Go Back   FlyerTalk Forums > Travel&Dining > Travel Technology
Sign in using an external account

Reply
 
Thread Tools Search this Thread
Old Aug 1, 12, 11:52 am   #1
 
Join Date: Jan 2012
Posts: 200
how do I know if an aiport free wi-fi access point is fake?

I was sitting in a terminal at XYZ airport. Since they had free Wi-Fi access at this airport, I took out my laptop and tried to connect. To my amazement, my Wi-Fi settings showed 6 available connections. They had nearly identical SSID names. I kept a note of what I saw:

XYZ-Free-WiFi *****
XYZ-FreeAirportWifi ***
XYZ-Airport Free ***
XYZAirportFree **
XYZ-AirportFreeWifi **
AndroidAP(probably someone using phone tethering)


(***** showed signal strength)

I don't know if I was just being paranoid, but I had a feeling that one or more of them must have been fake access points. I ended up not connecting to any of them.

How can I tell which is real and which is fake?
MissyH is offline   Reply With Quote
Old Aug 1, 12, 12:19 pm   #2
In Memoriam
 
Join Date: Feb 2000
Location: Easton, CT, USA
Programs: ua prem exec, Former hilton diamond
Posts: 31,819
Usually their website will show how to connect, and say which are real. I would bet that all are real, and that whoever set it up did not want to take the time to make all the SID's the same, so they went with close variations.

But unless you know which one you are looking for, you can't tell.

For example, for Colorado Springs
  • Users must have an 802.11b/g compatible wireless card installed in their computer or other device.
  • Wireless network card should be set to default configuration, or DHCP-enabled.
  • If your wireless card network configuration requires the name of an access point or "SSID," type "tsunami" in lower case

and they have little cards telling people how to connect
__________________
Mike Cordelli mike@cordelli.com
cordelli is offline   Reply With Quote
Old Aug 1, 12, 7:51 pm   #3
 
Join Date: Nov 2006
Posts: 2,809
I agree with everything that has been said. Obviously if the free access point is an ad hoc connection you should run away, but most fake access points now use AP mode.

To see where fake APs have evolved to, check out this page:

http://hak5.org/episodes/episode-910
Dubai Stu is offline   Reply With Quote
Old Aug 2, 12, 4:22 pm   #4
 
Join Date: Feb 2011
Location: AUS
Programs: Doing GS11, probably affiliated with every program out there
Posts: 188
Quote:
Originally Posted by Dubai Stu View Post

To see where fake APs have evolved to, check out this page:

http://hak5.org/episodes/episode-910
I think I just got hacked! 404 error
Liar is offline   Reply With Quote
Old Aug 2, 12, 5:16 pm   #5
 
Join Date: May 2003
Location: Redwood City, CA USA (SFO/SJC)
Programs: Last 1K flight 1/21/11; fun while it lasted, 1P in 2011, Plat for 2012 & '13.
Posts: 6,895
Another thing to look for is an HTTPS connection anytime personal information is requested (meaning your browser might display https://whatever.com instead of http://whatever.com). I haven't heard of fake sites with HTTPS protocol. Yet. Of course, if it's a free wifi hotspot, with nothing financial going on (no credit card info), there may not be a need for HTTPS, so the lack of HTTPS wherever you log in doesn't imply it's fake (unless financial info is being requested), but the presence of HTTPS is a pretty good indicator it's real.
__________________
-Mike- Chain Reaction
Most fun flight ever? SJC-SBA-SFO-LAX-IAD-LAS-LAX-SJC Mileage Run 12/07/09!
Mike Jacoubowsky is online now   Reply With Quote
Old Aug 2, 12, 9:03 pm   #6
 
Join Date: Nov 2006
Posts: 2,809
You can always go to https://www.google.com as a test.

Note: As Trueblu notes below, I meant https://www.google.com not "wwww." I corrected the url to reflect this.

Last edited by Dubai Stu; Aug 4, 12 at 9:42 am.
Dubai Stu is offline   Reply With Quote
Old Aug 3, 12, 1:07 am   #7
 
Join Date: Dec 2007
Location: PEK and BOS
Programs: BA - Blue
Posts: 3,074
Quote:
Originally Posted by Dubai Stu View Post
You can always go to https://wwww.google.com as a test.
Do you mean https://www.google.com?

Not beeing snarky: but the other url doesn't exist for me.

tb
trueblu is offline   Reply With Quote
Old Aug 3, 12, 8:32 am   #8
 
Join Date: Nov 2007
Location: MLB, MCO
Programs: Delta - PM, Hilton - Gold, HI - Platinum, National - Executive
Posts: 1,064
Quote:
Originally Posted by MissyH View Post
I was sitting in a terminal at XYZ airport. Since they had free Wi-Fi access at this airport, I took out my laptop and tried to connect. To my amazement, my Wi-Fi settings showed 6 available connections. They had nearly identical SSID names. I kept a note of what I saw:

XYZ-Free-WiFi *****
XYZ-FreeAirportWifi ***
XYZ-Airport Free ***
XYZAirportFree **
XYZ-AirportFreeWifi **
AndroidAP(probably someone using phone tethering)


(***** showed signal strength)

I don't know if I was just being paranoid, but I had a feeling that one or more of them must have been fake access points. I ended up not connecting to any of them.

How can I tell which is real and which is fake?
There are two types of wifi connections: ad-hoc and access point. Connecting to an access point is how you usually connect to wifi. Ad-hoc networks are computer-to-computer connections, and you'll see a different icon next to them (usually two computers talking). Most of the fake free wifi networks at airports are ad-hoc, so ignore those and connect to the access point one.

Most of those aren't actual scam networks BTW. Windows XP will automatically broadcast an ad-hoc network named the same as the last one it connected to if it isn't connected to an access point. I'll bet most of the ones listed are the computers of people who previously connected to a fake "Free Public Wifi" network and don't realize that their computer is now doing it also.

http://www.techdirt.com/blog/wireles...airports.shtml
realjd is offline   Reply With Quote
Old Aug 5, 12, 12:53 pm   #9
 
Join Date: Jul 2006
Location: DFW, SEA and AA in between
Programs: AA-3MM-ExPLT
Posts: 988
Safest bet is to "know before you go". Check the airport's website from home and they usually have posted instructions as to how to connect which include SSIDs. If they don't send them a nasty email about how dangerous it is not to publish such important information

For example: http://www.panynj.gov/airports/jfk-w...tructions.html says it's provided by Boingo. Boingo's site (search hotspot directory for JKF) says SSID "Boingo Hotspot".

If you can't verify it before hand don't use it...
__________________
-----Burton
BStrauss3 is offline   Reply With Quote
Old Aug 5, 12, 1:06 pm   #10
 
Join Date: Jun 2005
Location: SDF
Programs: Delta PM, IC Ambassador, Marriott Gold
Posts: 1,170
I'm going to guess that anything at XYZ airport was fake.
SomeGuy is offline   Reply With Quote
Old Aug 5, 12, 3:18 pm   #11
 
Join Date: Apr 2007
Location: SEA
Programs: Hhonors Gold, National Executive, Grazie Gold, Identity Platinum
Posts: 2,331
Quote:
Originally Posted by BStrauss3 View Post
Safest bet is to "know before you go". Check the airport's website from home and they usually have posted instructions as to how to connect which include SSIDs. If they don't send them a nasty email about how dangerous it is not to publish such important information

For example: http://www.panynj.gov/airports/jfk-w...tructions.html says it's provided by Boingo. Boingo's site (search hotspot directory for JKF) says SSID "Boingo Hotspot".

If you can't verify it before hand don't use it...
How does that info help you verify that it's a legit AP? Someone can easily set up an AP with the same name.
OverThereTooMuch is offline   Reply With Quote
Old Aug 5, 12, 8:44 pm   #12
 
Join Date: Jul 2006
Location: DFW, SEA and AA in between
Programs: AA-3MM-ExPLT
Posts: 988
Quote:
Originally Posted by OverThereTooMuch View Post
How does that info help you verify that it's a legit AP? Someone can easily set up an AP with the same name.
It excludes MOST of the names the OP found.
__________________
-----Burton
BStrauss3 is offline   Reply With Quote
Old Aug 5, 12, 9:26 pm   #13
 
Join Date: Nov 2006
Posts: 2,809
http://top-hat-sec.com/forum/index.php?topic=376.0
Dubai Stu is offline   Reply With Quote
Old Aug 6, 12, 9:48 am   #14
Moderator: Travel Technology & Travel Photography
 
Join Date: Nov 2002
Location: NYC
Posts: 7,570
I'd look around for fliers advertising the airport's wifi and be sure I connect to the network specified in the flyer.

Once connected, be sure you do any important browsing through an SSH tunnel or VPN connection (as I am most notably NOT doing right now at my hotel in France...)
gfunkdave is offline   Reply With Quote
Old Aug 6, 12, 7:42 pm   #15
 
Join Date: Apr 2007
Location: SEA
Programs: Hhonors Gold, National Executive, Grazie Gold, Identity Platinum
Posts: 2,331
Quote:
Originally Posted by BStrauss3 View Post
It excludes MOST of the names the OP found.
Ok, so it helps you beat the DUMB crooks What about the smart ones? Is a VPN the only solution here? That effectively makes a "free" AP not so free.
OverThereTooMuch is offline   Reply With Quote
 
 
Reply

Bookmarks


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off
Forum Jump


All times are GMT -6. The time now is 10:43 pm.