Hack-in-a-Box Tools Threaten WiFi Hotspots

Many of us probably remember the popular kids’ toy called “Jack-in-the-Box” — that metal 5″ cube, painted colorfully and with a crank on the side. When you turned the crank, it would play the “Pop Goes the Weasel” melody, at the end of which the top would spring open and a clown would pop out of the box.

I think that is a fitting image for this post, because now some clowns have packaged the hardware and software to hack WiFi hotpots and put them into simple, easy-to-use boxes you can buy off-the-shelf (well, off the Internet, at least).

I call this “Hack-in-a-Box,” and there are at least two, and they are colorfully named “WiFi Pineapple” and “WiFi Robin.”

The WiFi Pineapple (with its geeky attempt at marketing: “Same great WiFi Pineapple taste, remarkable savings”) has one and only one purpose: to hack into private WiFi communications.

Here is how they describe it on their website:

Of course all of the Internet traffic flowing through the Pineapple such as email, instant messages and browser sessions are easily viewed or even modified by the Pineapple holder.

WiFi Robin has slightly better graphics, though their English could be improved:

Wifirobin optimized the cracking of WEP encryption, the optimization makes the hack more quickly (sic). Best of all it can also decode, hack, crack, unlock and reveal the passwords of most of the secured connections.

Hacking Toys for Novices

The point is, these products are toys. They have no legitimate use. Previously, the hackers’ tools were developed so network administrators could monitor traffic to help them manage the networks, a real and appropriate use. Unfortunately, the hackers started using an otherwise-legitimate technology for their own nefarious purposes.

WiFi Pineapple and WiFi Robin, though, don’t even pretend to be anything other than hacking devices.

Worse, they bring hacking out of the realm of geeks and allow anyone to use this stuff. In the past, it took at least some level of smarts and technical knowledge to hack WiFi. Now anyone, with or without much intellect, can become a hacker.

Here is what Lisa Phifer, a top security consultant at CoreCom writes:

The Wi-Fi Robin and Pineapple run entirely different attacks, but they both illustrate a trend — commercial push-button automation of attacks that once-upon-a-time required a good understanding of WiFi protocols, software development expertise, and (usually Linux open source) tools. Now all you need is ~$100.

This trend happened for other kinds of cybercrime as well. For example, spammers now rent time on a botnet instead of building or distributing their own trojans. Once tools become commercialized, attack frequency and risk tends to explode.

This is a good reminder to always protect your communications in WiFi hotspots — for example, by using a virtual private network like — Private WiFi or else you could be hacked-in-a-box and not even know it.

Private-i is the official resource center for Private WiFi, an online privacy service for consumers and small to mid-size businesses who use public WiFi hotspots. Private WiFi software encrypts all the data you wirelessly send and receive, protecting your identity and sensitive information from hackers and identity thieves. To learn more about the product and get a free three-day trial, visit privatewifi.com.

Article written by Kent Lawson, CEO of Private WiFi. Private WiFi and Sky-Packets have partnered to provide its client side application to end-users at our public WiFi hotspots.

Sky-Packets: Better Living Through WiFi

Steve Amarante

www.sky-packets.com

Moscow getting Wi-Fi on the Metro--What about NYC?

The Moscow News reports that Moscow is expecting to get Wi-Fi services on all Metro (above and below ground). It makes you wonder what NYC can't get beyond the politics. There are no shortage of companies like Sky-Packets, that are willing and able to implement Wi-Fi on both the LIRR and Metro North. It's an ideal project, in this economy, for large and small business to work in conjunction with the public sector. Let's hope we can get beyond the politics in the near future.

Steve Amarante
Sky-Packets: Better Living Through Wi-Fi
www.sky-packets.com

3D Phones Get a Boost with WiFi Display

Here's a Forbes article (http://tinyurl.com/3ckkcxu) that touches on a new Wi-Fi technology called: WiFi Display. The new standard allows 3D videos to be compressed so that it can travel over WiFi (wireless) without cords. 3D phones will be the rage in a year or two but the I am holding out for 3D (hologram) phone that will project images of the person that is calling ala Star Trek (and yes, this is already in the works!)

Sky-Packets: Better Living Through Wi-Fi

Steve Amarante
www.sky-packets.com

Flatiron/23rd Street Partnership and Sky-Packets Partner To Provide Free WiFi

The Flatiron/23rd Street Partnership is now providing free WiFi in the Flatiron Public Plazas. The WiFi is now up and running on the south plaza (the one adjacent to the Flatiron building, south of 23rd Street) and WiFi for the North Plaza (north of 23rd Street) is coming soon.

http://youarehereflatiron.org/

So come out of your office, apartment, whatever and connect!

Sky-Packets: Better Living With WiFi

Steve Amarante

www.sky-packets.com

Bryant Park and Sky Packets Partner To Provide Free WiFi

Sky Packets is proud to announce its newest partnership with Bryant Park! Over the past week we have been updating the Wi-Fi system to provide a better end-user experience. Weather permitting; we will be conducting additional modifications in the coming week! So make sure to get out to Bryant Park this summer to enjoy yoga, Tai Chi, Bird watching, Movie Night and yes, free Wi-Fi. www.bryantpark.org

Sky-Packets: Better Living Through Wi-Fi
Steve Amarante
www.sky-packets.com

Hotel WiFi Hacking is on the Rise by Jan Legnitto

The next time you put all your cash in a hotel safe, consider this: Identity thieves may be more interested in what’s going over your hotel WiFi connection than what’s in your wallet.

According to a 2010 report by Trustwave SpiderLabs, consumers’ credit cards are more likely to be hacked in a hotel than in any other place they are used. Thirty-eight percent of the hacking incidents that Trustwave investigated last year occurred in hotel credit card systems.

In 2010, the Wyndham Hotels and Resorts – operators of The Days Inn, Ramada and Howard Johnson Hotel chains – reported that their networks had been compromised by hackers. The loot: An unknown number of guest names and credit card numbers.

According to a 2008 study by Cornell University’s School of Hotel Administration, events like that aren’t unusual. The study concluded that most hotel wireless networks were not secure. Twenty percent of the hotels surveyed admitted that malicious activities had taken place on their networks.

A 2006 report on hotel hotspot security found that guests connected to many hotel networks could easily view each other’s fileshares or attack each other’s computers. “We tested 27 hotels in three major cities. Just one quarter of them prevented WiFi users from being hacked by guests connected to the hotel’s wired network and attackers on the Internet,” said Lisa Phifer, president of Core Competence. “After hotspot login, most guests are on their own to protect themselves,” says Phifer.

WiFi Hacking Crimes Are Easy to Commit

Unsecured wireless networks at hotels have proven to be ideal places for hackers to commit a wide variety of crimes.

In 2008, at the luxury Thompson Hotel chain, a hacker captured personal and sensitive emails sent by guests and staff members over its wireless network and threatened to make them public.

Hackers staying at hotels or parked nearby have exploited the anonymity of hotel wireless networks to download child pornography. In 2009, a Florida man was arrested for using hotel WiFi to download kiddie porn from his truck parked outside. According to Hernando Today, a publication of Tampa Bay Online, when the man’s gaming device was confiscated as evidence, what local authorities found stored on it was 96 images of prepubescent children engaged in sex acts. The time stamp on the images matched the time that the man was outside the hotel.

WiFi hacks like that aren’t the only security threat we face.. Road warriors looking to log on to their hotels’wireless Internet can unknowingly become online mugging victims. In 2010, The CBS Early Show had an ethical hacker set up a fake WiFi access point at a New York City hotel, calling it “Best Free Public WiFi.” Before long, dozens of unknowing wireless users took the bait and tried to log on. When an unsuspecting hotel guest connects to a phony WiFi access point like that, his credit card, banking or other confidential business information can be seen by the hacker.

Remember, just because you’re staying at a nice hotel doesn’t mean that hackers aren’t around the corner. These are some of the things you can do to protect your Internet security.

How to Hide From Hackers

• Watch out for fake WiFi access points designed to look just like real hotel WiFi networks. These “Evin Twins” may even contain your hotel’s name. Check with the establishment to get the correct name.
• Find out whether your hotel’s wireless network uses WPA (WiFi Protected Access) security. WPA usually requires a password to get onto the network and always encrypts everything sent over wireless. This prevents eavesdropping over wireless – but it may not stop other guests connected to the same hotspot from stealing your data.
• Always assume you’re not alone on any public WiFi network. Disable file sharing, turn on your computer’s personal firewall, and never send Social Security numbers, passwords or financial information when using an unencrypted wireless connection.
• When using a free hotspot, you could be sending data through someone you don’t know. When using a commercial hotspot, never supply payment information to an unsecured hotspot login page. If your web browser doesn’t display a green padlock or it warns that the login page may not be secure, use a different hotspot.
• Use a VPN (virtual private network) to make all the information transmitted over your WiFi connection invisible to hackers.

In the meantime, if you were hacked while using a hotel WiFi connection, we’d like hear what happened to you. Tell us your story.

The article above come via Private WiFi (www.privatewifi.com) who we have partnered to provide VPN client side software.

Sky-Packets: Better Living Through WiFi

Steve Amarante

www.sky-packets.com

WiFi security is a serious matter!

#WiFi security is a serious matter. Just ask this Buffalo homeowner (http://tinyurl.com/3q6klp5) . Sky Packets is in the process of partnering with Private WiFi (www.privatewifi.com) to provide VPN client software and WiFi security "best practices". Stay tune!

Sky-Packets: Better Living Through Wi-Fi

Steve Amarante
www.sky-packets.com