Forum Discussion

BitPusher's avatar
BitPusher
New Contributor

Can Hotspots Be Spoofed?

How can I be sure that a Cox WiFi hotspot is legitimate and not spoofed by bad guys to capture my Cox password? Since my Cox password is also my email password (or at least would allow access to my Cox account to change the email password), that's a very significant issue. If the answer is that it uses a certificate issued by a trusted Certificate Authority for the SSL connection, do all commonly used browsers look for that, and flag untrusted certs, in this case for the logon page? Can I create a separate password for use with the WiFi that, if compromised, won't allow access to my real Cox account? This is important enough that, if not properly addressed, the Cox WiFi hotspots should NEVER be used by ANYONE.
WiFi Hotspot spoof security certificate cert SSL TLS CRL

5 Replies

Sort By
Most LikedOldestNewest
Replies have been turned off for this discussion
  • JonathanJ's avatar
    JonathanJ
    Former Moderator
    @ BitPusher

    Cox makes reasonable efforts to provide a secure service, but because this service is a wireless service, we strongly recommend you make sure any devices you connect are first protected by anti-virus / anti-malware software, and that your operating system firewall is turned on to provide additional protection. Cox cannot guarantee absolute security through Cox WiFi.

  • BitPusher's avatar
    BitPusher
    New Contributor
    Unfortunately, the canned response doesn't begin to answer the questions. The fact that the Cox WiFi connections don't use WPA2 security kind of brings the "reasonable effort to provide a secure service" part into question, but given the unencrypted WiFi connection, the rest becomes even more significant. Can we find someone at Cox who knows the answers? I can probably figure out the use of trusted certificates for SSL part but I am still very wary of using my normal Cox account password which provides potentially disastrous access to my email and other Cox services. Can we find out if there is a way to create a different password for logging into the Cox WiFi connections?
    JonathanJ said:
    @ BitPusher

    Cox makes reasonable efforts to provide a secure service, but because this service is a wireless service, we strongly recommend you make sure any devices you connect are first protected by anti-virus / anti-malware software, and that your operating system firewall is turned on to provide additional protection. Cox cannot guarantee absolute security through Cox WiFi.

  • ColleenD's avatar
    ColleenD
    Moderator
    BitPusher,

    WPA2 encryption is prohibitive from a usage standpoint for public wifi connections. This would require pre-sharing the key with all intended users and still does not prevent others that have the key from eavesdropping on any traffic that is transmitted in the clear.

  • BitPusher's avatar
    BitPusher
    New Contributor
    Could argue on the WPA2 stuff, but that's not the issue. As deployed: a) what protects against anyone setting up a hot spot that looks and acts just like a Cox WiFi hotspot and collecting users Cox account passwords as they access the site. b) (most significantly) can we create a password just for use with the hotspots that is different from our Cox account password so if compromised, by whatever means, our Cox accounts and email accounts are not jeopardized. Thanks
  • MrMax's avatar
    MrMax
    New Contributor

    You want a simple answer, eh? Can Hotspots be spoofed? Yes they can.