Computers and the Internet
Rogue access points
One time at a coffee shop, I saw a listing like this when trying to connect to its Wi-Fi network:
Screenshot of a listing of wireless networks, with two wireless networks named "Coffee Shop Wifi". Neither of those networks are password protected.
Seeing the generic and duplicate “Coffee Shop Wifi” networks gave me an odd feeling, so I decided not to connect. When I visited the coffee shop a few weeks later, I saw a flyer warning customers that “Coffee Shop Wifi” was a rogue access point.
What’s a rogue access point? To answer this, let’s first describe how a typical home gets Internet access.
Homes often connect to the Internet via a wired connection. Imagine that you couldn’t place a wire in your computer’s room. How else would you connect it to the Internet? You can use an access point.
Access points connect to the Internet via a wired connection but share it wirelessly with many devices like your computer. You can think of access points as translators between the languages of wireless and wired signals.
If you’re wondering why you’ve never heard of access points but have heard of routers, it’s because most routers include access points. Routers are responsible for transporting packets, not for providing wireless Internet access.
You can see what an access point looks like below. Notice the Ethernet cable in the back that connects it to the Internet and the two antennae that broadcast and receive wireless signals.
Photo of a Linksys wireless access point.
Rogue access points
A rogue access point is an access point installed on a network without the network owner’s permission. Why is this bad?
If an attacker owns the access point, they can intercept the data (e.g. PII) flowing through the network. This is why the coffee shop provided the warning to its customers; they wanted to stop an unauthorized access point on their network from intercepting users’ data.
Let’s now dive deeper into two ways rogue access points can intercept PII.
In passive interception, a rogue access point can read your data but cannot manipulate it. If you connect to a network with a rogue access point and enter your password on a site over HTTP, the rogue access point can read your password.
Illustration of passive interception over a rogue access point. On the left, a laptop has a website open with a filled-out password field. There's a server on the right. An area is labeled "What the client thinks happens" and contains an arrow that is labeled "Password: 123abc" and goes from to the laptop to an access point labeled "legitimate access point". Another arrow is labeled with the same data and goes from the legitimate access point to the server. The bottom area is labeled "What actually happens" and contains an arrow that is labeled "Password: 123abc" and goes from the laptop to an attacker labeled "rogue access point". Another arrow is labeled with the same data and goes from the rogue access point to the server.
Passive interception can also collect a user's Internet footprint. By monitoring DNS requests and other Internet traffic, the rogue access point can profile your Internet behavior. This profile can expose private information about you such as the types of websites you visit.
In active interception, a rogue access point can also manipulate your data. They can read the incoming user data, modify the data however they want, and send the modified user data to the destination endpoint.
For example, if a user visits a banking website and tries to deposit money into an account, a rogue access point can redirect the deposit to an attacker’s account.
Illustration of active interception over a rogue access point. On the left, a laptop has a website open with a form field. There's a server on the right. An area is labeled "What the client thinks happens" and contains an arrow that is labeled "Account ID: 25" and goes from to the laptop to an access point labeled "legitimate access point". Another arrow is labeled with the same data and goes from the legitimate access point to the server. The bottom area is labeled "What actually happens" and contains an arrow that is labeled "Account ID: 25" and goes from the laptop to an attacker labeled "rogue access point". Another arrow is labeled "Account ID: 12" and goes from the rogue access point to the server.
We should think twice before connecting to a free wireless hotspot in public locations such as coffee shops or airports. If we see something odd, we should notify the network owner.
We can also protect ourselves by using VPNs (virtual private networks) or HTTPS. VPNs and HTTPS both send a scrambled form of our data across the network. Even if rogue access points intercept it, they won’t be able to unscramble it.
🙋🏽🙋🏻♀️🙋🏿♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!
Want to join the conversation?
- How do VPNs and HTTPS scramble data?
How does the receiving device know how to unscramble it?(13 votes)
- Howie describes one type of a VPN well, although the use of a VPN without encryption (scrambling data) is instead often called a proxy.
To explain another way, a VPN creates a "private network" over a public network (the Internet). It is virtual because software makes the private network, not physical wires/waves.
The private part comes from techniques from public-key encryption. The idea is that the message sent over the public network is encrypted (locked/scrambled) and can be unscrambled by a receiving device only if possessing the right key. The only people that can see the unscrambled messages are hence those with keys, so the message is "private" without access to a key. In effect, encryption creates a private channel.
Finally, using this private channel, a VPN creates a network, so you have access to many resources. You can imagine:
1) An employee at Khan Academy working remotely to access numerous internal company websites. Khan Academy doesn't want the public internet to see these internal resources, so they use a VPN to create a private network for their employees (I don't know if Khan Academy actually does this, but many companies do).
2) You want to hide your Internet traffic from the public network so that your Internet Service Provider cannot see your activity. So then using Howie's description, you use another computer to forward your Internet activity.
In contrast, HTTPS does not create a private network from the private channel, but rather a private session between two particular endpoints. As a gross oversimplification, the VPN creates a private channel from the sender to many endpoints (1:many) and HTTPS does so from the sender to one endpoint (1:1)
See here for more on how encryption is performed (https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7ff015e7d:online-data-security/xcae6f4a7ff015e7d:data-encryption-techniques/a/public-key-encryption
Hope this helps!(24 votes)
- Can attackers use my home router to create a rogue access point? If can how I protect myself?(4 votes)
- Based on what I have observed, cybercriminals usually create rogue access points at more public places like a cafe or an airport instead of a home.
Nonetheless, it is possible, and recommended solutions include
1) monitoring the active devices on a home network via the router web interface occasionally
2) ensuring the home router has up-to-date software
3) using anti-virus software to check the security of new networks that devices connect to
Hope this helps!(7 votes)
- If someone steals my data, I'm gonna steal their data. Easy!(6 votes)
- is it always a physical device in the network that creates a rogue point?(3 votes)
- Yes, it will need an antenna and some electronics to send and receive data, so it must be a physical device.(2 votes)
- Does this mean I should wave goodbye to working on my computer at the coffee shop?(3 votes)
- No, you don't have to. You just have to exercise caution while working on public coffee shop internet and NOT send any sensitive information (PII) like passwords, credit card numbers, etc. on websites that do not have HTTPS encryption. If you depend on working at the coffee shop, however, it would probably be a good idea to get a VPN like [links removed]. However, if you have access to private internet with a password and good security (home wifi) that only you/your family uses, just use that. Try not to use public wifi whenever you feel like it.(2 votes)
- good thing i know this cause i got scamed into buying a PS5, $300 i got scamed(3 votes)
- are hackers good guys(1 vote)
- It depends. Although many hackers work illegally to steal information and get money (black hat hackers), hackers can also be certified and hired by companies to test their defenses (white hat hackers).(3 votes)
- how do you block bad guys(2 votes)
- There is no easy way to "block" bad guys on the internet. If you want to be free from hackers, you will have to stop using the internet entirely. However, in this day and age, that isn’t realistic. Also, hackers can steal information from servers connected to the internet. If a bank’s servers get hacked, the hacker can steal people’s bank information. There is no way to block hackers and scammers, but you can better protect yourself by becoming informed. Also, if your information is stolen, many companies can provide relief to you. Hackers and scammers will probably always be around, but knowing about how they work will lessen the chance that one will affect you.(1 vote)
- Hello, a VPN aka virtual private network protects your browsing activity, and your identity from other people like hackers.(3 votes)
- Is this "rogue access" attack the same as the "evil twin" attack where a hacker creates a network that they control that looks like the real thing, or is there a difference?(1 vote)
- A cyber attack is an attempt of unauthorized access to one's files assets/information and is not hacking. An evil twin attack, on the other hand, is a hack where the hacker sets up a fake Wi-Fi network that looks like a legitimate access point to steal victims' sensitive details who aren't cautious.(2 votes)