MissyH

I was sitting in a terminal at XYZ airport. Since they had free Wi-Fi access at this airport, I took out my laptop and tried to connect. To my amazement, my Wi-Fi settings showed 6 available connections. They had nearly identical SSID names. I kept a note of what I saw:

XYZ-Free-WiFi *****
XYZ-FreeAirportWifi ***
XYZ-Airport Free ***
XYZAirportFree **
XYZ-AirportFreeWifi **
AndroidAP(probably someone using phone tethering)

(***** showed signal strength)

I don't know if I was just being paranoid, but I had a feeling that one or more of them must have been fake access points. I ended up not connecting to any of them.

How can I tell which is real and which is fake?

cordelli

Usually their website will show how to connect, and say which are real. I would bet that all are real, and that whoever set it up did not want to take the time to make all the SID's the same, so they went with close variations.

But unless you know which one you are looking for, you can't tell.

For example, for Colorado Springs

• Users must have an 802.11b/g compatible wireless card installed in their computer or other device.
• Wireless network card should be set to default configuration, or DHCP-enabled.
• If your wireless card network configuration requires the name of an access point or "SSID," type "tsunami" in lower case

and they have little cards telling people how to connect

Dubai Stu

I agree with everything that has been said. Obviously if the free access point is an ad hoc connection you should run away, but most fake access points now use AP mode.

To see where fake APs have evolved to, check out this page:

http://hak5.org/episodes/episode-910

Liar

I think I just got hacked! 404 error

Mike Jacoubowsky

Another thing to look for is an HTTPS connection anytime personal information is requested (meaning your browser might display https://whatever.com instead of http://whatever.com). I haven't heard of fake sites with HTTPS protocol. Yet. Of course, if it's a free wifi hotspot, with nothing financial going on (no credit card info), there may not be a need for HTTPS, so the lack of HTTPS wherever you log in doesn't imply it's fake (unless financial info is being requested), but the presence of HTTPS is a pretty good indicator it's real.

Dubai Stu

You can always go to https://www.google.com as a test.

Note: As Trueblu notes below, I meant https://www.google.com not "wwww." I corrected the url to reflect this.

trueblu

Do you mean https://www.google.com?

Not beeing snarky: but the other url doesn't exist for me.

tb

realjd

There are two types of wifi connections: ad-hoc and access point. Connecting to an access point is how you usually connect to wifi. Ad-hoc networks are computer-to-computer connections, and you'll see a different icon next to them (usually two computers talking). Most of the fake free wifi networks at airports are ad-hoc, so ignore those and connect to the access point one.

Most of those aren't actual scam networks BTW. Windows XP will automatically broadcast an ad-hoc network named the same as the last one it connected to if it isn't connected to an access point. I'll bet most of the ones listed are the computers of people who previously connected to a fake "Free Public Wifi" network and don't realize that their computer is now doing it also.

http://www.techdirt.com/blog/wireles...airports.shtml

BStrauss3

Safest bet is to "know before you go". Check the airport's website from home and they usually have posted instructions as to how to connect which include SSIDs. If they don't send them a nasty email about how dangerous it is not to publish such important information

For example: http://www.panynj.gov/airports/jfk-w...tructions.html says it's provided by Boingo. Boingo's site (search hotspot directory for JKF) says SSID "Boingo Hotspot".

If you can't verify it before hand don't use it...

SomeGuy

I'm going to guess that anything at XYZ airport was fake.

OverThereTooMuch

How does that info help you verify that it's a legit AP? Someone can easily set up an AP with the same name.

BStrauss3

It excludes MOST of the names the OP found.

Dubai Stu

http://top-hat-sec.com/forum/index.php?topic=376.0

gfunkdave

I'd look around for fliers advertising the airport's wifi and be sure I connect to the network specified in the flyer.

Once connected, be sure you do any important browsing through an SSH tunnel or VPN connection (as I am most notably NOT doing right now at my hotel in France...)

OverThereTooMuch

Ok, so it helps you beat the DUMB crooks What about the smart ones? Is a VPN the only solution here? That effectively makes a "free" AP not so free.