how do I know if an aiport free wi-fi access point is fake?
#1
Original Poster
Join Date: Jan 2012
Posts: 200
how do I know if an aiport free wi-fi access point is fake?
I was sitting in a terminal at XYZ airport. Since they had free Wi-Fi access at this airport, I took out my laptop and tried to connect. To my amazement, my Wi-Fi settings showed 6 available connections. They had nearly identical SSID names. I kept a note of what I saw:
XYZ-Free-WiFi *****
XYZ-FreeAirportWifi ***
XYZ-Airport Free ***
XYZAirportFree **
XYZ-AirportFreeWifi **
AndroidAP(probably someone using phone tethering)
(***** showed signal strength)
I don't know if I was just being paranoid, but I had a feeling that one or more of them must have been fake access points. I ended up not connecting to any of them.
How can I tell which is real and which is fake?
XYZ-Free-WiFi *****
XYZ-FreeAirportWifi ***
XYZ-Airport Free ***
XYZAirportFree **
XYZ-AirportFreeWifi **
AndroidAP(probably someone using phone tethering)
(***** showed signal strength)
I don't know if I was just being paranoid, but I had a feeling that one or more of them must have been fake access points. I ended up not connecting to any of them.
How can I tell which is real and which is fake?
#2
In Memoriam
Join Date: Feb 2000
Location: Easton, CT, USA
Programs: ua prem exec, Former hilton diamond
Posts: 31,801
Usually their website will show how to connect, and say which are real. I would bet that all are real, and that whoever set it up did not want to take the time to make all the SID's the same, so they went with close variations.
But unless you know which one you are looking for, you can't tell.
For example, for Colorado Springs
and they have little cards telling people how to connect
But unless you know which one you are looking for, you can't tell.
For example, for Colorado Springs
- Users must have an 802.11b/g compatible wireless card installed in their computer or other device.
- Wireless network card should be set to default configuration, or DHCP-enabled.
- If your wireless card network configuration requires the name of an access point or "SSID," type "tsunami" in lower case
and they have little cards telling people how to connect
#3
Join Date: Nov 2006
Location: Detroit; Formerly Dubai
Posts: 3,652
I agree with everything that has been said. Obviously if the free access point is an ad hoc connection you should run away, but most fake access points now use AP mode.
To see where fake APs have evolved to, check out this page:
http://hak5.org/episodes/episode-910
To see where fake APs have evolved to, check out this page:
http://hak5.org/episodes/episode-910
#4
Join Date: Feb 2011
Location: AUS
Programs: Doing GS11, probably affiliated with every program out there
Posts: 188
#5
Join Date: May 2003
Location: Redwood City, CA USA (SFO/SJC)
Programs: 1K 2010, 1P in 2011, Plat for 2012,13,14,15 & 2016. Gold in 17 & 18, Plat since
Posts: 8,826
Another thing to look for is an HTTPS connection anytime personal information is requested (meaning your browser might display https://whatever.com instead of http://whatever.com). I haven't heard of fake sites with HTTPS protocol. Yet. Of course, if it's a free wifi hotspot, with nothing financial going on (no credit card info), there may not be a need for HTTPS, so the lack of HTTPS wherever you log in doesn't imply it's fake (unless financial info is being requested), but the presence of HTTPS is a pretty good indicator it's real.
#6
Join Date: Nov 2006
Location: Detroit; Formerly Dubai
Posts: 3,652
You can always go to https://www.google.com as a test.
Note: As Trueblu notes below, I meant https://www.google.com not "wwww." I corrected the url to reflect this.
Note: As Trueblu notes below, I meant https://www.google.com not "wwww." I corrected the url to reflect this.
Last edited by Dubai Stu; Aug 4, 2012 at 9:42 am
#7
Join Date: Dec 2007
Location: PEK and BOS
Programs: BA - Blue
Posts: 4,530
You can always go to https://wwww.google.com as a test.
Not beeing snarky: but the other url doesn't exist for me.
tb
#8
Join Date: Nov 2007
Location: MLB, MCO
Programs: Delta Plat, IHG Plat, Marriott Silver
Posts: 1,315
I was sitting in a terminal at XYZ airport. Since they had free Wi-Fi access at this airport, I took out my laptop and tried to connect. To my amazement, my Wi-Fi settings showed 6 available connections. They had nearly identical SSID names. I kept a note of what I saw:
XYZ-Free-WiFi *****
XYZ-FreeAirportWifi ***
XYZ-Airport Free ***
XYZAirportFree **
XYZ-AirportFreeWifi **
AndroidAP(probably someone using phone tethering)
(***** showed signal strength)
I don't know if I was just being paranoid, but I had a feeling that one or more of them must have been fake access points. I ended up not connecting to any of them.
How can I tell which is real and which is fake?
XYZ-Free-WiFi *****
XYZ-FreeAirportWifi ***
XYZ-Airport Free ***
XYZAirportFree **
XYZ-AirportFreeWifi **
AndroidAP(probably someone using phone tethering)
(***** showed signal strength)
I don't know if I was just being paranoid, but I had a feeling that one or more of them must have been fake access points. I ended up not connecting to any of them.
How can I tell which is real and which is fake?
Most of those aren't actual scam networks BTW. Windows XP will automatically broadcast an ad-hoc network named the same as the last one it connected to if it isn't connected to an access point. I'll bet most of the ones listed are the computers of people who previously connected to a fake "Free Public Wifi" network and don't realize that their computer is now doing it also.
http://www.techdirt.com/blog/wireles...airports.shtml
#9
Join Date: Jul 2006
Location: DFW, SEA and AA in between
Programs: AA-3MM-ExPLT
Posts: 1,146
Safest bet is to "know before you go". Check the airport's website from home and they usually have posted instructions as to how to connect which include SSIDs. If they don't send them a nasty email about how dangerous it is not to publish such important information
For example: http://www.panynj.gov/airports/jfk-w...tructions.html says it's provided by Boingo. Boingo's site (search hotspot directory for JKF) says SSID "Boingo Hotspot".
If you can't verify it before hand don't use it...
For example: http://www.panynj.gov/airports/jfk-w...tructions.html says it's provided by Boingo. Boingo's site (search hotspot directory for JKF) says SSID "Boingo Hotspot".
If you can't verify it before hand don't use it...
#11
Join Date: Apr 2007
Location: SEA
Programs: AS MVP, Hhonors Gold, National Executive, Identity Gold, MLife Gold
Posts: 2,687
Safest bet is to "know before you go". Check the airport's website from home and they usually have posted instructions as to how to connect which include SSIDs. If they don't send them a nasty email about how dangerous it is not to publish such important information
For example: http://www.panynj.gov/airports/jfk-w...tructions.html says it's provided by Boingo. Boingo's site (search hotspot directory for JKF) says SSID "Boingo Hotspot".
If you can't verify it before hand don't use it...
For example: http://www.panynj.gov/airports/jfk-w...tructions.html says it's provided by Boingo. Boingo's site (search hotspot directory for JKF) says SSID "Boingo Hotspot".
If you can't verify it before hand don't use it...
#12
Join Date: Jul 2006
Location: DFW, SEA and AA in between
Programs: AA-3MM-ExPLT
Posts: 1,146
#13
Join Date: Nov 2006
Location: Detroit; Formerly Dubai
Posts: 3,652
#14
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
I'd look around for fliers advertising the airport's wifi and be sure I connect to the network specified in the flyer.
Once connected, be sure you do any important browsing through an SSH tunnel or VPN connection (as I am most notably NOT doing right now at my hotel in France...)
Once connected, be sure you do any important browsing through an SSH tunnel or VPN connection (as I am most notably NOT doing right now at my hotel in France...)
#15
Join Date: Apr 2007
Location: SEA
Programs: AS MVP, Hhonors Gold, National Executive, Identity Gold, MLife Gold
Posts: 2,687