Wi-fi Attacks Threaten Café Hotspots

Times Online has reported attacks on Wi-Fi hotspots in Coffee-shop chains such as Starbucks.

The “evil twin” attacks involve a hacker setting up a rogue WiFi network and monitoring traffic in order to intercept private data.

This sort of attack is difficult to trace and can be set up with little more than a laptop with a USB WiFi adapter and some special software.

Victims of the scheme believe they are logging on to a genuine network in a cafe when they are actually being diverted to the rogue connection.

Their keystrokes are then captured by the hacker, who can extract information for fraudulent purposes such as identity theft.

Times Online monitored a chatroom used to discuss the technique, which is also known as a “man in the middle” attack, and saw information being exchanged about how security at Wi-Fi hotspots can be bypassed.

In a forum entitled “T-Mobile or Starbucks hotspot,” a discussion about the effectiveness of man in the middle type attacks took place.

A participant in the discussion, called “itseme” gave details about how the fake network should be set up, while another participant, called “baalpeteor,” claimed he was able to tunnel his way around public hotspot logins and said “the dns method now seems to work pass starbucks login.”

T-Mobile has not yet had any incident reported in the U.K. but advises customers to update their virus protection software and ensure they connect only to valid, certified Web sites.