A few weeks ago I was waiting for a flight in the JetBlue terminal of JFK. JetBlue offers free Wi-Fi to its customers, which is a nice touch. I powered up my laptop and this is what I saw:


If I'm your typical non-security-minded traveler, which of these networks am I most likely to connect to? I would guess that the majority of people will select one of the two with Jet Blue in the SSID, or maybe the one called Free Public Wi-Fi. Interestingly enough, the real JetBlue SSID is the one called default. Notice that it's the only one identified as a wireless network (infrastructure mode) as opposed to a computer-to-computer network (ad-hoc mode). The others are almost certainly would-be attackers attempting to lure unsuspecting travelers. If you're not paying attention, you could fall victim to a phishing attack or even a man-in-the-middle, since most people tend to ignore warnings about invalid SSL certificates when browsing the web. Good way to pick up some malware in your spare time!

I didn't bother connecting to any of these rogue networks to see what was behind them. A more sophisticated attacker wouldn't be so obvious. First, they'd be running their card in infrastructure mode so they'd appear to be an access point rather than an ad-hoc network. They'd also be using the same SSID as the genuine JetBlue network, although in this case some of the fake SSIDs might be more effective than a true "evil twin" attack.

This isn't a new problem by any means, just something I found amusing in my sleep-deprived state. I've been in a lot of airports that offered Wi-Fi, but usually it's for a fee so most people don't bother. This is the first time I've seen that many obviously rogue networks at a single time. It all boils down to consumer awareness -- and possibly the need for JetBlue to improve its Wi-Fi deployment process beyond "buy a wireless access point and plug it in."

Your best bet for avoiding rogue wi-fi networks in situations like this? Bring your cell phone, hook it up to your laptop, and connect to the Internet via GPRS.

About Chris Eng

Chris Eng, vice president of research, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.

Comments (4)

Mike F. | February 4, 2007 10:38 pm

I've seen those same hotspots at a different airport and have wondered the same thing. Don't you think the airport should do something about this? How is it possible that you and I have seen the same rogue networks on different occasions? Where are these people hiding at? Or are they leaving behind hidden devices? How come airport security hasn't caught them?

ErikC | February 14, 2007 2:50 am

Hiding? What makes you assume they're hiding, when I setup fake APs I do it right in the open, now my fake APs are a little different then others out there, I force everybody to a "portal page" which asks for a bunch of PII. When they click on the submit button I have an onSubmit that basicly alerts them to their stupidity and suggests they buy an EVDO card :-D

So best of both worlds, I get to play around with fake APs and increase security awareness of the common joe business traveler. And all the while no data reaches my box (remember the client-side javascript alerts them).

mike | March 31, 2007 8:25 am

Hey glad you posted this info. Was helping a friend over the phone connect at JFKs JetBlue terminal and a bunch of networks as you described came up. Thanks for pointing me in the right direction.

billy | June 30, 2008 7:31 pm

Its amazing what you can do with an Atheros chipset wifi card and Madwifi drivers. I might post an article on the net about this soon ;)

If anyone would like to find out more about this just seach for madwifi in google

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.