Rogue hotspots offer rich pickings for hackers

Rogue hotspots offer a valuable crop of data in a short period of time

Criminals are setting up temporary wireless access points designed to look like the genuine article in order to capture confidential information, according to security firm RSA. 

The company warned that rogue hotspots could provide the latest platform for identity theft, and cited a test system built by Capgemini UK as a proof-of-concept.

"Rogue hotspots currently constitute one of the most serious and most likely vehicles for wireless security breaches," said Phil Cracknell, director of Capgemini UK's security consulting practice.

"They are easy to set up and an attacker is almost guaranteed a valuable crop of data in a short period of time."

Capgemini UK built a test system on a laptop that emulated a commonly seen hotspot, and watched people connecting to it presumably because they were unable to distinguish it from the real thing.

RSA warned that rogue hotspots could be used to steal credit card details from transactions made while people were connected.

The report suggested that the likelihood of this is relatively high, because a rogue hotspot could allow a higher volume of accurate details to be captured than in an email-based phishing attack.

"For this reason, they could be used as the next platform for phishing attacks and identity theft," said Cracknell.

"In order to prevent this, all business and personal mobile users need to be educated about the potential risk from rogue hotspots and taught not to send confidential usernames, passwords and personal information over unencrypted networks."

As part of its report, RSA also pointed to the fact that almost a quarter of companies with wireless networks in London, Paris and New York are not secure.

The report follows a similar study carried out by antivirus vendor Kaspersky, which found that on average 49 per cent of London networks are unsecured, including 40 per cent of those in the business district of Canary Wharf. 

However, RSA's figures differed from Kaspersky's. RSA's study found that London was the least secure with 26 per cent of business networks open, while New York had 25 per cent and Paris had 22 per cent.

Kaspersky claimed that 49 per cent of wireless networks in London were operating without any encryption.