Secplicity – Security Simplified

Wi-Fi Hacking at the Hotel Pool

While making breakfast for our kids this morning, my wife sent me a few second video of the Today Show with the message “I think I know what you do for work now” with a smiley emoji. In the segment, host Jeff Rossen gives his audience a warning around using public Wi-Fi this spring break and tips to keep themselves safe.

Rossen goes onsite to the pool at a hotel resort, where unsuspecting guests have connected their smart phones to both a honeypot and evil twin Wi-Fi network controlled by a nearby white-hat hacker. Once connected, the hacker could see everything the guests were doing on their smart phones over Wi-Fi and was able to intercept email username/password pairs, credit card numbers, and even tell what seat Rossen had on his flight home. This is a great educational opportunity to teach people some of the risks of using public Wi-Fi. Let’s break down how this hack works.

How did they get the guests to connect to their malicious Wi-Fi?

The white-hat hacker performed two very common Wi-Fi attacks to get the guests’ smart phones connected to his malicious access point so that he can intercept all of their traffic:

  1. Wi-Fi Honeypot – While sitting poolside close to other guests, the hacker used his laptop and a Wi-Fi access point to broadcast a similar SSID as the hotel to trick people into thinking it was legitimate. For example, the hotel’s real SSID is “Hotel Wi-Fi” and the attacker broadcasted “Hotel Wi-Fi Poolside.” This attack requires people to actively choose the attacker’s malicious Wi-Fi SSID instead of the legitimate one.
  2. Evil Twin – In the same poolside location, the hacker broadcasts the exact same SSID as the hotel, essentially spoofing “Hotel Wi-Fi.” In this attack, smartphones, laptops, tablets, or any Wi-Fi client with the “auto connect” feature enabled (which is usually on by default) will connect to the attacker’s malicious Wi-Fi automatically because they cannot determine which Wi-Fi SSID is “good” and which is “bad.”

How did the hacker intercept usernames/passwords and credit cards if websites use HTTPS encryption?

The video segment does not show exactly how the hacker was able to intercept information submitted via web forms such as email addresses, passwords and credit card numbers. The hacker in the segment could have easily been using well-known man-in-the-middle (MiTM) attack tools (watch this video for a demonstration) such as bettercap which makes it extremely simple to perform SSL Strip attacks on Wi-Fi clients that are connected through an attackers’ honeypot or evil twin access point. SSL stripping allows attackers to remove SSL encryption from websites, which permits them to see all the data that a victim is viewing and submitting.

Is this Wi-Fi threat real and what can be done about it?

Yes, the threat is real and a big round of applause to the Today Show for bringing this important security message to mainstream media. Wi-Fi is a extremely successful technology that most of us depend on every day, but few people actually understand the security risks it can pose.  Popular penetration testing tools such as the Wi-Fi Pineapple by Hak5 have made Wi-Fi attacks easy to perform. In fact, anyone with a bit of spare time can learn how to hack Wi-Fi from online videos.

Wi-Fi Security Tips for the Remote Worker or Traveler

  1. Don’t connect to Public Wi-Fi SSIDs if there are multiple variations being broadcasted – this is not normal for a legitimate business.
  2. When you need to surf something private such as shopping for homes, logging into your bank, buying something from an e-commerce site or booking travel, consider disabling Wi-Fi and using your 4G connection. Once you’ve wrapped up the confidential task, feel free to hop back on Wi-Fi.
  3. Clear your saved Wi-Fi network names from your devices and consider disabling “auto-connect.”

Wi-Fi Security Tips for the Business Owner or IT Department

Your visitors, guests, employees and boss will demand Wi-Fi access, so make sure you’re making their experience as safe as possible. When selecting a Wi-Fi access point (AP) vendor, look for these key Wi-Fi security protection technologies to keep the Wi-Fi you deliver safe and secure for everyone:

  1. Wireless Intrusion Prevention System (WIPS) with an advertised high accuracy and low false positive rate. This ensures that the WIPS protection system only takes down the hackers and doesn’t accidentally take down your neighbors’ Wi-Fi, leading to legal entanglements.
  2. APs that can be enabled as dedicated WIPS security sensors or APs with dedicated security radios so that you have options to add these devices into your existing Wi-Fi network without having to rip and replace all the APs you just deployed.
  3. Security alerts and reporting that can be automated. You don’t want to be inundated with log files, you need a Wi-Fi security system that takes action for you automatically and sends you a nice email letting you know all is well.

To learn the signs of a Wi-Fi Man-in-the-middle (MiTM) attack and how to protect your businesses Wi-Fi from such risks, see the following resources:

Video: Wi-Fi MiTM Attack Explained

Product Information:

White Paper: Whitepaper: WIPS Classification, Detection, Prevention