The hotspots, known as "evil twins" can be set up quite easily by a criminal and jam the signal of authorized base stations. Once a user has logged onto an "evil twin" their data can be intercepted.
The warning came from Dr Phil Nobles, lecturer at Cranfield University's department of Information Systems in the UK. He said criminals could easily set up a fake hotspot with nothing more than a wireless-enabled laptop and some webserver software downloaded from the internet.
"Cyber criminals don't have to be that clever to carry out such an attack," he warned. He said criminals would have a cache of fake banking websites to garner sensitive data from unwitting hotspot users. Users entering usernames and passwords into the fake websites would receive an invalid password prompt. The criminal would then be able to use the information to steal money from the user.
"It is difficult to defend against these forms of attack," said Nobles. "Users need to look closely at any digital certificates to ensure their authenticity."
Nobles could offer only anecdotal evidence of such attacks taking place, but urged people totake extra care when using hotspots.
Dr. Nobles was due to demonstrate the technique at a talk at London's Science Museum Dana Centre tonight (Thursday January 20).