The FBI has issued a warning over bogus WiFi networks:
How do hackers grab your personal data out of thin air? Agent Peterson said one of the most common types of attack is this: a bogus but legitimate-looking Wi-Fi network with a strong signal is strategically set up in a known hot spot…and the hacker waits for nearby laptops to connect to it. At that point, your computer—and all your sensitive information, including user ID, passwords, credit card numbers, etc.—basically belongs to the hacker. The intruder can mine your computer for valuable data, direct you to phony webpages that look like ones you frequent, and record your every keystroke.
“Another thing to remember,” said Agent Peterson, “is that the connection between your laptop and the attacker’s laptop runs both ways: while he’s taking info from you, you may be unknowingly downloading viruses, worms, and other malware from him.”
(Via Hot Air.)
It’s worth warning people about the dangers of bogus networks, particularly if this is form of attack is really going on a lot, but Agent Peterson seems confused about the nature of the threat. This is simply a form of the classic man-in-the-middle attack, which computer scientists have been aware of for a long time. The attack arises whenever the adversary can compromise a node along your communication path, such as a wireless router. So it has nothing to do with WiFi, per se. Also, the business about your computer “basically belonging to the hacker” is complete nonsense. A man-in-the-middle attack can only compromise the information you send over the network — not everything on your computer.
In principle, the man-in-the-middle attack is a solved problem. Rather than warning people to beware of public WiFi, the FBI should be cautioning people to take appropriate precautions in all their network activity. Those precautions are necessary everywhere, not just on WiFi.
Internet Scofflaw 