Posts

Wi-Fi Hackers Snoop on Your Phone and Laptop: Here’s How They Do It

Wi-Fi is inherently flawed. Wi-Fi was born convenient, not secure. It is likely that you have heard about how dangerous it is to use an unsecured public Wi-Fi connection, and one reason is because a scammer can easily snoop. It is easier than you might think for a person to hack into your device when it is connected to a public Wi-Fi connection. In some cases they may be able to read your emails and messages, access your passwords, or even get personal information like your bank account number.

wiIt’s possible that your router or any router you connect to has been hacked and you won’t know it. A known tactic called DNS (Domain Name Server) hacking or hijacking, skilled hackers, (both black-hat and white-hat) can crack the security of a business or your home Wi‑Fi resulting in a breach. From there, if they are savvy, they’d set up a spoofed website (like a bank, or ecommerce site) and redirect you there.  From here the goal is to collect login credentials or even monitor or spy on your transaction’s on any website.

Think about this too; you are sitting in a local coffee shop working on your laptop while connected to the shops Wi-Fi. Someone sitting near you could easily download a free wireless network analyzer, and with some inexpensive hardware and software (google “Wifi Pineapple”), they can see exactly what you are doing online…unless your device is protected. They can read emails that you are sending and receiving, and they can do the same with texts.

Using a Wi-Fi Hotspot Safely: Tips

 Knowing what can happen when you are connecting to a public Wi-Fi spot, you want to know how to use them securely. Here are some ideas:

  • Don’t automatically connect to Wi-Fi networks. When initially connecting to a wireless network, we are often faced with a checkbox or option to “automatically connect” to the network in the future. Uncheck this and always manually connect. For example, if your home network is “Netgear” and you are somewhere and your device sees another network named “Netgear,” your device may connect to its namesake—which may not necessarily be as safe, potentially leaving your device vulnerable to anyone monitoring that new network.
  • When setting up a wireless router, there are a few different security protocol options. The basics are WiFi Protected Access (WPA and WPA2) is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP), was introduced in 1997.
  • Confirm the network you are connecting to. Granted, this is easier said than done. There are rogue networks called “evil twins” that criminals set up; they are designed to lure you into connecting by spoofing the name of a legitimate network. For example, you may use what you see as “Starbucks Wi-Fi” to connect while you’re sipping your latte, but you may also see a listing for “FREE Starbucks Wi-Fi.” Or “ATT WIFI” might be real, but a hacker might have “Free ATT WIFI” as a fake network. Which one—if either—is for real? Such setups are designed to lure you in—and once connected, your data might get filtered through a criminal’s device. If you don’t know if a network is safe or not, feel free to ask.
  • This is a bit 101, but when you log into any website, make sure the connection is encrypted. The URL should start with HTTPS, not HTTP. Most sites today encrypt your session automatically.
  • Use a VPN when you connect to a public Wi-Fi connection. A VPN is a technology that creates a secure connection over an unsecured network. It’s important to use because a scammer can potentially “see” your login information on an unsecured network. For instance, when you log in to your bank account, the hacker may be able to record your information, and even take money from your account. VPNs are free to a monthly/annual fee or a lifetime license.
  • If you are using a private network, make sure that you understand that they, too, are vulnerable. Anyone who has some knowledge can use these networks for evil. Always use a secure connection, and seriously, consider a VPN.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

How a Wi-Fi Hacker Snoops on Your Laptop and Mobile

You have likely heard of the dangers of using unsecure public Wi-Fi, so you know that hackers are out there snooping. It is pretty easy to hack into a laptop or mobile device that is on a public Wi-Fi connection with no protection. Hackers can read your emails, steal passwords, and even hijack your website log ins.

Let’s imagine that you are in a local coffee shop with your laptop. All someone has to do is download a wireless network analyzer, which usually has a free trial, and with the right hardware and additional software they can often see what everyone is viewing online…unless they are protected. In some cases they can also read your emails that are going out and received, as well as texts you might be sending. Scary, right?

Tips on How to Use a Wi-Fi Hotspot Safely

You now know what you are up against when you connect to a public Wi-Fi spot, but you should also know that you can use them with some safety in mind. Here are some tips:

  • When you log onto a website, only use an encrypted connection. This means use the URL that begins with HTTPS, not HTTP. Keep an eye on that as you move from page to page because some sites will send you to an unsecured page, which makes you vulnerable.
  • There are also many websites out there that will allow you to encrypt your browsing session automatically. Facebook, for instance, has this. To turn it on, go to your “Security” settings on the site, and then enable “Secure Browsing.”
  • If you are going to check your email, login to your web browser and then ensure that your connection to your email client is encrypted. (Check by looking at HTTPS). If you are using Outlook, or another email client, make sure that your settings are set for encryption.
  • Don’t use any service that is not encrypted when you are on a public Wi-Fi connection.
  • Consider using a VPN when you are connecting to a public Wi-Fi connection. There is a small fee for this, but it’s well worth it.
  • Beware of “evil twins” which are rogue networks designed to mimic legitimate networks. Example “ATT WiFi” my be “Free ATT WiFi”. Other than downloading special software that detects evil twins, the best case is to ask someone who’s knowledgeable as to which network is the safest.
  • If you are on a private network, make sure you realize that they are also vulnerable. Anyone who knows how can spy on the network. Again, use WPA or WPA2 security so the connection is encrypted. However, if someone guesses or knows the password, they can still spy on any device that is connected

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Don’t’s and Do’s when using Public Wi-Fi

Curl up in a chair at your favorite coffee house, the aroma of premium coffee filling the air, take a few sips of your 700 calorie latte, and then enter cyberspace. Little do you know that you could have a stalker. Or two. Or 3,000. Because public Wi-Fi is there for the picking for hackers. Online transmissions can be intercepted. The credit card number that you enter onto that retailer’s site can be “seen.”

3WDon’t Do These at a Public Wi-Fi Site

  • Never leave your spot without your device on you—not even for a moment. You may come back and still see your computer where you left it…but a thief may have installed a keylogger into it to capture your keystrokes.
  • Do not e-mail messages of a sensitive or serious nature.
  • When your computer begins seeking out a network to connect to…do not let it just drift to the first one it wants; see if you can choose one.
  • Don’t leave on your file sharing.
  • If you’re not using your wireless card, then do not leave it on.
  • Don’t do banking or any other sensitive activities.
  • Don’t position your device so that someone nearby can see the screen.

Yes, Do These when at a Public Wi-Fi Spot

  • Look around before you settle into a nice spot.
  • Sit somewhere so that your back is facing a wall.
  • Assume all Wi-Fi links are suspicious—kind of like assuming all drivers are drunk whenever you go out driving. A wireless link may have been set up by a hacker.
  • See if you can confirm that a given Wi-Fi link is legitimate.
  • Assume that if the connection name is similar to the Wi-Fi spot, that this could mean that the hacker was clever. Inquire of the manager of the coffee shop, hotel, etc., for information about their Wi-Fi access point.
  • You should consider using your cell phone for sensitive activities such as online shopping.
  • But cell phone or not, see if you could avoid visiting sites that can make it easier for hackers to nab your data—sites such as banking, social media and any site where your credit card information is stored.

Use a VPN. This stands for virtual private network. What a VPN does is create an impervious tunnel through which your data travels. Hackers cannot penetrate this tunnel, nor can they “see” through it. Your data is safe. The tunnel encrypts all of your banking and other sensitive transactions, as well as sensitive e-mail communications, plus downloads, you name it. With a virtual private network, you will not have to worry about a thief or snoop intercepting your transmissions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Big ISP free Wi-Fi hazardous to your Data Health

Beware of “Free Wi-Fi” or “Totally Free Internet,” as this probably IS too good to be true. These are likely set up by thieves to trick you into getting on a malicious website.

3WAT&T and Xfinity have provided many free hotspots for travelers to get free Wi-Fi: all over the country. Sounds great, right? However, these services make it a piece of cake for thieves to gain access to your online activities and snatch private information.

AT&T sets mobile devices to automatically connect to “attwifi” hotspots. The iPhone can switch this feature off. However, some Androids lack this option.

Cyber thugs can set up fake hotspots called “evil twins”, which they can call “attwifi,” that your smartphone may automatically connect to.

For Xfinity’s wireless hotspot, you log into their web page and input your account ID and password. Once you’ve connected to a particular hotspot, it will remember you if you want to connect again later in that day, at any “xfinitywifi” hotspot and automatically get you back on.

If someone creates a phony WiFi hotspot and calls it “xfinitywifi,” smartphones that have previously connected to the real Xfinity network could connect automatically to the phony hotspot—without the user knowing, without requiring a password.

None of this means that security is absent or weak with AT&T’s and Xfinity’s networks. There’s no intrinsic flaw. It’s just that they’re so common that they’ve become vehicles for crooks.

Smartphones and Wi-Fi generate probe requests. Turn on the device’s WiFi adapter. It will search for any network that you’ve ever been connected to—as long as you never “told” your device to disregard it. The hacker can set the attack access point to respond to every probe request.

Your device will then try to connect to every single WiFi network it was ever connected to, at least for that year. This raises privacy concerns because the SSIDs that are tied with these probe requests can be used to track the user’s movements.

An assault like this can occur at any public WiFi network. These attacks can force the user to lose their connection from their existing Wi-Fi and then get connected to the attacker’s network.

Two ways to protect yourself:

#1 Turn off “Automatically connect to WiFi” in your mobile device, if you have that option.

#2 the best way to protect and encrypt all your data in your laptop, tablet, or mobiule is via Hotspot Shields software to encrypt all your data even if you automatically connect to a free WiFi.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Basic Security Tips When Providing Free Wi-Fi at Your Business

Wi-Fi: freedom to connect wherever and whenever. And there is no better Wi-Fi than free Wi-Fi, unless we are talking “secure Wi-Fi” which usually isn’t free. Wi-Fi is great for bringing in customers and it’s a great promotional tool that creates customer loyalty. Merchants such as hotels, coffee shops, burger joints and just about anyplace with a store front, chairs and tables is offering free Wi-Fi.

But what about all the Wi-Fi security threats?

More and more internet savvy people realize that there is less and less anonymity on the web. This means that a criminal who operates from home or work can be detected via his IP address much easier. One way to avoid detection is to show up you’re your place of business and blend in with the connected crowd.

Criminals use free Wi-Fi for:

Pirating: Downloading stolen music, movies and software via Peer to Peer programs is big and costing the entertainment industry billions. The RIAA and MPAA don’t like this and will often crack down on whoever is connected to the IP address associated with the illegal downloading.

Child Porn: The long arm of the law is often spending time in chat rooms posing as the young and vulnerable and chatting it up with pedophiles who exchange in child pornography.  Wouldn’t be cool if the FBI to came knocking.

Hacking: Hackers will hack others on the free Wi-Fi network in order to steal usernames, passwords and account information.

Secure Wi-Fi

Creating a secure Wi-Fi that requires a user name and password to join. This may not prevent all kinds of e-crimes but it’s a start to improve your Wi-Fi network security. Charging even a dollar may get a credit card number on file and would mostly eliminate anonymity.

Web filtering: Your IT security vendor has tools similar to what a corporation may have in place that filters out known websites and prevents the sharing of Peer to Peer files.

Confirm you are on a business account: Many small businesses may set up under a personal account because it might be a bit cheaper. But that personal account doesn’t enjoy some of the protection and indemnities that a business account would.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures