Saturday, January 27, 2007

Beware "Free Wifi Access" in Airports

Let’s face it - airports are generally pretty lousy, noisy, non-productive environments. Connecting to the Internet from the departure lounge at least allows you to get something done.

However in a recent study at O’Hare (which we duplicated for NBC reporters last week), we found that *most* of the available wireless access points were not associated with “Concourse”, the “real” O’Hare wifi service. Most of the available points were in fact other computers, or worse, potentially bogus access points, passing themselves off as the real thing.

This wouldn’t be so scary if I hadn’t recently seen a demo from two of our top engineers showing just how easy it is to steal the user name and password credentials from an online stock trading or banking session, using a “channeling” or “man-in-the-middle” attack. Like many of us, I have read several technical papers on the subject and assumed it would be possible - but would require a certain amount of effort. The opposite is in fact true - all that is required is an airport full of unsuspecting, high-earning, executives and a laptop advertising a peer-to-peer connection as “free wifi” - Chicago Tribune Article

BTW, we hope to have our solution to this problem rolled out by the end of the year. The banking, retail transaction, and stock-trading version is called “VirtualATM”. We haven’t branded the anti-channeling service yet - if you’re a developer partner, you might want to check back in at the site around mid-November for the beta.

No comments: