Aug 29, 2006 (05:08 AM EDT)
Read the Original Article at InformationWeek
WEST PALM BEACH, Fla. -- Authentium, the leading developer of security software-as-a-service technologies, today issued a warning against trusting free wireless access points located in airports and other public places. The company said that public wireless networks are ripe for exploitation by hackers who may set up fake free WiFi hotspots in public places that could potentially be used to steal sensitive data, such as online banking passwords or personal information.
In a recent test at Chicagos OHare airport, the most-trafficked airport in the US, Authentium engineers discovered that more than 90% of the wireless networks available within the passenger terminals were actually ad-hoc (i.e. computer to computer) connections and more than 80% of these devices were advertising free WiFi access. On the day of testing, only one in ten of the advertised free wireless access points connected with OHares official wireless access hub. Many of the suspect devices registered as access points also displayed fake or misleading MAC addresses.
Windows XP automatically prompts the user to accept or decline connections to available wireless networks. Naturally, most users will choose to connect to the FREE WiFi access point, which may in fact be a quick path to fraud. said Ray Dickenson, Authentiums Senior Vice-President of Products. To make matters worse, the SSIDs (network names) of wireless networks youve joined before are saved on your system; your PC will automatically log on to any network with a saved name. Its clear that Wifi environments in public places are increasingly vulnerable to exploitation by criminals and their malicious software tools; this vulnerability extends even to users who are not connecting to the networks but are simply using their laptops in the area, he added.