In our previous article, we discussed how hackers can use sniffing techniques to steal your data in public places. In this article we will look at how hackers can go that extra step, to trick the public into connecting to wireless access points that they own and control.
In today’s world, when we enable Wi-Fi on our devices, whether they are laptops, mobile phones or tablets, we tend to see many wireless networks around us, no matter where we are. We often identify the wireless networks we connect to by their network name, technically known as Basic Service Set Identifier (BSSID). These network names are often changed to more meaningful and memorable terms that the public can associate. For example; if we were in Costa coffee shop with Wi-Fi we would most likely expect their wireless network name to contain the word ‘Costa’. We often connect to these networks willingly without questioning their integrity and security, which is where we can fall vulnerable to hackers.
Hackers can take advantage of our willing nature by fabricating fake wireless access points. A fake wireless access point would usually replicate the broadcast name of a genuine access point to trick people and their devices into connecting to it. These tend to provide Internet access to everyone. As the hacker is in control of the fake wireless access point, every connected person who uses it for online banking, sending emails, browsing web sites and other activities must send their data to the hacker. By doing so, this allows hackers to rummage through the data you send them, harvesting your usernames, passwords, as well as possibly reading your emails. This type of attack can be known as evil twins, honeypot access points and rogue access points.
There are a number of ways you can defend yourself against this style of attack. We recommend the following:
1) If possible use your own private Internet connection provided by your mobile service provider.
2) Use a Virtual Private Network (VPN) service to encrypt your network data. i.e. VPN Unlimited and Express VPN.
3) Be vigilant of any sudden and constant network drop outs.
In conclusion, using public hotspots can open you up to data loss and theft and act as a vector for attack. By following our four steps and with a little knowledge of the attack you can protect yourself in public. Using a VPN and being aware of the risks is the digital equivalent of keeping your bag zipped when out in public and should become second nature.
As with any threat, online or otherwise, knowing your enemy helps to protect you. When you know their techniques and their approaches, you can increase your chances that your data remains safe.