Most of us have a tendency of signing up for free WiFi access hotspots available at Hotels, Airports, Conference, etc. Some of us do not remove the frequently used WiFi accounts from our devices.

Over the period of time I have analyzed that we do have a flaw in the free WiFi access points. I’m not sure why the security experts or the companies have not addressed it.

A spoofing WiFi router/hotspot device broadcasting one of the free WiFi SSID can potentially bring the nearby devices within its network if any of those devices have the matched free WiFi’s saved on their devices. Device owners may unknowingly be connected to the spoofed WiFi access point, if they have the particular free SSID saved and are within the range of the spoofed device.

This basic flaw can be easily addressed if the WiFi communication protocol also saves the MAC address (of router/hotspot devices) along with the SSID on the user devices. This would prevent spoofing as the SSID + MAC address mismatch would prevent the user device to connect to the spoofing router/hotspot device.

Author: Jasbir Sandhu