Search This Blog

Sunday, March 11, 2012

Five ways to protect yourself from Wi-Fi honeypots.

SUMMARY : If you come into range of the WiFi Pineapple Mark IV, every Web page on the Internet may be replaced by the Nyan Cat kitten, or, in the hands of someone malicious, something far worse. Here's how to protect yourself.

Darren Kitchen, 29, founder of Hak5 and creator of the WiFi Pineapple Mark IV honeypot.
Darren Kitchen, 29, founder of Hak5 and creator of the WiFi Pineapple 
Mark IV honeypot. (Credit: Declan McCullagh/CNET)

AUSTIN, Texas--Darren Kitchen spent this weekend walking around the SXSW festival with an unobtrusive but relatively evil red box attached to his backpack: it impersonated Wi-Fi networks in hopes of convincing laptops, phones, and other wireless devices to connect to it.

Kitchen's hot-spot honeypot worked. During just a few minutes in the lobby of the Omni Hotel here, he disrupted dozens of Wi-Fi connections and rerouted them to his own "network" that replaced all Internet pages with a video of the Nyan Cat kitten flying through space. Someone with malicious intent could have done far worse.

Kitchen, founder of Hak5, says the WiFi Pineapple Mark IV box highlights the security flaws of the way Wi-Fi has been implemented. There's also a privacy flaw. Currently, Wi-Fi devices broadcast the list of open Wi-Fi networks to which they previously connected--meaning an astute observer may be able to tell where the owner works and socializes.

His five tips for how to prevent your Internet connection from being hijacked by someone with the WiFi Pineapple Mark IV (available for purchase for $89.99):

1. Turn off Wi-Fi
If Wi-Fi isn't enabled, there's no privacy or security risk. Use a 3G or 4G USB stick instead. Or, on a laptop with a wired Ethernet connection, use that.

Read more: