WiFi Hotspot & Autoconnect Security Risk

TL;DR

Yes, it’s possible to obtain WiFi credentials using a combination of an enticingly named hotspot and the automatic connection features built into many devices. This is because some operating systems will store and reuse passwords for previously connected networks, even if those networks are malicious mimics. Protect yourself by disabling autoconnect on untrusted networks and being cautious about connecting to unknown hotspots.

How it Works

Attackers create a fake WiFi hotspot with a name that looks familiar (e.g., ‘Free Public WiFi’, the name of a local business). When someone connects, the attacker can potentially capture their login details if they are not using strong encryption or if the device automatically reconnects to similar-named networks.

Steps to Protect Yourself

1. Disable Autoconnect on Untrusted Networks: This is the most important step. Most operating systems have a setting to prevent automatic connection to open or previously connected WiFi networks.
   • Windows: Go to Settings > Network & Internet > WiFi > Manage known networks. Remove any networks you don’t recognize or trust. Then, disable ‘Connect automatically when in range’.
   • macOS: Go to System Preferences > Network > Wi-Fi > Advanced. Uncheck ‘Automatically join this network’.
   • Android: The exact steps vary by manufacturer. Generally, go to Settings > Connections > WiFi. Long-press the network name and select ‘Forget’ or disable ‘Auto-connect’. You may also find a global setting for auto-connection under Advanced WiFi settings.
   • iOS: Go to Settings > Wi-Fi. Tap the ‘i’ icon next to the network name and toggle off ‘Auto-Join’.
2. Be Wary of Public Hotspots: Avoid connecting to open, unsecured WiFi networks whenever possible. If you must use a public hotspot:
   • Use a Virtual Private Network (VPN). A VPN encrypts your internet traffic, protecting your data even on an insecure network.
   • Ensure the website you are visiting uses HTTPS (look for the padlock icon in your browser’s address bar).
3. Check Connected Networks Regularly: Periodically review the list of saved WiFi networks on your devices and remove any that you don’t recognize.
4. Use Strong Passwords: While this doesn’t directly prevent a mimicking hotspot attack, using strong, unique passwords for your online accounts will limit the damage if your credentials are compromised.
5. Monitor Network Activity (Advanced): If you suspect your network has been compromised, use a network monitoring tool to identify unusual activity.
   • Wireshark: A powerful packet analyzer that can capture and analyze network traffic.

     sudo apt install wireshark

     (Linux example)

Technical Details

The vulnerability lies in how operating systems handle stored WiFi credentials. When a device encounters a network with a name similar to one it has connected to before, it may automatically attempt to connect using the saved password. If the attacker’s hotspot uses the same SSID (network name), the device will try to authenticate, potentially revealing the password.

cyber security Considerations

This type of attack falls under the category of man-in-the-middle attacks and social engineering. Attackers exploit trust and convenience to gain access to sensitive information. Regularly updating your devices’ operating systems and being aware of potential threats are crucial for maintaining cyber security.