5 tips to protect you from Wi-Fi honeypots

If you come into range of the WiFi Pineapple Mark IV, every web page on the internet may be replaced by the Nyan Cat kitten, or, in the hands of someone malicious, something far worse. Here's how to protect yourself.

Darren Kitchen
(Credit: Declan McCullagh/CNET)

Darren Kitchen spent this weekend walking around the SXSW festival with an unobtrusive but relatively evil red box attached to his backpack: it impersonated Wi-Fi networks in hopes of convincing laptops, phones and other wireless devices to connect to it.

Kitchen's hot-spot honeypot worked. During just a few minutes in the lobby of the Omni Hotel in Austin, Texas, he disrupted dozens of Wi-Fi connections and rerouted them to his own "network" that replaced all internet pages with a video of the Nyan Cat kitten flying through space. Someone with malicious intent could have done far worse.

Kitchen, founder of Hak5, says the WiFi Pineapple Mark IV box highlights the security flaws of the way Wi-Fi has been implemented. There's also a privacy flaw. Currently, Wi-Fi devices broadcast the list of open Wi-Fi networks to which they previously connected — meaning an astute observer may be able to tell where the owner works and socialises.

His five tips for how to prevent your internet connection from being hijacked by someone with the WiFi Pineapple Mark IV:

1. Turn off Wi-Fi

If Wi-Fi isn't enabled, there's no privacy or security risk. Use a 3G or 4G USB stick instead. Or, on a laptop with a wired Ethernet connection, use that.

2. Avoid open Wi-Fi networks

"For the most part I tell people: avoid open Wi-Fi altogether," Kitchen says. If you do use Wi-Fi, stick to networks that are WPA-encrypted with a password. The WiFi Pineapple Mark IV can't impersonate those.

3. Use a VPN

If you do decide to connect to an open network, use a VPN or SSH tunnel to give yourself additional security. But even then, an attacker can interfere with the Wi-Fi connection by sending a false de-authentication frame. "It looks like it came from the legit Wi-Fi network," Kitchen says. "I could piss you off and maybe you'd go unencrypted" by disabling the VPN and making the connection vulnerable.

4. Change your Wi-Fi settings

If your Wi-Fi settings are changed so your computer (or phone) no longer remembers previous open networks it connected to, that will help. It will also protect your privacy because the names of stored networks will no longer be broadcast. On a Mac under OS X, for instance, go to network settings, and under advanced, turn off "Remember networks this computer has joined". Also erase the list of "Preferred networks".

5. Ask your manufacturer to fix the problem

Should your phone really trust that an aeroplane-based Wi-Fi network is legitimate when it shows up at a conference or hotel? Probably not. Adding security through geolocation or making sure the MAC addresses are the same are some options that manufacturers could choose. But there's been little movement toward an industry-wide fix.

Via CNET



Add Your Comment

Avatar
 

Be the first to comment on this story!


Post comment as


Sponsored Links

Recently Viewed Products