Can Hotspots Be Spoofed?

How can I be sure that a Cox WiFi hotspot is legitimate and not spoofed by bad guys to capture my Cox password? Since my Cox password is also my email password (or at least would allow access to my Cox account to change the email password), that's a very significant issue. If the answer is that it uses a certificate issued by a trusted Certificate Authority for the SSL connection, do all commonly used browsers look for that, and flag untrusted certs, in this case for the logon page? Can I create a separate password for use with the WiFi that, if compromised, won't allow access to my real Cox account? This is important enough that, if not properly addressed, the Cox WiFi hotspots should NEVER be used by ANYONE.

Responses

JonathanJ

Former Moderator

•

1.9K Messages

@ BitPusher

Cox makes reasonable efforts to provide a secure service, but because this service is a wireless service, we strongly recommend you make sure any devices you connect are first protected by anti-virus / anti-malware software, and that your operating system firewall is turned on to provide additional protection. Cox cannot guarantee absolute security through Cox WiFi.

0

BitPusher

New Contributor

•

3 Messages

Unfortunately, the canned response doesn't begin to answer the questions. The fact that the Cox WiFi connections don't use WPA2 security kind of brings the "reasonable effort to provide a secure service" part into question, but given the unencrypted WiFi connection, the rest becomes even more significant. Can we find someone at Cox who knows the answers? I can probably figure out the use of trusted certificates for SSL part but I am still very wary of using my normal Cox account password which provides potentially disastrous access to my email and other Cox services. Can we find out if there is a way to create a different password for logging into the Cox WiFi connections?

JonathanJ said:
@ BitPusher

Cox makes reasonable efforts to provide a secure service, but because this service is a wireless service, we strongly recommend you make sure any devices you connect are first protected by anti-virus / anti-malware software, and that your operating system firewall is turned on to provide additional protection. Cox cannot guarantee absolute security through Cox WiFi.

0

ColleenD

Moderator

•

1.7K Messages

BitPusher,

WPA2 encryption is prohibitive from a usage standpoint for public wifi connections. This would require pre-sharing the key with all intended users and still does not prevent others that have the key from eavesdropping on any traffic that is transmitted in the clear.

0

BitPusher

New Contributor

•

3 Messages

Could argue on the WPA2 stuff, but that's not the issue. As deployed: a) what protects against anyone setting up a hot spot that looks and acts just like a Cox WiFi hotspot and collecting users Cox account passwords as they access the site. b) (most significantly) can we create a password just for use with the hotspots that is different from our Cox account password so if compromised, by whatever means, our Cox accounts and email accounts are not jeopardized. Thanks

0

MrMax

New Contributor

•

3 Messages

You want a simple answer, eh? Can Hotspots be spoofed? Yes they can.

0

Welcome to the Cox Community

Can Hotspots Be Spoofed?

Recent Discussions

Welcome to the Cox Community

Can Hotspots Be Spoofed?

Related Content

Recent Discussions