“And unfortunately (with) RFiD the security is lagging far behind … You know what the worst part about this? The companies that are rolling this out … they are promoting it as an additional security measure but it’s two steps back for security because now you are transmitting your information in a three-foot sphere to anyone that wants to listen to it,” said Adams.
The other activity is WiFi hunting. Similar to war-driving, criminals will bring portable wireless scanning devices into a Starbucks that search for open laptop ports. Once an open port is located, scripts and other Trojans are downloaded onto the unsuspecting person’s laptop. The next time they log on somewhere, the script and its payload—keylogger, botnet, virus, whatever—launch.
Why Starbucks?
While these events can happen just about anywhere, Starbucks are particularly targeted because of their success at branding themselves as, more or less, the WiFi café of choice for busy, business professionals on the go.
“In one instance it started because they couldn’t get a meeting room in their offices so they said, ‘Let’s just go to Starbucks down the street.’ And then it became a habit and, unfortunately, patterns are things criminals look for,” said Adams. And, even more unfortunate, this particular group got up together—leaving their gear unattended—to order.
To thwart these persistent and inventive spooks, Berkuta suggests three basic security measures:
“Each (security measure) has a weakness and a strength,” said Berkuta. “In concert with each other, when they work together, you have a pretty resilient system to keep you laptop in a pretty secured fashion.”