Waiting for a flight Thursday evening, I opened up my Powerbook to see if the Gods of Wireless Networking had yet talked some sense into the folks who run Washington’s National Airport. Alas, there weren’t any legit wifi signals available — I specify “legit”, though, because there were quite a few ad-hoc networks set up that looked to be trying to phish and scam their way into information from unsuspecting or naive flyers.

Lookie there at all those scammers!

If you look at that list, what you’ll notice is that all of those networks are running in “ad-hoc” (or peer-to-peer) mode, which almost certainly means that rather than them being bona-fide wireless access points serving up connections to the internet, someone’s computer is advertising its own wireless network as available for sharing, and that person is trying to get you to connect to it. That network named “tmobile” is very unlikely to be run by T-Mobile; that network named “Starbucks” is similarly illegitimate. Instead of T-Mobile providing access to the internet, some schmuck is probably trying to entice you to connect your laptop to his, which means that he can then listen in on all your network traffic (sniffing passwords and other data) with relative ease.

Almost without exception, all trustworthy wireless access points run in what’s called “infrastructure” mode. The list of networks in that screenshot is generated by an awesome Mac app named iStumbler, but the built-in networking stuff in any Windows or Mac computer similarly makes a distinction between ad-hoc and infrastructure networks — the Mac separates ad-hoc networks into their own list (“Computer-to-Computer networks”), and if I remember correctly, Windows shows ad-hoc networks with different icons than infrastructure ones. So if you find yourself looking to use wireless access in an airport, make sure you know how to tell the difference between reasonably legitimate networks and scammers; your credit cards, bank accounts, personal files, and email systems will thank you!

Comments

Jason, this is a great bit of advice. I don’t take my laptop many places so I am not usually searching for wifi very often (in part, because I’m concerned about security). Thanks for making the distinction between ad-hoc and infrastructure networks.

• Posted by: Jeff [TypeKey Profile Page] on Oct 16, 2006, 10:28 AM

Actually, iirc, this is a bug in the Windows wireless networking stack. I forget the details, but if you leave on adhoc networking and connect to any SSID (say, t-mobile), once you disconnect you’re laptop will actually broadcast that same SSID! I’ll have to find the writeup, but a presentation was given at one of the security cons about attacking laptops on planes through this very mechanism.

Turn off ad-hoc networking on your Windows boxes, folks.

• Posted by: dhs on Oct 16, 2006, 4:28 PM
Please note that comments automatically close after 60 days; the comment spammers love to use the older, rarely-viewed pages to work their magic. If comments are closed and you want to let me know something, feel free to use the contact page!