The proliferation of mobile wireless devices (smartphones, tablets, lightweight laptops) increases use of Wi-Fi networks outside of user's control. Connecting to an Access Point (AP) of the unsecure Wi-Fi network may expose user to different types of attacks: session hijacking, malware insertion, password interception, phishing for credentials, modifying information for misleading purposes (for instance, stock prices), etc. Using secure (HTTPS) sites only provides limited protection: attacker cam replace HTTP site's “Sign In” link, leading to a phishing site, intercept redirect from HTTP to HTTPS, or deduce HTTPS access pattern.
Due to these risks, users should avoid connecting to unsecure APs without additional protection. Virtual Private Network (VPN) usually provides sufficient protection for unsecure or untrusted connections by encrypting all traffic from the client through the router to the VPN server. In this way, neither other users on the same network or router software can see or modify client's traffic. However, VPN usually incurs performance penalty: path through the VPN server can be longer than direct route to the content provider.
Therefore, Wi-Fi users need information about security of available APs to decide on the best connection choices. Currently, the main source of this information is a security protocol announced by Wi-Fi hotspot: Wi-Fi networks without encryption (“public”) or with weak encryption (WEP) are considered unsecure; networks with modern security protocols, such as WPA-PSK and WPA Enterprise, are usually considered secure.
However, announcement of a good security protocol does not guarantee user safety during connection to a specific AP. While some Wi-Fi routers can be compromised remotely, more attacks are possible when attacker is in physical proximity to the user. Some APs in user's communication range could be honeypots: APs with legitimate-looking names, set up to gather passwords or to modify traffic. If hotspot's password is weak, nearby attacker can discover it by using widely available software and join the network without authorization. Untrusted users on the same network can force reconnects and then decrypt network traffic, or use ARP cache poisoning to present their device as a gateway, becoming a man-in-the-middle, or detect and exploit router vulnerabilities. If user's computer is already infected with malware, such attacks can be executed without user's awareness.
There are some methods to detect possible attacks in presumably secure Wi-Fi hotspots, such as detection of a sudden gateway change that could indicate ARP attack. However, these methods are unreliable and can generate large number of false alarms: ARP records may change when user moves between different APs in a hotel; repeated reconnects can be caused by bad connection quality; honeypots may not present any known danger indicators.
AP or network gateway may protect users from some types of attacks by enforcing client isolation: each client is only allowed to communicate with the gateway, but not with other local clients. This method may be used only if local network doesn't have devices that require inter-client communications (printers, local storage etc.), and doesn't protect from honeypots. When available, client isolation isn't announced and therefore is not used to make a decision whether to deploy additional protection.
In addition to different risk profiles, different APs in the same communication range may have large differences in connection quality: for instance, one could support large data throughput through high-bandwidth ISP, while another offers much lower data throughput through a different ISP. Currently, there is no way to select the network with best connection quality, in particular larger bandwidth, before actually testing each connection from user's device.
Therefore, there is a need for a means to evaluate security and connection quality of wireless access point, especially ones that announce strong security protocols but have vulnerabilities that may expose their users to significant dangers or problems associated with low connection quality.