Hotspots for Hackers

Hotspots for Hackers

By CWNP On 08/30/2007 - 6 Comments

With the introduction of Apple's iPhone (and all of those other converged cellular/Wi-Fi phones), use of public WLAN hotspots is about to massively increase.  Making wVoIP phone calls, instant messaging, browsing, email, and connecting to the corporate office over VPN are just a few things that users will be doing en mass shortly.  Certainly hotspots are already a pretty big deal - including those hotspots that aren't really meant to be hotspots - for staying connected.  But with the oh-so-sought-after Apple iPhone, all of those skype phones from SOHO vendors, Internet tablets like Nokia's N800, and now all of these new converged phones recently showing up in the market, hotspots are going to be busy busy.  Busy hotspots mean busy hackers.  It'll be tough for those guys though...you know, deciding between hacking your Wi-Fi phone, tablet PC, or laptop over your bluetooth connection, Wi-Fi connection, infrared port, or any number of other wireless interfaces.

 

If you work in the Wi-Fi industry, you may already know that public hotspots are a security paradox.  You want them to be secure, but on the other hand you want unfettered access.  What's a hotspot operator to do?  There are a number of things that come to mind.  

1)  Use an access point or WLAN controller (with lightweight APs) that have the ability to restrict connectivity between wireless guests.
2)  Use HTTPS login pages if guest logins are required.  
3)  On the splash page (the login page), make sure to highlight that use of a public hotspot is unsecure.  
        a)  Suggest use of secure applications (e.g. FTP/SSH2 or FTP/SSL, POP3/SSL, SSH2, HTTPS, etc.) or strong VPN technology (IPSec, SSH2, SSL).
        b)  Suggest use of a personal firewall.  Offer a free download of personal firewall freeware for immediate installation.
        c)  Note that hotspot users should only make wVoIP phone calls when the wVoIP application is secure, they're connected over a VPN, or they're using a Layer-2 security method such as 802.1X/EAP or WPA/WPA2-PSK.
        d)  Note that hotspot users should consider disabling wireless interfaces not currently in use.
4)  Restrict outbound TCP port 25 (to prevent the bulk of drive-by spammers)
5)  Offer 802.1X/EAP, PSK, or VPN service when feasible.  It's possible that this will not fit with the operator's business model, so it will depend on the situation.
6)  Limit Internet bandwidth per user to something reasonable.
7)  Implement a WIPS for large hotspot deployments (such as in corporate environments for guest users) to protect hotspot users from specific attacks.

WVE.org has nearly as many bluetooth attacks as it does Wi-Fi attacks.  We live in a wireless data world, and both the hotspot operator and hotspot user will have to take precautions to keep users safe.

6 Responses to Hotspots for Hackers

Subscribe by Email
Kortney Kane Says:
06/22/2018 at 01:52am
Hello, School items available will include dry erase markers, tissues and hand sanitizer. Supplies are limited.
back to school

dajib 12 Says:
05/26/2018 at 11:31am
You don’t need to visit atmos login the bill payment centers and you can also avoid the late payments. You can also check your account information whenever you want.

xcv xcv Says:
03/05/2018 at 02:02am

How beats by dre cheap one nike roshe run can nike roshe run carefully nike roshe run vacuum cheap nike shoes basketball spikes beats by dre studio after beats by dre studio an nike outlet effective cheap nike basketball shoes match



Measure nike sale the areas


Kortney Kane Says:
01/02/2018 at 02:53am
I think implementing a WIPS for large hotspot deployments (such as in corporate environments for guest users) to protect hotspot users from specific attacks.
access wifi password

Says:
05/01/2010 at 08:38am
I just published my version. Love the points you made. I have few other things I advise for the truly savvy... and hackers have to be careful not to get "hacked" while having fun... umm.... exploring.
It's like the Wild West out there!

Says:
09/04/2007 at 22:00pm
Greath article, paranoia is always a good method to achive security ;)

<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

-Darren
Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

-Ben
Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

-Glenn
Read More