Focus on Mobile Security: Viral wireless networks (SSIDs)
ISG reminds you to securely configure your laptop to protect it from threats like “viral SSIDs”: ad-hoc wireless networks that sneak onto your laptop in the guise of “Free Public Wi-Fi”.
While many laptops come pre-configured to make it easier to connect wirelessly, this feature can have the unintended consequence of allowing an expanding series of “viral SSIDs” onto your computer without your knowledge. Once a hacker discovers a computer with the vulnerability that permits multiple machines to connect to it, your laptop is pegged as poorly secured and a prime target. The hacker can then attempt to exploit this vulnerability to gain access to your computer. Worst case scenario? An attacker or group of attackers could use this to create a massive wireless botnet.
The viral nature of this growing phenomenon is the way Windows and some other wireless configuration software was designed. The original intent was to make connecting to the Wi-Fi network easier or even seamless. Unfortunately, it can now make you more vulnerable as it opens up an avenue of opportunity for a hacker who probes wireless networks.
How does this happen? Simple for Windows users. Once you click on a fake SSID, Windows automatically adds that SSID to its preferred networks and begins broadcasting it to other users, who connect and are then “infected” as well.
What can you do to protect yourself?
- Never click on an ad-hoc network — the icon with the two laptops — when looking for a Wi-Fi hot spot.
- Use a VPN connection when using a public hot spot.
- Disable any attempts to auto-connect to available networks (this behavior is default in Windows Vista).
- Use the “Infrastructure Networks Only” setting.
- Delete unrecognized entries in your Preferred Network List (PNL).
- Delete any fake SSIDs from your PNL to stop propagating this exploit and to avoid being attacked by someone who knows about the exploit.
For more information about “viral SSIDs” (Server Set Identifiers) , see the following articles:
If you suspect that you may have become infected, contact the Help Desk at 3-HELP or firstname.lastname@example.org.