Computer users beware of rogue access points

Print
Email
|

by JASON WHITELY

Bio | Email | Follow: @jasonwhitely

WFAA

Posted on May 4, 2011 at 11:10 PM

Updated Thursday, May 5 at 3:11 PM

You can find Wi-Fi Internet access in hotels, airports, coffee shops and even shopping malls.

More and more of the free wireless connections are popping up in North Texas — and so are the potential threats to your personal security.

Before you on to a free connection with your smartphone, laptop, or tablet, consider this story about how easy it is for scammers to intercept your sensitive data.

If Beth Stanford is drinking a Frappuccino, chances are she's connected to Wi-Fi. "I check mail, surf the Web, and sometimes read books online," she said.

But as these free Wi-Fi connections becomes more prevalent, security expert Ron Frederick of M&S Technologies warns that you should be more vigilant. "My advice is to always do things you're comfortable with everyone else knowing," he said.

Wi-Fi's biggest threat may be rogue access points. That's when a scammer broadcasts his own Wi-Fi connection — disguised as a real one — designed to intercept all your logins, passwords, and personal data.

Rogue access points are possible everywhere you find real ones are: Airports, coffee shops and hotels.

"They typically are named either very obvious names that people will want to connect to like 'Free Wi-Fi,' 'Public Wi-Fi,' 'Free Internet Access' — or to mimic the name of the site they're at," Frederick said. "So if you're at an airport, they may choose the same name as an airport."

But what our computer security expert did next really caught our attention.

"On my cell phone right here I'm running a wireless access point," he said, illustrating the fact that scammers don't need a lot of equipment.

"Now, any users who happen to connect to this are sending their traffic through my phone and the cellular connection on it," he explained.

Even concealed in a pocket, that scammer's phone can still capture usernames, passwords and other data if you unknowingly log on to it.

"Basically anything you could do at that site, they could do at that site," Frederick said. "So if it's e-mail, they could send e-mail as you. If it's an online banking site, they could check your balances, add transfers, add billpays to your account, and pay an account."

Catching these scammers is difficult, if not impossible. They blend in and they don't require a big set-up.

Problem is, victims might not know someone has intercepted their information for weeks or even months later.

Frederick says you should avoid Web sites — even familiar ones while using Wi-Fi — if you get a warning about the site's "certificate."

If you normally pass through a "Terms of Service" page on Wi-Fi connections, be concerned if you don't see one.

Plus, the old rules still apply.

Make sure Web sites are encrypted; the address should start with "https," not "http." There will also be a padlock icon to indicate a secure site.

By default, Facebook isn't secured; neither is Twitter.

"I think a large number of users don't understand the risks," Frederick said.

Free Wi-Fi is attractive and typically provides faster connections to the Internet than a wireless connection via a cell phone.

But be aware that rogue access points are evolving threats that are easy to overlook.

E-mail jwhitely@wfaa.com

Print
Email
|