For years from airports, I’ve tweeted as much:
During a recent trip, I had to send a file out, so was forced to connect.
This is what happened in Chicago O’Hare (ORD):
1 – Boingo is a recognized hotspot provider, okay, I’ll connect to that.
Nope, it’s not working. Oh no, this file needs to go… I have to connect to…
2 – _Free_ORD_Wi-fi Based on the shady name of this network, I bet I’m about to be MITM’d
3 – Yes I was
***
The Attack
It’s called a Man-in-the-Middle (MITM) attack.
The WiFi network I connected to is likely not affiliated or provided by the airport. Instead, it’s probably an antennae poking out of someone’s backpack.
Using a clever WiFi name, the attacker poses as a legitimate network > I connect to it > now all my traffic is run through the attacker’s computer first, before going out to the internet >as it goes by, the attacker grabs passwords, reads stuff, etc.
(I’ll better explain a MITM attack in the near future)
The Defence
Don’t go online at the airport. It’s one of the most hostile network in the world. This environment provides nefarious characters anonymous access to sharpen their skills.
If you must go online, avoid entering passwords, accessing sensitive data, and certainly no online banking.
Okay? Okay.
NOTE – this could be because I was already connected to Google+ , then I automatically attempted to reconnect and I was associated to the captive portal yet, although I was getting a suspicious certificate error, it’s because I was being redirected to the captive portal for login first, and that new IP didn’t resolve to “plus.google.com” that is my browser saying woah. Possibly.