via The Times Online: Hackers target wi-fi hotspots in new phishing attack
Computer users have been warned of the dangers of using wi-fi hotspots after it emerged that cyber-criminals are targeting the networks in café chains including Starbucks.
Times Online has uncovered evidence that criminals are using a technique known as an ‘evil twin attack’, where victims think that they are logging on to the genuine network in a café but are in fact being diverted to a ‘rogue’ connection.
This attack has been predicted to be popular for a long time, so this is not very surprising. It’s very difficult using current software for anyone to verify the identity of a wireless hotspot, so hotspot users need to make sure that their applications are communicating securely too.
Unfortunately for most people not very familiar with computer security (i.e. most people), determining if your applications are communicating securely is ALSO usually quite difficult to determine. Browsers are the obvious candidate, but some recent research determined that most users ignored missing security indicators or warnings anyway. Besides that, do most users know whether their IM session or online service is secured in an appropriate manner?
As a side note: similar man-in-the-middle attacks have been conducted on the Tor network, too. Never trust a common carrier, eh?
