Why I Don’t Like Airport WiFi

For years from airports, I’ve tweeted as much:

During a recent trip, I had to send a file out, so was forced to connect.

This is what happened in Chicago O’Hare (ORD):

1 – Boingo is a recognized hotspot provider, okay, I’ll connect to that.

Nope, it’s not working. Oh no, this file needs to go… I have to connect to…

2_Free_ORD_Wi-fi  Based on the shady name of this network, I bet I’m about to be MITM’d

3 – Yes I was

***

The Attack

It’s called a Man-in-the-Middle (MITM) attack.

The WiFi network I connected to is likely not affiliated or provided by the airport. Instead, it’s probably an antennae poking out of someone’s backpack.

Using a clever WiFi name, the attacker poses as a legitimate network > I connect to it > now all my traffic is run through the attacker’s computer first, before going out to the internet >as it goes by, the attacker grabs passwords, reads stuff, etc.

(I’ll better explain a MITM attack in the near future)

The Defence

Don’t go online at the airport.  It’s one of the most hostile network in the world.  This environment provides nefarious characters anonymous access to sharpen their skills.

If you must go online, avoid entering passwords, accessing sensitive data, and certainly no online banking.

Okay? Okay.

NOTE – this could be because I was already connected to Google+ , then I automatically attempted to reconnect and I was associated to the captive portal yet, although I was getting a suspicious certificate error, it’s because I was being redirected to the captive portal for login first, and that new IP didn’t resolve to “plus.google.com” that is my browser saying woah. Possibly.

 

 

Armoured Cars are Coming into Vogue

There’s a very expensive luxury sedan segment you don’t see advertised, the Security segment.

BMW Security, Mercedes S-Guard, Audi A8 Security,

Take their largest sedan, add plating, ballistic and new windows, cameras with night vision, instantly seal the cabin for gas attacks, and keep it looking like the regular model – security through obscurity.

Read in on Autonet.ca

Favourite line:

Masking the armour beneath factory finishings, so the car looks identical to the non-armoured model.

The Attack:

I’d go for the vehicle’s traffic… follow behind, laptop and antennae on the passenger seat, see what you can capture…maybe steal some passwords, or take some data and hold it for ransom, copy photos for blackmail, you get it.

Related: Wenet armoured car shopping 

***

Back to ‘Keri on Driving’ – Index

 

 

Why Airport WiFi is the Most Hostile Network

I’ve harped on you for years via social media, “stay off airport WiFi, it’s dangerous and even the best guys don’t connect to it”.

When I travelled to Arizona two weeks ago, sitting at the terminal I was like, “okay fine, I have to wipe my phone soon anyway, and should demonstrate why I keep harping”.

I connect to the terminal’s free network.

Using an app on my phone, I scan the network.

1 – there are 573 devices connected to the network

2 – the brand of each device is displayed

3 – I can choose to see what each device is doing

4 – I can pick one device and track it! I assign it the name, “Test”

1 – listed are the IP (like an address) and MAC address (like a serial number) of all connected devices

2 – let’s see what’s happening with THYSSENKRUP-PC

3 – that’s his IP and MAC address, of his Intel PC

4 – the numbers on the left are his ports, and what traffic is going in/out on each  

* – this traveller has his business card taped to his laptop.

The Attack

A business traveller has connected both his phone and laptop, he’s working away. The attacker notes his brand of device, the device’s name, MAC and IP address, and what is happening on which ports.  Added bonus is the business card taped to the laptop.

The attacker does some social media mining, then a week later, the traveller gets a phone call.

“Jimmy hi! Karl from IT here. Look, there’s a bit of a meltdown happening at HQ, sorry but this is urgent, you were at Pearson airport last Tuesday, right?

You’re on a Blackberry, MAC address 00:1F:3B:Bo:D2:D3, and were connected to our Microsoft Exchange server, right?  Yup, look, we have a compromise here, and I’m going to need your access to your laptop…”

***

An elaborate example, because really, someone skilled now has enough information to breach Jimmy’s system, with neither the laptop lid business card, or a phone call.

The Defence

Use your phone (via USB, not Bluetooth) to connect to the internet.  Reduce the attack surface.

The Better Defence

Just don’t.

If you must, avoid entering any passwords, and certainly no banking or credit card numbers.

(see also: Protecting your Phone in an Uncertain Environment)

 

The ‘USB to Ego’ Attack

A brief backstory first, to set up the attack.

I arrived at the end of Honda’s FCEV launch, extra unfortunately, because there was water involved, a simulated rainstorm, rare. Like the guy mopping up said, “ya you missed a good one”.

It was in celebration of their latest invention – hydrogen fuel cell technology. Don’t know much about it, you know how I feel about Hybrids, points to Honda for being so bold in their design (coming 2015)…

….but this is a security post, so!

I was taking the below photo, the crowd was starting to thin, and a well-dressed gentleman appeared to my left.

“Hi Keri, here’s the USB key with photos and the presentation, have a good show”. We smiled at one another, he left, I went back to photo-ing.

It wasn’t until later that it hit me, it was so perfect a moment, maybe too perfect.

The Attack:

At a busy event, it’s normal to see a face once and never again, if you notice many faces at all, because cars.

Then an “executive” appears all full of flattery… “hello, I am noticing you, you are a name, so it’s important that you get this information, because you and your opinion matter”… take this USB key, put it into you computer… pretty good right?!

Appear, praise the ego > give a USB key > melt away >
wait a few hours >access target’s computer

NOTE: I’m not at all saying this is what occurred, just that it’s in the realm of possibility (Honda and I know one-another a long time (and if this is the case, USB guy: please LinkedIn me.))

The Defence: 

Never use a USB key you find laying around in public, or from a source you don’t totally trust.

 

 

 

Leave NFC turned OFF

NFC – Near Field Communication – passing files between two devices, without touching, using radio frequencies.

That Samsung TV ad, where the friends exchange a music file by passing their phones near one-another, but not touching… that’s NFC.  Or, how you scan your Visa “tap to pay”…, the Visa machine reads an RFID chip (radio frequency identification)…  that’s NFC.

Leave NFC turned OFF to prevent an attack.

Attack example 1: I “bump into you” on the street, you have NFC on, now I have established a connection with your phone, from there it’s dealer’s choice (see also “subway attack“)

Attack example 2 – an NFC reader is hidden beneath a chair cushion. 

The attack:

– target sits on chair
– the credit card in his back pocket is scanned
– attacker now has credit card number & expiry date, and first and last name  (that’s what is edited out below)

The defence:

Leave NFC off, and use a RFID shielding sleeve / wallet for your credit cards.