Hotspot Hacking And How To Fight It

Use of public wireless hotspots is increasing, giving mobile workers and others access to essential data. The bad news: Security threats against hotspot users also are increasing.

That's the word from Richard Rushing and he should know since he is chief security officer for AirDefense, which specializes in security of mobile workers.

"The usage rate at hotspots has dramatically increased in the last six months or so -- more people are using them," Rushing said. "But we are starting to see more malicious activity."

While some of that activity is occurring at popular wireless access locations such as Starbucks, which has deployed T-Mobile hotspots nationwide, the biggest threats are at what Rushing calls "premier hotspots," which are places like airline clubs.

"If somebody really wants to do something malicious or get information, they'll go where the information is," Rushing said. Put differently, places such as Starbucks have a higher concentration of Web browsers. Airline clubs have a higher concentration of business travelers who use hotspots to access for crucial and often sensitive data."It's more of a business crowd and they're more likely to have information that other people want," Rushing said.

Watching The Airwaves

Rushing and his company have received a lot of attention for monitoring the airwaves at highly-attended wireless industry trade shows. For example, he cited a number of egregious attacks at a show last February that was focused on wireless security.

The result at these shows is inevitably the same: Even though attendees are, largely, technology professionals, many still leave themselves open for attack. Because hacking technology is more of a challenge, these shows also attract their share of nefarious characters, Rushing said.

"You'll see a device come on the network and the question is whether they're spreading something," Rushing says. "Some will spread (malware) via e-mail and others by file-sharing. So, for instance, all of a sudden you'll see 200 messages going gout from the same device and you know they're spreading a virus."Rushing said he monitors the airwaves at conferences because that's the best way to see what hackers are up to. Then, in turn, he and his company can devise defenses against those attacks. He acknowledged that he is more interested in monitoring the airwaves than in actually catching scofflaws.

"I've never come face to face with the people who are doing it," Rushing said. "I have, however, found people who have been infected."

The environment at both trade shows and hotspots is changing, Rushing noted. Those wishing to do harm are becoming more sophisticated.

"We're seeing multiple types of attacks being launched," Rushing said. "Before we'd see only a single type of attack. Somebody would launch a denial-of-service (DoS) attack on a show floor. Or, you'd see somebody pretending to be the show's network. Now, they'll launch a DoS to knock people off the legitimate network, then push them to their own access point. The specific attacks aren't different, but we're seeing them strung together."

Protect Yourself

Some forms of protection for hotspot users have been widely discussed. For instance, one of the best defenses is use of a virtual private network (VPN), which encrypts data all the way from the laptop at the hotspot to your company's network. Even then, however, Rushing says that VPNs aren't always configured optimally.In addition, a personal firewall on your laptop will help. That will prevent hackers from getting to data stored on the laptop's hard drive. But rushing also offered some additional tips to prevent being the victim of malicious activity.

"If you're going to sign up for a hotspot for the first time, don't sign up at the hotspot itself," he said. "Sign up at home from your desktop before you leave. That way, you're entering all your identity theft information (such as credit card numbers) where you're much more secure."

Also, be wary of things that pop up on your screen at a public hotspot.

"If a little window pops up, read it completely before you click OK," he cautions. "This is where a lot of malicious people are doing their manipulation. This is where viruses get installed."

Rushing also strongly urges hotspot users to only enter sensitive information on Web pages that are secure, as shown by an icon on the bottom right side of the page. He also suggests switching off your wireless adapter when not connected to the network. And, if the network isn't operating properly, it's safest to assume that it has been compromised and act accordingly. Typically, that means getting off the network and, again, disabling your wireless connection.Rushing also said that so-called personal VPN services now being offered by third party vendors are quite useful. These low-cost services (click here for review) provide VPN security for individual users, encrypting data from the laptop to the VPN provider's own servers.

"It's interesting, though, that hotspots aren't providing the same (security) service (as the for-hire VPN services)," Rushing said. "I think they need two-tier service with better security being, say, an extra five dollars." Even at that, though, Rushing said that such products aren't a total solution.

"(Hackers) can't sniff data and for-hire VPNs don't protect against phishing," he noted, referring to a practice by hackers of pretending to be a legitimate hotspot.