North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Gadi Evron
  • Date: Mon Nov 21 10:57:52 2005

By setting up a fake AP, you can launch active attacks. Sure, people won't get the right certificate -- and they're not going to notice, especially if the (unencrypted) initial web splash page says something like "For added security, all SSL connections from this hotspot will use Starbucks-brand certificates. Please configure your browser to accept them -- it will protect you from fraud."

--Steven M. Bellovin,
I am very happy to agree with Steve. But I'd also like to add something.

Security does not have to be end-user based... risking the wrath of Randy, let us hail Vietnam for a moment..

One of the technologies first employed in Vietnam (I may be wrong, my history isn't that good) was that of tracking radiation, and specifically, EM radiation by creating the first "smart bombs".

You could see this type of "physical" electronic warfare also employed in Iraq with the US Gov't bombing the center of GSM-blocking signal generators.

Locating where a transmission comes from, supposing it comes from a centralized source, is rather easy.

Missiles for your local ISP to use? I find this rather amusing and a clear path to take.
Locating these fake AP's will be easy, at least for the foreseeable future until the Bad Guys start employing ANCIENT tricks to start evading.... There are other risks and the future will show them as bad or imperfect implementations and designs will show up... for now I don't see anyone bothering beyond the goals of interest or fun. That will change to profit very soon, though, as the technology takes off.