A new threat has materialized.
The most common way attackers would hack in to a wireless network is by attacking the access point.
They can target the access point and depending of the security encryption used such as WEP , WPA or WPA2 hack into the network.
When an attacker hacks into the wireless network the attacker can start to sniff the traffic on the wireless network or even force all traffic to route via the attackers laptop.
By this the attacker can decrypt ssl traffic and obtain sensitive information.
And WEP and WPA2 encryption can be brute forced so in just a matter of time it can also be compromised.
A new threat has come to light where the attackers can now attack the clients.
So for example if an employee at Company XYZ has a laptop and the company is aware of security so they use a strong wpa2 aes encryption he connects to the network every day when he is at work.
He takes the laptop with him on business trips and to his home when he works from home.
Now the problem is that when he is not in the company building his laptop running Windows or another operating system will still be looking for the wireless access point called Company XYZ.
It is doing this to auto connect automatically when the network is within range so this is a smart feature that makes connecting to wireless networks automatically more easy.
The problem is that an attacker for example in an airport or a hotel can pickup that the laptop is looking for Company XYZ access point.
The attacker can now make a fake access point on his laptop with any encryption WEP, WPA, WPA2 .
By doing this he can trick your laptop to automatically connect to him and your laptop would think it is connected to Company XYZ access point.
When this happens he will get the handshake of the company wireless access point making it more easy for him to hack in to the company.
And he is now directly connected to the laptop.
So if there are open shares or other less secure settings he can now hack this laptop and obtain all the information.