Free Wi-Fi may be scammers' way into your computer
9:51 PM, May 16, 2013
7:55 AM, May 17, 2013
Summer vacations mean spending the night at lots of hotels. But if you want to check email or update Facebook, you might want to skip the Wi-Fi, especially if you spot a zone that seems to be free.
You check in to hotels, close the door and bolt the lock for safety. When you're staying away from home, the extra security makes you feel better. But it won't keep everyone out of your room.
We're not talking about thieves who boldly bust in your door. The ones we're talking about take a silent, more subtle approach to get access to you. They're hackers, invited in by you through Wi-Fi, although you may never even notice. Tech expert Josh Larsen says, "You don't get a big red flag to pop up and let you know."
We asked Larsen to help us with an experiment to show how easily hackers gain access to your information through Wi-Fi. He works with California-based Mad Security, a security consulting company. Larsen was able to set up a fake, free Wi-Fi zone for us in a local hotel in less time than it takes to microwave a Hot Pocket. It's the kind of thing scammers do hoping to snare guests looking for free access in hotels that charge, as many do.
We locked down our bogus Wi-Fi so no one was ever in jeopardy. But it certainly looked real, popping up as an option in the Wi-Fi menu. Larsen created it for our test to demonstrate what he calls a common and incredibly easy "Man in the middle" attack. He says, "I use the term attack loosely because you really aren't doing a whole lot. It's a very passive mechanism. Once you set it up you can sit back."
Scammers, according to Larsen, set up these attacks and then sit back and collect your personal information. They get it by using simple technology that's widely available to create these fake and insecure Wi-Fi zones. You log on and basically enter their network. And just by clicking on the access, you get pulled into their scam. Larsen tells ABC2, "You have no indicator as a guest of the hotel or as a normal consumer that you're connected to a malicious rogue wireless access point."
We had no idea we'd been hooked. In fact, when we clicked to go on the web after clicking on Larsen's "free hotel Wi-Fi", the home page that popped up was the hotel's legitimate Wi-Fi service. Thinking the free Wi-Fi we tried to use was a fail, we put in our credit card number to get the real thing and we're already hooked. Every piece of information we entered into a form went directly to Larsen's screen.
"The sky's the limit at that point," Larsen says. "Once they have your information they can pretty much do whatever they want."
Larsen says hackers in these situations can watch and collect any information you enter on the web. And hotels aren't the only place this kind of attack can happen. From coffee shops to airports, anywhere you're looking for Wi-Fi, scammers will be there happy to supply. Larsen says, "That's kind of the inherent flaw with wireless internet connections, it's the susceptibility to man in the middle attacks."
To defend yourself from hackers, Larsen has some tough advice. He thinks you should skip the Wi-Fi altogether. If you need internet access, he says you should stick with the hotel's wired connection, which he says is tougher to hack. If you can't live without Wi-Fi, Larsen says you could consider using your mobile device to get hooked up.
But when it comes to "free" Wi-Fi zones, Larsen is clear: trying to save a buck could ultimately cost you because often that access is not legitimate and not free. He says, "You're probably not going to know any different until the next time you check your bank account."
Larsen says scammers will use the same technology he used for our experiment at conferences or big events, setting up one or more fake "free" Wi-Fi spots. He advises steering clear in those situations.
He also says understanding your computer is valuable, considering many of us want to click okay and move on any time a warning message pops on your screen. He says understanding your computer in a secure setting will make you better equipped to understand when there's vulnerability.