Maybe you hate the airport, or maybe you love it so much you could watch Spielberg’s THE TERMINAL in the Korean Airlines LAX Lounge and unironically think “hashtag life goals.” (Guilty.) Whatever your feelings are, once you make your way through the living nightmare that is TSA, lollygag in duty free for an hour looking for fancy tea for your mother, and then sprint breathlessly to your gate because you could have sworn that “last call” announcement you just heard was for your flight (don’t worry, it was a totally different American Airlines Dreamliner headed to Japan), you probably still have a bit of time to kill.
Like most passengers, you’re probably tempted to pull out your laptop or phone while you wait to board. Seems as good a time as any to check a few work emails, right? So what’s the first (and worst) thing you’re likely to do next?
If you answered “access airport WiFi” then DING, DING DING! We have a winner!
Traveling with technology is the norm. No one would dare leave the country without their cell phone at this point, and bringing your laptop or tablet in your carryon is as matter-of-course as packing enough underwear. Traveling is also one of those times when we tend to let our guard down. You’re at an airport, sipping a bloody mary at the bar. Everyone around you is heading somewhere. We forget that this is one of the ideal spots for someone to set up a man-in-the-middle attack.
It’s a captive pool of victims is what it is — all of whom are going to want to jump online after that long flight from Paris, or Istanbul, or Kiribati, or wherever. And much to their detriment, most of them probably won’t take the time to verify that the network they’re connecting to really is the real _FreeAirportWiFi. In fact, when Symantec surveyed thousands of people from all over the globe a couple years ago, it found that most people don’t even think twice before connecting to free WiFi. Just just hop on it, and go about their (now very vulnerable) business. Hackers are thanking their lucky stars on the daily.
If you absolutely must connect to airport WiFi, your smartest move is to first double-check the airport’s website. If you can’t find it there, most airports will prominently display name of the network throughout the terminal so you don’t have to play WiFi roulette with that list of 27 similarly named variants.
The majority of legitimate public networks will also pop up with an authentication page asking you to input your email and agree to any terms of service — but just as it’s possible for MitM attackers to clone websites and funnel unsuspecting users through them, it’s also possible for them to spoof captive portals. Meaning, even though that Lufthansa lounge network looks legit and claims to be powered by Boingo wireless, doesn’t mean it isn’t also powered by your friendly neighborhood hacker — that is, the one who sneakily obtained the actual network’s SSL credentials by launching a deauthentication attack. (We won’t explain the how’s, but suffice it to say… it is frighteningly simple.)
Understanding the methods by which hackers can perform these exploits is one of the important aspects of reducing complacency. Infuriatingly, the device they use — a Pineapple (no, not that pineapple) — is cheap (only $99), easy to use, and a totally legitimate technology developed and used by pentesters. It’s also not much larger than your standard iPhone, and is totally inconspicuous. It just looks like your own personal router, albeit one with an antenna or two.
So how do you protect yourself? Aside from the obvious (never connecting to public WiFi, which we know is a pain in the donkey), you should always use a VPN (virtual private network) to encrypt all your data. For companies that issue devices to employees on the go, this should be standard! You should also ONLY — and we seriously mean only — ever visit secure, HTTPS sites while on these public networks. By doing so, hackers might be able to see the domain of the site you’re visiting, but not the sensitive data (e.g. your password) being sent to it.
These basic precautions don’t just apply to airport WiFi. They’re rules you should follow for any public WiFi network — from coffee shops, to libraries, to malls. Unfortunately, wireless networks are inherently flawed… and so are human beings. Apart from the most paranoid among us (they’re right to be), we’ve all thrown caution to the wind one time or another. Even if nothing bad happened, do you really want to take the risk? Don’t let your important business data fall into the hands of someone who left their scruples at home that morning. Trust us, it’s not worth it.
Contact JNT TEK for help preparing to travel with your technology.