WiPhishing: Threat Or Hype?

By | February 5, 2005

Is Wi-Fi being used by phishers and other identity thieves? Some folk reckon so, pointing to tricks such as the Evil Twin threat and something called ‘WiPhishing’, which, according to Information Week, goes like this:

“We call WiPhishing the act of covertly setting up a wireless-enabled laptop or access point for the purpose of getting wireless laptops to associate with it,” Cirond CEO Nicholas Miller said in a statement. “Hackers who are on a ‘WiFishing expedition’ may set the name of their rogue wireless access point (or laptop) to an SSID that is commonly used by wireless laptop users.”

For example, a WiPhisher could set the SSID of an access point or laptop to be the same as the default settings for widely-sold access points or hotspot services offered by vendors such as T-Mobile and Wayport, Miller said.

“Hackers are also likely to increasingly post common SSID names on their Web sites as this practice gains momentum,” Miller said.

I’m not trying to be cynical here, because I think Wi-Fi security is a real issue, but these kind of statements are more often than not made by folk who stand to gain the more afraid people are, because they sell ‘solutions’. The Cirond statement, issued on the PR businesswire on Feb 4, was quickly picked up by four or five industry websites including Information Week, SYSCON, Internet Telephony Magazine and InternetWeek (and now, of course, Loose Wire Blog).

So, threat, or hype? Probably both. So we should probably call it a Thrype.

One thought on “WiPhishing: Threat Or Hype?

  1. marc

    threat, or hype? definitely hype. Giving a “new” name to an old threat is just pure marketing (A.P. hijacking or rogue AP “forced” on the network with the help of some power amplifier is not a new threat). And the “workaround” solution is still the same : tunnel, tunnel, tunnel (vpn or ssl)

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.