Thursday, May 31, 2012

Traveling abroad? You may want to leave the laptop at home

Government Security News reports that international travelers should have absolutely zero confidence in the Internet connections provided by foreign hotels.

The FBI is warning traveling commercial and government laptop users that malicious programs can worm their way onto their machines through hotel connections overseas through bogus software updates.

A May 21 bulletin from the FBI’s Internet Crime Complaint Center (IC3) warns that malware disguised as innocuous software updates awaits unwary travelers as they log onto hotel-hosted Internet connections. The agency said recent analysis from its investigators and other government agencies showed that Cyber criminals are targeting travelers through pop-up windows while they connect to the Internet in their hotel rooms. Apparently, criminals set up bogus hotel connections to intercept traffic before the hotel guest can reach the legitimate hotel connection.

It said recent cases show the malware presents the traveler with a pop-up window telling them to update a widely-used software product.

In these instances, the travelers attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product, it said. The pop-up window looks like a common software update notice, according to the agency. If the laptop user clicks on “accept” to install the update, they install the malware.

IC3 recommended all government, private industry, and academic personnel traveling abroad be extra cautious before updating software using hotel Internet connections. It also recommended checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor. If it doesn’t, it may reveal an attempted attack, it said.

The only way to even try to mitigate these kinds of threats is to surf immediately to a known SSL proxy site (e.g., your company's SSL VPN). By surfing to a known SSL site first, you can avoid the most common man-in-the-middle (MITM) attacks.

A typical MITM attack delivers a non-SSL web page to your browser, but also includes some very special (and unwelcome) malware. The intent is to exploit your browser's vulnerabilities using specially crafted HTTP/HTML-based attacks. Or, in the case, the MITM attempts a social engineering attack, using the promise of a software update.

Surfing directly to a safe SSL site may help -- but isn't guaranteed -- to mitigate the threat. SSL to a trusted site is, in nearly all cases, impossible to MITM. But I say it isn't guaranteed because a hotel could deliver a landing page (e.g., to prompt you to enter the hotel's Internet pass-phrase) prior to letting you surf SSL. And that landing page could theoretically launch an attack.

The best advice would be to dispense with the laptop on your trip abroad. If you can't do that, travel with a pristine (newly imaged) laptop and then get it re-imaged when you return.


Tsunami said...

Or, you could, you know, use a decent protection program like Malwarebytes Antimalware (which is free) and Miscrosoft Security Essentials (which is also free). This bit screams fearmongering, since weather you're at a hotel, overseas, or here at home, the net is the same everywhere. There's a saying, east coast or west, the sea is still blue and wet.

Jenny said...

thanks for your advisory..oh well even if your at other places you are till prone to these attacks.. better be mindful of what you click or do on your laptop :)