected, and you are none the wiser. Of course no one reading this would fall for such an elementary con. The article gives detailed instructions on how to make sure your computer doesn't connect automatically to any offered network, and how to tell if an access point is really an ad hoc network (it's harder on Vista).

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

332 comments

Free is still free for me (5, Funny)

LinuxGeek (6139) | more than 7 years ago | (#17769636)

Well, they would have a really difficult time turning my linux based portable into a zombie. I guess that would be risk free wifi for me, Yeah! Oh, and while in public, I use stunnel to a secure server. Sniff all of the data you want while I use your free wireless.

Re:Free is still free for me (5, Insightful)

SuperKendall (25149) | more than 7 years ago | (#17769806)

Well, they would have a really difficult time turning my linux based portable into a zombie.

No kidding - is this article really an ad for Linix and/or MacOS X?

The next time I see a "FreeWiFi" I'll jump on and thank them hardily for moving yet another Windows user even closer to an alternate choice.

Tosser... (5, Insightful)

Dogtanian (588974) | more than 7 years ago | (#17770256)

The next time I see a "FreeWiFi" I'll jump on and thank them hardily for moving yet another Windows user even closer to an alternate choice.
And people wonder why some Linux and Apple supporters have a bad reputation for being fanatical.

Personally, I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile. The fact that this person's behaviour happens to be driving people towards my OSs of choice is purely incidental. You probably realise this, and I doubt that you were serious about thanking the guy, but I bet that your f****d up zealotry, morality and ideology are genuine; you really would place a microscopic (and questionable) "blow" against Microsoft over thieving scum like this escaping justice. You really think that MS-enabled crime (let alone this particular scam) is the only crime they're going to commit?

Re:Tosser... (2, Insightful)

El Torico (732160) | more than 7 years ago | (#17770436)

Personally, I'd try to gather evidence and report it to the police if I felt they'd do anything worthwhile.

Right. Call me cynical, but I don't think that the police would be interested or even capable of doing anything.

Re:Tosser... (1)

Dogtanian (588974) | more than 7 years ago | (#17770700)

Right. Call me cynical, but I don't think that the police would be interested or even capable of doing anything.
Which was precisely why I said "if I felt they'd do anything worthwhile". And either way, it still doesn't excuse "Super Kendall" treating low-life thieves/conmen (who'll probably be stealing from someone's granny next week- sans laptop) as some sort of open-source heroes...

Re:Free is still free for me (0)

Anonymous Coward | more than 7 years ago | (#17769856)

Yes Scam the Scammer

Re:Free is still free for me (2, Interesting)

Austerity Empowers (669817) | more than 7 years ago | (#17769900)

I agree, I use these all the time at airports (pay for WiFi in an airport with $2 waters and $1.50 small bags of chips? nfw). I know they're up to no good, but good luck trying.

Re:Free is still free for me (0)

Anonymous Coward | more than 7 years ago | (#17769948)

stunnel is also vulnerable to man in the middle attacks

Re:Free is still free for me (5, Funny)

spellraiser (764337) | more than 7 years ago | (#17770010)

The lesson: Don't f*ck with someone who has a four-digit userid on slashdot.

Re:Free is still free for me (3, Informative)

singularity (2031) | more than 7 years ago | (#17770258)

This is one of the funniest threads I have read in a while, partly because I turned to a friend while reading the Slashdot write-up and said "Wow, they still give Internet access? My machine is secure enough, I would use that instead of paying the $7.95/day they want in some airports!"

Then I read this thread.

And pointed out my UserID to the same friend.

Too bad - I have actually seen that "Free Wi-Fi" ad-hoc network in a few airports in the last month or so (I think in Midway airport in Chicago). I did not join it, since I knew the SSID of the official wireless service (and knew that it was paid access)

In interesting thing to do is to join the network, fire up a Bonjour Browser (or your other favorite ZeroConf browser) and see available services. If people are sharing their iTunes libraries, if they have a ZerConf chat program, and so on...

Re:Free is still free for me (5, Funny)

slyborg (524607) | more than 7 years ago | (#17770638)

And pointed out my UserID to the same friend.

...who secretly rolled their eyes and promised self to find cooler friends....

Re:Free is still free for me (5, Funny)

Jon Abbott (723) | more than 7 years ago | (#17770338)

The lesson: Don't f*ck with someone who has a four-digit userid on slashdot.
Four- or less -digit userid! Get it right! :^)

Re:Free is still free for me (0)

Anonymous Coward | more than 7 years ago | (#17770186)

"I guess that would be risk free wifi for me..."

No doubt. I always check public APs first with KisMAC if I'm using my MacBook and kismet if I'm using my Linux laptop. I think TFA should not sound so generic. As described, this is a problem for Windows users and it should say it.

Re:Free is still free for me (5, Funny)

Nutty_Irishman (729030) | more than 7 years ago | (#17770314)

I know what you mean, I use that "Free Wi-Fi" every time I'm in the airport with no problems. Now I have freewifi.exe process running all the time, even when I'm not in the airport! Haha, take that, suckers!

Avoid ad-hoc connections (3, Informative)

GreyPoopon (411036) | more than 7 years ago | (#17769704)

To avoid this, just avoid ad-hoc connections. That will work until the perps start using Infrastructure (Access Point) connections with a bridge to the real one. You can even set up Windows XP so that it won't allow you to make ad-hoc connections.

Re:Avoid ad-hoc connections (4, Informative)

Wanker (17907) | more than 7 years ago | (#17769832)

Uh, they already use Infrastructure connections. Bummer, eh?

Even worse, their 200mW cards will out-power the real 40mW access points so Windows will prefer to use the attacker's "closer" "access point".

http://www.remote-exploit.org/backtrack.html [remote-exploit.org]

Re:Avoid ad-hoc connections (1)

GreyPoopon (411036) | more than 7 years ago | (#17770022)

Even worse, their 200mW cards will out-power the real 40mW access points so Windows will prefer to use the attacker's "closer" "access point".
Wouldn't this make it easier for a security force to locate perpetrators?

Re:Avoid ad-hoc connections (1)

Zadaz (950521) | more than 7 years ago | (#17770210)

Are there security forces with RF triangulation gear?

At best security would walk around looking for people using laptops and ask them what they're up to. With a 200mW signal that's a much larger area to patrol. Of course the perps run it in their travel bag so no one will see it.

Re:Avoid ad-hoc connections (1)

Wanker (17907) | more than 7 years ago | (#17770652)

Wouldn't this make it easier for a security force to locate perpetrators?
Guess what happens when the attacker sees a bunch of guys running around with RF triangulation gear?

It's very hard to zero in on the location without giving away what you're doing since it involves changing position, checking signal levels, and repeating the process. When the attacker sees this, all he has to do is power off the live-Linux-based Backtrack and poof! All the physical evidence of his misdeed is gone and now he's just another traveler finishing his E-mail and heading off in search of an overpriced soda.

Re:Avoid ad-hoc connections (1)

drinkypoo (153816) | more than 7 years ago | (#17769842)

And also note that Windows XP doesn't even let you BE an Access Point unless you use one of the like two wireless chipsets for which there is still a management utility (i.e. you're not forced to use the Windows XP wireless networking.) I was somewhat dismayed when I ugpraded my laptop from win2k to winxp and found that I could no longer be an access point. Then I went to linux, and now my nic doesn't work at all! Now that's progress. (Someday I'll see if ndiswrapper will do the job, but I am using a centrino machine now.)

Re:Avoid ad-hoc connections (1)

bfields (66644) | more than 7 years ago | (#17770520)

To avoid this, just avoid ad-hoc connections.

Only connect to networks you can trust, right? Because school and office networks are never hacked....

No thanks. I'd rather connect to whatever network I like, and rely on end-to-end authentication; all the convenience of being able to use any network, and *more* secure. What a deal.

Great! (3, Funny)

Rob T Firefly (844560) | more than 7 years ago | (#17769720)

Now I can take a well-configured Linux lappy to the airport, hook up through these bad guys, and make extra sure to do everything illegal, immoral, and dangerous I can think of over their pipe without a smidgen of guilt. Woo and yay!

Better yet... (3, Funny)

KingSkippus (799657) | more than 7 years ago | (#17770238)

Help other folks out. Set yourself up as a proxy, advertise yourself as "Free Wi-Fi" too, and let everyone else (at least, everyone who connects through you) safely use the scumbag's paid wi-fi connection for free.

But if you must have some innocent fun, you really should have your machine mirror images so that they're returned upside-down. Not all of them, just a very few that meet some criteria based on a hash of the user's MAC address or something. Imagine their confusion when their buddy's laptop shows the picture normally and they're sitting there thinking, "What the...!!?"

Stupid idea (5, Insightful)

Dogtanian (588974) | more than 7 years ago | (#17770518)

Help other folks out. Set yourself up as a proxy, advertise yourself as "Free Wi-Fi" too, and let everyone else (at least, everyone who connects through you) safely use the scumbag's paid wi-fi connection for free.
That's the kind of geeky too-clever-for-your-own-good thing that will get you into trouble if the real criminal ever gets caught... or even if he doesn't. Suppose the police (or whoever) at the airport know about this scam and are investigating, and pick up *your* connection. Now you're messed up with this thing; you might know that you're innocent, but they don't, and explanations like "But... but... I was just having some fun at the guy's expense and making it safe for everyone" won't go down well.

How sure are you that you can prove that you're not involved, especially when you've been arrested and subject to police questioning? Under ideal circumstances If you were in control of things, you could probably put together a good case, but fancy playing against a prosecutor and police who genuinely believe that you were involved and want to make you look bad?

And (so the police will want to know) since you obviously knew this guy was up to no good, why didn't you report it?

Doesn't sound such a good idea now.

Re:Better yet... (2, Informative)

ajs318 (655362) | more than 7 years ago | (#17770738)

Someone's been reading this [ex-parrot.com], haven't they? :)

If / when I ever get any wireless kit, I will change the name of my neighbours' unprotected router (currently set to the make and model name; a quick Google search revealed the default password) to "pWn3d", have my router emulate theirs but with suitably distorted graphics, and see what happens. Jut a shame I can't listen in on their call to tech support ..... but I could, if I had what fone phreaks once referred to as a "Sky Blue Pink Box with Yellow Spots On". Oh, wait, such a thing [grandstream.com] already exists [debian.org]!

Now, that does sound like serious PHUN!

Whatever happened to free airport Wi-Fi? (1, Interesting)

sokoban (142301) | more than 7 years ago | (#17769764)

Does anyone in here remember when airports used to usually have free wireless internet access? In 2001, it seemed like most of the nice airports offered free wireless access as a courtesy to customers, but now the only one I see doing that is my local airport (bluegrass int'l). Now every other airport seems to have some silly $15 wireless internet access service. Even expensive hotels now are starting to charge for wireless access, though they usually still have free wired access.

That's it, I'm sick of all this mother fucking nickel and dimeing in these motherfucking airports.

Re:Whatever happened to free airport Wi-Fi? (1)

CRCulver (715279) | more than 7 years ago | (#17769812)

Situation's a bit different in Europe. The airports in Budapest and Vienna have free wi-fi, and it's blazingly fast. In fact, when I recently had to fly out from Vienna, I got to the airport 36 hours early so I could get several films through Bittorrent.

Re:Whatever happened to free airport Wi-Fi? (1)

LegionX (691099) | more than 7 years ago | (#17769988)

Maybe that's one of the reasons for the nickel'in and dime'in.

Re:Whatever happened to free airport Wi-Fi? (4, Insightful)

paeanblack (191171) | more than 7 years ago | (#17770688)

Situation's a bit different in Europe. The airports in Budapest and Vienna have free wi-fi, and it's blazingly fast. In fact, when I recently had to fly out from Vienna, I got to the airport 36 hours early so I could get several films through Bittorrent.

It's that kind of juvenile behavior that kills off free wi-fi services. They are there for people to check itineraries, keep in touch with their friends/family/colleagues, and other minor conveniences. They don't exist for jackasses to park on for days to download movies.

"Free to use" does not mean "Free to abuse". If you want more bandwidth, pay for it yourself.

Re:Whatever happened to free airport Wi-Fi? (0)

Anonymous Coward | more than 7 years ago | (#17770000)

Some airports still have them. The bluegrass airport in Lexington, Kentucky still does.

Re:Whatever happened to free airport Wi-Fi? (0)

Anonymous Coward | more than 7 years ago | (#17770056)

But isn't that the way these things always work?

If you're the only one offering a service people want, you can charge a lot for it.

When competition starts moving in, you try to beat them by lowering prices.

When lowering prices doesn't work anymore, you offer it for free.

Finally when EVERYONE'S offering it for free or for a negliable fee and you're no longer "better than everybody else" service, feature or price-wise, there's no point in offering it for free so you can start charging for it again.

Silly Americans (0)

Anonymous Coward | more than 7 years ago | (#17770804)

It's an American obsession to nickel and dime the world. Every airport I've been to in the EU has had free wifi, usually it's extremely fast too.

Re:Whatever happened to free airport Wi-Fi? (1)

CastrTroy (595695) | more than 7 years ago | (#17770848)

They got rid of it because they realized they have a monopoly on internet access and flights, so there's no point in giving away the internet. It's not like people are going to go to a different airport if the other one has free internet. You go to the airport that your plane flies out of. and usually there's only 1 major airport in each city.

P. T. Barnum... (1, Insightful)

eviloverlordx (99809) | more than 7 years ago | (#17769766)

said it best: "A sucker is born every minute".

Re:P. T. Barnum... (2, Funny)

TodMinuit (1026042) | more than 7 years ago | (#17769804)

Thanks to Windows, they are unknowingly born every clock cycle. And so goes the easy-of-use vs. security tango.

Washington Dulles too (1, Informative)

Hokie06 (986634) | more than 7 years ago | (#17769782)

I've seen this in the B terminal of Dulles Airport, everytime I fly out. I guess it could be someone who works there or something. But since it was ad-hoc I never connected.

Re:Washington Dulles too (1, Funny)

flynt (248848) | more than 7 years ago | (#17769848)

I've seen this in the B terminal of Dulles Airport, everytime I fly out.

Are you sure it's not you?

at DEN, SAT, MCO, and LAS too (1)

ThingOne (578618) | more than 7 years ago | (#17769954)

As I travel, I see this appearing at more and more airports. I am curious if they are changing the zombie computers to offer their own ad-hoc "Free WIFI" and send the sniffed information to a central collection point. I have also seen this in hotels in major cities. It's a boon for more identity theft.

Re:Washington Dulles too (1)

The MAZZTer (911996) | more than 7 years ago | (#17770182)

I saw one at Logan Intl (Boston). I couldn't connect to the Internet through it, it disappeared right after I tried to use it, ha. I don't think I have to worry about my portable being a zombie though, since it's a Nintendo DS. :)

Not that hard in Vista (5, Informative)

jfurdell (574363) | more than 7 years ago | (#17769784)

When you connect to a network, a little wizard pops up asking you if it's "Home", "Work", or "Public Location". Choose Public Location and sharing will be disabled automatically.

Re:Not that hard in Vista (0, Flamebait)

Pxtl (151020) | more than 7 years ago | (#17769960)

That's very nice. How considerate of them to make a workaround to avoid the fact that machines on your local network can pwn your OS and turn it into a zombie by using a service that was supposed to provide the 40+-year-old concept of transferring files.

If I implement file and printer sharing on my PC, I think it's reasonably fair to expect it to (a) share the files in folders I have marked shared, and (b) share the printers I have marked shared... and nothing else.

Re:Not that hard in Vista (1)

jimicus (737525) | more than 7 years ago | (#17770476)

No kidding. I get this every so often from people at work: "How can I stop C: on my PC from being shared?". I don't mind saying "You can't" (straight up, on an NT4/Samba domain you can't do that - don't know if it's still true for Active Directory domains), what I do mind is having to justify why you can't - after all, the next question is always "Why not?".

Re:Not that hard in Vista (0)

Anonymous Coward | more than 7 years ago | (#17770720)

"How can I stop C: on my PC from being shared?"

Have your firewall drop TCP/UDP traffic on ports 135, 137:139 and 445 like the viral plague it is.

Re:Not that hard in Vista (2, Informative)

Anonymous Coward | more than 7 years ago | (#17770852)

I've managed it.
1. Become SYSTEM.
2. Open explorer to My Computer
3. Open share properties (be careful: do not open folder security)
4. Open share security
5. Change permissions to deny for all.

Re:Not that hard in Vista (1)

nine-times (778537) | more than 7 years ago | (#17770658)

Excellent point. In a similar vein I've always wondered if software-based client firewalls are a step in the wrong direction. Shouldn't these ports be closed by default? And if you do open them for a particular service, shouldn't we expect that the service would be fairly secure? I mean, sure, if you enable remote logins on your machine, leave the admin/root password blank, and go around hooking up to strange/open wireless networks, you're asking for trouble. It doesn't matter if it's in an airport or whether it's an ad-hoc network. You could be in your own home connected to your own wireless network, and if the network is open and your computer is insecure, anyone within range can have full access to your computer.

Red flags on first page of article (0, Troll)

Anonymous Coward | more than 7 years ago | (#17769790)

I'm not going to bother reading the whole thing because the first page was so bad.

1) They'll be able to read your user names and passwords for financial web sites
Only if you're dumb enough to not use SSL.

2) Having file-sharing on will allow them to make you into a zombie
Only if you have your shares horribly misconfigured.

3) The hacker will change your wi-fi settings
Again, only if you have your shares horribly configured.

*Maybe* Windows is broken enough to allow someone to do this just based on a single wi-fi connection, but I doubt it.

-Andrew

A marketing exploit. Sorta (1)

hypermanng (155858) | more than 7 years ago | (#17769820)

I've never seen anything pernicious and accidental* come into a corporate network except through the marketing folks. They always seem to be the ones who like the use gadgets they don't understand, leave extraneous services on because they seem kinda neat and so on. They're exactly the sort of people who connect to ad-hocs all day long. After all, if their computer is compromised, it's IT's problem.

The summary is right - anyone who is a big enough geek to read /. isn't the sort of person the perpetrators are looking for.

*Pissed off IT guys have occasionally been foolish enough to actually sabotage their employers. This is pure shitting where you eat, no matter how big an asshole your CEO is (or whatever).

remote host (2, Interesting)

TheSHAD0W (258774) | more than 7 years ago | (#17769830)

If you have a box that's permanently on the net, a machine at home that's always on, a web server, etc, set your laptop up to always tunnel its connections through it. That way, even if someone 0wnz the connection you're on, so long as your software firewall is good, you're set.

The article is not entirely correct (1)

raddan (519638) | more than 7 years ago | (#17769850)

But because you're using his connection, all your traffic goes through his PC, so he can see everything you do online, including all the usernames and passwords you enter for financial and other Web sites.

While this is true for HTTP, which is in the clear, banking, financial, and e-commerce websites use SSL (or should, anyhow), which makes man-in-the-middle attacks impractical (though not impossible). I have seen these "hotspots" myself, in areas of Boston near hotels, and I've connected to them via my BSD laptop. I wasn't able to actually get any connectivity through them. I've been wondering if these were set up by someone maliciously, or if these are pwned machines. Kinda makes me want to walk around with netstumbler until I find these guys.

grasshopper (0)

Anonymous Coward | more than 7 years ago | (#17770336)

what you see are fellow client nodes, like yerself.

It's been around for a while (1)

Siener (139990) | more than 7 years ago | (#17769866)

I saw this in November in Heathrow airport in London, England - an ad hoc wireless network called "Free Wi-Fi". Obviously I wasn't stupid enough to connect to it.

Re:It's been around for a while (0)

Anonymous Coward | more than 7 years ago | (#17770216)

However, you are too stupid to realize that he can't do anything if you connect to a banking site with SSL, and he can't really do much anyway if you just browse the news.

Re:It's been around for a while (0)

Anonymous Coward | more than 7 years ago | (#17770760)

Why didn't you walk around until you found the strongest signal and unplug the closest computer? Or, as a true /. reader would do, sit down and talk to the person for a while to see what they can really do?

It would seem to me that unless they are exploiting the known flaw in the Broadcom drivers or have an unknown tunnel into your system, the most they could do would be to drop a file into a shared folder (like StartUp) to activate at a later date. And that would only happen to people who have Full Control/Write and Anonymous Logon access to their c$ share. That's got to be a VERY small percentage of people. But maybe that sit-down and your follow-up report to /. would answer my questions, too.

Universal free wi-fi (2, Interesting)

adambha (1048538) | more than 7 years ago | (#17769880)

And when wi-fi becomes a universally available free commodity (who else is betting on it?) what trickery will we see then?

Relay? (4, Insightful)

zlogic (892404) | more than 7 years ago | (#17769882)

Or the bad guy could set a relay with the real internet and get all your passwords, that's why I use SSL in public APs. But even worse, he could emulate (and forward data to) popular sites like Gmail, Yahoo, Ebay and Paypal but without any SSL. Like, a site that looks and acts like Gmail and even has your messages but is in reality a non-encrypted site that acts as a proxy.

Re:Relay? (2, Interesting)

Vellmont (569020) | more than 7 years ago | (#17770732)


But even worse, he could emulate (and forward data to) popular sites like Gmail, Yahoo, Ebay and Paypal but without any SSL. Like, a site that looks and acts like Gmail and even has your messages but is in reality a non-encrypted site that acts as a proxy.

I never thought about that, but that's an excellent point. It's a good reason not to trust web based mail sites.

In fact, it calls into question the security of all websites, since they start out in unencrypted mode. How often do you check when logging into a secure website that it's really using https, and not http?

Quick question (1)

the_humeister (922869) | more than 7 years ago | (#17769890)

If you're somehow connected to this ad hoc network, but use encrypted access to other computers, are you still ok? eg. if I ssh to my home computer, or use access an https site am I still ok?

Re:Quick question (3, Informative)

Vellmont (569020) | more than 7 years ago | (#17770166)


eg. if I ssh to my home computer, or use access an https site am I still ok?

As long as you exchange keys with the actual end host, and not the man-in-the-middle, you're fine.

If the Man-in-the-middle tries to give you his own SSL key, your browser will throw up an error message that the key is invalid. If you click "accept key", then you're hosed and the attacker can read all your traffic.

As far as ssh goes, if you've connected to the host before, SSH will (or at least on the clients I've used) throw up a big warning message that someone is trying to hack you. If you haven't connected, no such warning will appear and if you type in your password the attacker will get your password, and everything you type in your ssh session.

Everyone share (1)

jsnipy (913480) | more than 7 years ago | (#17769902)

It seems to a non issue if you don't have open shares and you don't have have blank or simple passwords along with default user names.

Article does not explain the zombification process (4, Interesting)

dudeman2 (88399) | more than 7 years ago | (#17769972)

Connecting to the "Free Wi-Fi" and having your passwords and data sniffed is one thing, but how easy is it for the attacker to turn a Windows XP system into a zombie, merely by connecting to an attacker's wireless network?

Assumption #1. You run Windows XP, SP2, up to date with security patches
Assumption #2. You have Windows Firewall installed and configured for maximum security
Assumption #3. You are not sharing your folders on the network, or if you are, you're not allowing guest write access

(Now, I know how many Windows users do not follow #1,#2,#3 above..) but assuming they do, is a zero-day exploit required in order to zombify their PC?

Re:Article does not explain the zombification proc (1)

giminy (94188) | more than 7 years ago | (#17770340)

It's hard for an article to explain anything if you don't read it.

From TFA:

In addition, because you've directly connected to the attack PC on a peer-to-peer basis, if you've set up your PC to allow file sharing [emphasis mine], the attacker can have complete run of your PC, stealing files and data and planting malware on it.

You can't actually see any of this happening, so you'd be none the wiser. The hacker steals what he wants to or plants malware, such as zombie software, then leaves, and you have no way of tracking him down.


Reid

ad-hoc networking == filesharing? (1)

Vellmont (569020) | more than 7 years ago | (#17769976)

The article says that if you connect to another host via an ad-hoc network, you somehow turn on filesharing in Windows (presumably to your entire HD). I wasn't aware of this feature in Windows. Can someone confirm it and provide some references, because the last people I'll trust to get the facts straight are journalists.

Far easier to get good scam info... (2, Interesting)

Lumpy (12016) | more than 7 years ago | (#17770008)

linux laptop advertising as a wifi hot spot.

It runs it's own DNS and httpd.

you connect, it looks real. Log into your yahoo account with a legit looking cert, hmmm yahoo is having trouble, I'll try ebay. I logged in but it also has trouble, I'll try again.. oh it works!

Really easy, thwarts all the "this certificate does not match as you control everything the client side sees, then dump them off to your link to wifi or your cellular net connection.

you can probably get tons of real logins you are ready for collecting.

Moral of this? do not trust open accesspoints, they might not be legit.

Re:Far easier to get good scam info... (0)

Anonymous Coward | more than 7 years ago | (#17770180)

Although many users will ignore the warning, it's not possible to make a legit-looking certificate just because you "control everything the client side sees". Client Web browsers know the public keys of all the Certificate Authorities and will complain if a site presents a certificate that isn't signed by a known CA.

Re:Far easier to get good scam info... (2, Insightful)

fizbin (2046) | more than 7 years ago | (#17770546)

Okay, but tell me - how often do you regularly see firefox warnings about certificates signed by random CAs? I see at least one or two a week. How likely do you think it is that someone's going to notice this?

When even Google AdSense [google.com] can't get the whole "do https properly so that people don't get trained to click past error messages" thing right (granted, it's a different error in google's case), how closely are people really going to look? Granted, they might get slightly suspicious the third of fourth time this happened, but for people just trying to check some news sites and their corporate email before boarding they might only see one such error message.

Install malware? (1)

frakir (760204) | more than 7 years ago | (#17770060)

Erm... and how exactly will someone turn p2p client into a zombie? I mean you can access shared volume if it is not password protected, but run anything?

Or was this dude letting share his entire HD including OS?

Others OS's at risk? (1)

hoser (95281) | more than 7 years ago | (#17770064)

Trying not to be the arrogant Mac user my friends kid me about being (at least I think they're kidding), I've gotta ask:

Is Mac OS X at risk to these kinds of attacks?

Re:Others OS's at risk? (1)

Vellmont (569020) | more than 7 years ago | (#17770490)


Is Mac OS X at risk to these kinds of attacks?

As far as a man-in-the-middle attack goes, of course. The attack is a property of the networking technology, not the OS. If you connect to a wireless network, then connect to your bank or whatever via SSL, then blindly accept the error message that's going to come up when the SSL certificate comes up (since the attacker is going to give you his own SSL cert, not the real one), the attacker can read anything you send to the other side, and anything that comes back to you.

The only solution is to not accept invalid SSL certs, or setup your own VPN tunnel.

Re:Others OS's at risk? (1)

RFaulder (1016762) | more than 7 years ago | (#17770730)

OS X's Airport menu in the menubar will place these networks in its own grouping, called "Computer-to-Computer networks". I keep Windows Sharing off in the Sharing preference pane, and also never connect to a computer-to-computer network unless I know who's computer it is. There's always a "Free WiFi access" computer in my building on campus, I wonder how many people he dupes....

Free AP network (1)

tdos20 (992697) | more than 7 years ago | (#17770066)

Free access point connections aren't secure either as what you're sending isn't (usually) encrypted it can easily be picked up by someone nearby sniffing your packets

I was scammed at an airport yesterday (1)

CrazyJim1 (809850) | more than 7 years ago | (#17770070)

They charged me 8$ for internet access, but never gave me connection to the internet. Stupid Boston Airport(Logan)

Re:I was scammed at an airport yesterday (1)

skiflyer (716312) | more than 7 years ago | (#17770184)

I had that happen at O'Hare not too long ago, wrote them a nice email on my phone, and had my $8 refunded to my credit card before I landed in NYC.

Re:I was scammed at an airport yesterday (1)

Zadaz (950521) | more than 7 years ago | (#17770420)

So someone running a local server at the airport just got your cc number and associated details...

Sounds like a pretty good deal to me.

Vista disables file sharing by default. (1)

DraconPern (521756) | more than 7 years ago | (#17770072)

Vista disables file sharing by default unless you tell it the current network connection is a home or work network.

Not just airports (2, Informative)

dropshot (646089) | more than 7 years ago | (#17770112)

I saw exactly this at the National Archives in College Park, MD. I told the local IT bubbas, but they just gave me blank stares. It was particularly disturbing because the average researcher at the archives won't have the technical sophistication to realize what's going on, and will then take their zombified system back to a university network.

This honeytrap is widespread (1)

spyrochaete (707033) | more than 7 years ago | (#17770196)

I've seen connections like these available in airports and hotels. I actually tried to connect but my crappy 802.11b NIC wouldn't let me.

WinXP makes it very obvious that it's an ad-hoc network and not a WAP. The icon is completely different. I guess I'll be avoiding those connections from now on.

Talk about naive! (1)

BillGatesLoveChild (1046184) | more than 7 years ago | (#17770200)

> Of course no one reading this would fall for such an elementary con.

Too right! This is Slashdot! The big ./! No way we'd fall for something like that.
Not like we're n00bs! ha ha.

> The article gives detailed instructions on how to make sure your
> computer doesn't connect automatically to any offered network,

{Sound of frantic typing, hyperventilating and weeping}

So that's what that is... (1)

It doesn't come easy (695416) | more than 7 years ago | (#17770230)

I see those ad hoc computer connections on airplanes all the time (I fly the friendly skies about every two weeks). I thought they might be the airline offering a way to connect to the internet while in the air. Fortunately for me I never allow ad hoc connections on my computers and always have file sharing turned off except for when I'm specifically transferring data. Maybe I'll try to locate the computer offering the connection the next time I see it in the list.

I've Seen This (1)

Eukaryote (93920) | more than 7 years ago | (#17770304)

I have seen this at my Law School (at a state University), actually. There is often a computer-to-computer network called "Free Public Wifi."

Good thing I have a mac...

Why just ad hoc? (4, Informative)

BubbaFett (47115) | more than 7 years ago | (#17770322)

With Linux and the hostap driver I can set up a legitimate access point. Ad hoc isn't a necessary part of this scam, and I don't see how avoiding ad hoc networks will prevent anything.

Old problem, Old solutions (3, Informative)

frostilicus2 (889524) | more than 7 years ago | (#17770356)

Besides the possible risk from malware infection if you have enabled file sharing, this really is the same man-in-the-middle attack that was so prominant in the 80's and early 90's. A problem which has been mostly fixed by the adoption of SSH over telnet. And is practically non-existant over HTTP today beacuse of the use of SSL on servers. And with regards to malware, how does this differ from picking up some spyware from the pr0n site you "accidently" visited?

I see no problem here that cannot be solved by adopting the same principles that you would use for ordinary domestic internet access:

1) Turn on your firewall and close all open ports.
2) Don't send sensitive data over an unsecured network.

forget about the network (3, Informative)

rsw (70577) | more than 7 years ago | (#17770400)

The network isn't the problem here, your computer's configuration is. All of my machines can safely connect to an untrusted network (and they do---my non-firewalled, non-NATted internet feed) without being turned into zombies.

The message here shouldn't be "don't connect to untrusted networks," it should be "secure your machine."

Once you do that, these guys are just being nice and giving you a free connection!

-rsw

not just airports (1)

tlm2021 (1056166) | more than 7 years ago | (#17770456)

Going for spotty wireless access in my dorm room, I click on my airport icon and there's usually 2 or 3 computer-to-computer networks named "free wi-fi" or "free high speed." Yay for making making it easy to tell that's bogus. I turned off my sharing and put up all my firewalls once, and got on just long enough to find out they're not even smart enough to give the promised internet access to keep you busy. It's just a flat-out, try and screw you scam.

Hey! I seen that. (1)

WarlockD (623872) | more than 7 years ago | (#17770500)

I have been to a few airports in Chicago and Dallas recently and scanned those. Never stupid enough to connect to them, (ad-hoc mode is off) but enough to be curious.

More interesting idea (0)

Anonymous Coward | more than 7 years ago | (#17770524)

How about instead just recording the stream of data as the laptop user connects to his email or surfs (assuming he doesn't use a secure vpn). Grab copies of all his company email, files, browsing habits etc. Laptop-wireless-tapping like phone-tapping.

Hi, I'm (pwn3d) on the bus... (1)

AndroidCat (229562) | more than 7 years ago | (#17770542)

The YRT regional bus service [wikipedia.org] is trying to make wi-fi access from their buses work. (Last time I checked, the AP was answering but not connecting to anything. They claim some buses are working.)

Once people get into the habit of using it, it should be easy to board the bus with a laptop and create a bandit AP that looks like the real one. (A working bandit since it could just proxy to the real AP for internet access.) A fine man-in-the-middle only "visible" to the riders, and easy to shutdown and swap buses if there's any sign someone has spotted the bandit.

Oh yes... Their standard name for the bus AP is .. default.

Scaremongering.. here's a *different* analysis (1)

Dynamoo (527749) | more than 7 years ago | (#17770568)

The article is full of "could"s and "possibly"s. It's sheer speculation.. and indeed, scaremongering.

I've seen this several times before, and the best article I've seen on it is here [chron.com]. That's a lot more level headed, and it refers to the "Free Public WiFi" SSID as a virally spreading phenomena, but most likely not a virus or honeypot.

The problem is that Windows handles Ad Hoc WLAN networks in a rather bizarre way.. once you've connected to the Ad Hoc network, your computer will likely become *part* of the Ad Hoc network and will consequently rebroadcast the SSID, advertising to others. This means that the SSID slowly spreads out just like a biological virus.

Yes - it *could* be used as a man-in-the-middle attack or some sort of botnet, so the advice to steer clear of Ad Hoc networks you don't know about it very sound indeed. My experience of seeing the "Free Public WiFi" SSID definitely fits in with that theory.

I fell for this... (0)

Anonymous Coward | more than 7 years ago | (#17770724)

... at a doctor's office a couple days ago. I thought I'd see if the office had a Wi-Fi connection I could use for the 3 hours I would be there with my MacBook and saw "Free Wi-Fi" listed. I was a little curious why it was listed under computer-computer networks, but tried connecting. Didn't seem to get me an external connection so I gave up. Fortunately I 1) have a Mac, and 2) only have remote login (SSH) enabled with a good password. But thanks for the warning!

Stuart

Just saw this yesterday... (1)

Doctor Memory (6336) | more than 7 years ago | (#17770746)

I just moved into a new office and I was checking the ports to see which were live. I hit a dead one and my laptop automagically tried to connect via WiFi. I saw a bunch of unsecured access points, and a couple of ad-hoc networks. One was hpsetup (a wireless print server maybe?), and one was Free Public WiFi. This is in downtown Lincoln, NE (yes, they have computers here).

Disturbingly, one of the unsecured wireless networks is labelled Itgadmin's PowerBook G4 17". More disturbingly, another is labelled WF Conf Room. I'm across the street from the main Wells Fargo branch...

Just Ad-hocs? Um, no. (1)

lordsimian (911973) | more than 7 years ago | (#17770844)

Um, this doesn't just apply to ad-hoc networks... Any monkey running linux with Hostapd can set up an full Access Point that your laptop will happily connect to even when ad-hoc networking is turned off. If this monkey is clever, he'll use the same open SSID the airport/coffee house/hotel is using. You can go on and on about SSL and vpns and so on, but the bottom line is the attacker has control of the WLAN you are connected to at the very lowest levels. The attacker has complete freedom to record and/or tamper with anything you send or receive while in transit.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...