Since corporations are becoming more disciplined with strengthening their wireless networks, trends show that wireless users have become the easiest target. Forcing secure Wi-Fi usage when it concerns human behavior is hard.
The normal wireless user is really not familiar with the threats imposed by connecting to an open Wi-Fi network at a local coffee shop or airport. Sometimes, users may inadvertently connect to a wireless network that they think is the true access point but that has, in reality, been set up as a honeypot or open network specifically to pull unsuspecting fools.
For example, a normal user may have a network at home named “ADSL.” As a result, their device may automatically connect to any other network known as “ADSL.” This built-in function can lead to an unintended connection to a malicious wireless network, more commonly referred to as wireless phishing.
Once an attacker obtains access to the user’s device, not only could the attacker steal data such as sensitive files, but the attacker could also collect wireless network credentials for the user’s corporate network. This attack may be far simpler to do than attacking the organization network directly. If an attacker can gain the credentials from a wireless user, he or she can then use those credentials to access the organization enterprise wireless network, bypassing any encryption or safety mechanisms applied to stop more sophisticated attacks.