Thursday, December 21, 2006

Travel tip: Beware of airport wi-fi “honeypots”

From Domenico Bettinelli, Jr. @ http://www.bettnet.com/blog/index.php/weblog/travel_tip_beware_of_airport_wi_fi_honeypots/

Here’s a little reminder for those of you who will be traveling over Christmas and will be taking your laptop along to while away the hours in the terminal.

Beware of open wi-fi hotspots in the airport. That free hotspot may in reality be a “honeypot,” a trap designed to fool unsuspecting travelers into exposing their computers and data to hackers.

I was recently at New York’s JFK airport in the JetBlue terminal, where they have prominent signs offering free wi-fi, courtesy of the airline. But when I went to connect, I noticed that several options were available including one labeled “default” and another labeled “JetBlue free hotspot.” It turns out that the former was the actual free hotspot and the latter was the honeypot. (Of course, JetBlue could have averted some of this by actually renaming their router something useful like, say, “JetBlue free hotspot” instead of leaving the unhelpful “default” moniker it came out of the box with.)

What tipped me off was that the “JetBlue free hotspot” was labeled in my Mac OS X “Airport” (i.e. wi-fi) menu as a “Computer-to-Computer network.” On Windows I think this might be called an “Ad-hoc network”. Without getting into too many technical details, this means that someone has made their own computer appear to be a wi-fi router. If you connect to this network on an imperfectly protected Windows laptop, this hacker will have access to your data from his own computer. Even if you’re on a properly configured laptop, Windows or Mac, they’ll still be able to harvest any passwords or other data you attempt to send while trying to connect to web sites.

Seasoned business travelers probably know all this, but for all you casual holiday travelers: Forewarned is forearmed.

No comments: