Hotspots for Hackers

Hotspots for Hackers

By CWNP On 08/30/2007 - 6 Comments

With the introduction of Apple's iPhone (and all of those other converged cellular/Wi-Fi phones), use of public WLAN hotspots is about to massively increase.  Making wVoIP phone calls, instant messaging, browsing, email, and connecting to the corporate office over VPN are just a few things that users will be doing en mass shortly.  Certainly hotspots are already a pretty big deal - including those hotspots that aren't really meant to be hotspots - for staying connected.  But with the oh-so-sought-after Apple iPhone, all of those skype phones from SOHO vendors, Internet tablets like Nokia's N800, and now all of these new converged phones recently showing up in the market, hotspots are going to be busy busy.  Busy hotspots mean busy hackers.  It'll be tough for those guys know, deciding between hacking your Wi-Fi phone, tablet PC, or laptop over your bluetooth connection, Wi-Fi connection, infrared port, or any number of other wireless interfaces.


If you work in the Wi-Fi industry, you may already know that public hotspots are a security paradox.  You want them to be secure, but on the other hand you want unfettered access.  What's a hotspot operator to do?  There are a number of things that come to mind.  

1)  Use an access point or WLAN controller (with lightweight APs) that have the ability to restrict connectivity between wireless guests.
2)  Use HTTPS login pages if guest logins are required.  
3)  On the splash page (the login page), make sure to highlight that use of a public hotspot is unsecure.  
        a)  Suggest use of secure applications (e.g. FTP/SSH2 or FTP/SSL, POP3/SSL, SSH2, HTTPS, etc.) or strong VPN technology (IPSec, SSH2, SSL).
        b)  Suggest use of a personal firewall.  Offer a free download of personal firewall freeware for immediate installation.
        c)  Note that hotspot users should only make wVoIP phone calls when the wVoIP application is secure, they're connected over a VPN, or they're using a Layer-2 security method such as 802.1X/EAP or WPA/WPA2-PSK.
        d)  Note that hotspot users should consider disabling wireless interfaces not currently in use.
4)  Restrict outbound TCP port 25 (to prevent the bulk of drive-by spammers)
5)  Offer 802.1X/EAP, PSK, or VPN service when feasible.  It's possible that this will not fit with the operator's business model, so it will depend on the situation.
6)  Limit Internet bandwidth per user to something reasonable.
7)  Implement a WIPS for large hotspot deployments (such as in corporate environments for guest users) to protect hotspot users from specific attacks. has nearly as many bluetooth attacks as it does Wi-Fi attacks.  We live in a wireless data world, and both the hotspot operator and hotspot user will have to take precautions to keep users safe.

Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.

0 Responses to Hotspots for Hackers

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

Read More