Friday, December 23, 2005

Wireless Hacking at 30,000 Feet


Daniel Hoffman, writing at the Ethical Hacker, points out an interesting vulnerability scenario that most folks ignore: using a laptop on a plane with wireless enabled...

Let's say you are on an airplane and you open your laptop to do some offline work. Unbeknownst to you, this probe request is being sent out on a routine basis, seeking the wireless network(s) you have defined in your Preferred Networks section. Another, malicious person on the plane is also using a laptop and running a program called HotSpotter. This program will see those probe requests, compare them against a list of well-known SSIDs, then turn itself into a Wireless Access Point with the matching SSID of the wireless network(s) in your Preferred Network List. In doing so, the user working offline can automatically become connected to the hacker's "wireless network." If they don't have a personal firewall running and are not patched completely, they can be easily hacked in a situation where they probably feel quite safe...


It's just another reminder that you should take appropriate measures (e.g., running an industrial-strength firewall) at all times.

No comments: