search
Login   |   About  |   Contact us  |   Glossary  |   Advertising
« HTML for Handhelds
Sputnik Upgrades Cloud Administrator »

Hacking Starbucks

Computerworld reports that a group of clever independent security analysts from the Shmoo Group has created a program that makes it easy for a hacker to slurp up your log-in information before you’ve even quaffed the foam on your cappuccino. The hacker can then use the information to obtain free wireless Internet access and make you foot the bill.


The new tool, called Airsnarf, broadcasts a powerful signal that disconnects any nearby hot spot users from the Internet. Then it broadcasts a sign-in page that looks like the log-in site of the legitimate Wi-Fi provider. When users, figuring they were knocked off the Internet momentarily, log in again, their user name and password go to the hackers, not the ISP.

The Airsnarf program could be running on the laptop — even a PDA — by the person sitting next to you. With the right antennas, crackers intent on stealing passwords wouldn’t even need to get out of their cars. All they’d have to do is park in front of the cafe, sit for a while running Airsnarf and then move on.

The program was never intended to be used as a tool for theft, according to its creators, members of a loosely affiliated group of computer security experts who call themselves the Shmoo Group. “Airsnarf was developed and released to demonstrate an inherent vulnerability of public 802.11b hot spots,” the group writes on its Web site.

Spokespeople for two of the largest wireless access providers, T-Mobile and Wayport, say they don’t know of any subscribers whose log-in information was stolen this way and don’t anticipate the problem being widespread enough to warrant major changes to the way they run their services. But can a hacker use your log-in information to get at more sensitive personal data? Both companies say no. Though you may use the same user name and password to connect to the Internet and to manage your account online, the ISPs report that credit card numbers and other sensitive data are hidden from view when you log in to your account information.

If you use a wireless hot spot, the best defense against this kind of service theft is to change your password regularly — at least once a month. And keep close tabs on your monthly bill.

“Mutual authentication” of client and server, part of the 802.1x standard, can ensure that users are connecting to a legal network, preventing man-in-the-middle attacks. PCTel, iPass, Funk and Padcom have software available that WISPs could license and distribute to users of practically all major platforms. Possibile solutions might include:

The 802.1x standard is a framework for secure, mutual authentication between a network and end-users. Many enterprises currently support 802.1x to protect their wireless networks because it requires interrogation by the server. Vipin Jain, inventor of the 802.1x authentication protocol and a vice president at Extreme Networks, recently spoke with CNET about recent security developments in the context of wireless networking.

Wi-Fi Protected Access (WPA) is the new, Wi-Fi Alliance mandated security mechanism, with fewer security holes than the previous encryption effort, Wireless Equivalent Privacy (WEP).

Perhaps the Shmoo Group should watch their hinnie. Starbucks and McDonalds are about as tolerant as The New York Times. Remember Adrian?

And this just in…

Broadband Reports, one of the most informative and newsy sites on the net, linked to this story and posted a comment from someone called gdead


Howdy,
So I’ve been involved in the Airsnarf project (I presented with Beetle at BlackHat Federal in DC a few months ago on the project). I’ve got a few things to say about this tool and the write-up about this.

First off, the type of attack that airsnarf carries out is not rocket science. It is not about breaking encryption but rather about tricking the client. The attack can be fully explained in about 5 minutes to a level that anyone with familiarity with 802.11 can fully understand it.

HOWEVER, not a single OS vendor, security tool provider, or driver vendor alert the user that this kind of attack is being performed. This is completely a layer 2 attack that should be caught by any wireless security tool. At the point of our talk at BH, nothing existed that would tell the user “hey, bad things are afoot… you should stop using this network”. Airsnarf is a wakeup call to the vendors.

To that end, we also wrote the hotspot defense kit (HSDK). It’s designed to alert the user that there is a layer 2 attack underway. It can be downloaded from the airsnaft page. Currently it only runs on OS X, but we are working on a windows port.

Finally, I am not a 3l337 blackhat hacker. I coauthored 802.11 Security through O’Reilly. I also try to educate as many people as I can about wireless security through talks, mailing lists, etc.

Would that be Bruce Potter? Who knows. It sounds like a reasonable justification, doesn’t it. Bruce Potter’s 2003 Power Point presentation describes the problem. Check it out.

It’s already had a practical impact on me - and that’s probably a good thing. Today the Community Center where I work got a rooftop Wi-Fi system installed. But we’re not going to fire it up until we have a better security plan. This thing has me spooked.

How do you suppose Anthony Townsend (NYC Wireless) et. al. handle liability issues in Bryant Park? I’m going to write him. Sometimes I feel like a moron. Sometimes I don’t.
- Sam Churchill

For a good overview with practical tips, check out the 802.11 Security Web Page at Seattle Wireless.

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Facebook
  • Google
  • StumbleUpon
  • Technorati

Posted by Sam Churchill on Tuesday, November 25th, 2003 at 6:39 pm.

Something to say?

You must be logged in to post a comment.