A few weeks ago I was waiting for a flight in the JetBlue terminal of JFK. JetBlue offers free Wi-Fi to its customers, which is a nice touch. I powered up my laptop and this is what I saw:

JetBlue-WiFi-RogueAP

If I'm your typical non-security-minded traveler, which of these networks am I most likely to connect to? I would guess that the majority of people will select one of the two with Jet Blue in the SSID, or maybe the one called Free Public Wi-Fi. Interestingly enough, the real JetBlue SSID is the one called default. Notice that it's the only one identified as a wireless network (infrastructure mode) as opposed to a computer-to-computer network (ad-hoc mode). The others are almost certainly would-be attackers attempting to lure unsuspecting travelers. If you're not paying attention, you could fall victim to a phishing attack or even a man-in-the-middle, since most people tend to ignore warnings about invalid SSL certificates when browsing the web. Good way to pick up some malware in your spare time!

I didn't bother connecting to any of these rogue networks to see what was behind them. A more sophisticated attacker wouldn't be so obvious. First, they'd be running their card in infrastructure mode so they'd appear to be an access point rather than an ad-hoc network. They'd also be using the same SSID as the genuine JetBlue network, although in this case some of the fake SSIDs might be more effective than a true "evil twin" attack.

This isn't a new problem by any means, just something I found amusing in my sleep-deprived state. I've been in a lot of airports that offered Wi-Fi, but usually it's for a fee so most people don't bother. This is the first time I've seen that many obviously rogue networks at a single time. It all boils down to consumer awareness -- and possibly the need for JetBlue to improve its Wi-Fi deployment process beyond "buy a wireless access point and plug it in."

Your best bet for avoiding rogue wi-fi networks in situations like this? Bring your cell phone, hook it up to your laptop, and connect to the Internet via GPRS.

Chris Eng, vice president of research, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu