Posts

Wi-Fi Hackers Snoop on Your Phone and Laptop: Here’s How They Do It

Wi-Fi is inherently flawed. Wi-Fi was born convenient, not secure. It is likely that you have heard about how dangerous it is to use an unsecured public Wi-Fi connection, and one reason is because a scammer can easily snoop. It is easier than you might think for a person to hack into your device when it is connected to a public Wi-Fi connection. In some cases they may be able to read your emails and messages, access your passwords, or even get personal information like your bank account number.

wiIt’s possible that your router or any router you connect to has been hacked and you won’t know it. A known tactic called DNS (Domain Name Server) hacking or hijacking, skilled hackers, (both black-hat and white-hat) can crack the security of a business or your home Wi‑Fi resulting in a breach. From there, if they are savvy, they’d set up a spoofed website (like a bank, or ecommerce site) and redirect you there.  From here the goal is to collect login credentials or even monitor or spy on your transaction’s on any website.

Think about this too; you are sitting in a local coffee shop working on your laptop while connected to the shops Wi-Fi. Someone sitting near you could easily download a free wireless network analyzer, and with some inexpensive hardware and software (google “Wifi Pineapple”), they can see exactly what you are doing online…unless your device is protected. They can read emails that you are sending and receiving, and they can do the same with texts.

Using a Wi-Fi Hotspot Safely: Tips

 Knowing what can happen when you are connecting to a public Wi-Fi spot, you want to know how to use them securely. Here are some ideas:

  • Don’t automatically connect to Wi-Fi networks. When initially connecting to a wireless network, we are often faced with a checkbox or option to “automatically connect” to the network in the future. Uncheck this and always manually connect. For example, if your home network is “Netgear” and you are somewhere and your device sees another network named “Netgear,” your device may connect to its namesake—which may not necessarily be as safe, potentially leaving your device vulnerable to anyone monitoring that new network.
  • When setting up a wireless router, there are a few different security protocol options. The basics are WiFi Protected Access (WPA and WPA2) is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP), was introduced in 1997.
  • Confirm the network you are connecting to. Granted, this is easier said than done. There are rogue networks called “evil twins” that criminals set up; they are designed to lure you into connecting by spoofing the name of a legitimate network. For example, you may use what you see as “Starbucks Wi-Fi” to connect while you’re sipping your latte, but you may also see a listing for “FREE Starbucks Wi-Fi.” Or “ATT WIFI” might be real, but a hacker might have “Free ATT WIFI” as a fake network. Which one—if either—is for real? Such setups are designed to lure you in—and once connected, your data might get filtered through a criminal’s device. If you don’t know if a network is safe or not, feel free to ask.
  • This is a bit 101, but when you log into any website, make sure the connection is encrypted. The URL should start with HTTPS, not HTTP. Most sites today encrypt your session automatically.
  • Use a VPN when you connect to a public Wi-Fi connection. A VPN is a technology that creates a secure connection over an unsecured network. It’s important to use because a scammer can potentially “see” your login information on an unsecured network. For instance, when you log in to your bank account, the hacker may be able to record your information, and even take money from your account. VPNs are free to a monthly/annual fee or a lifetime license.
  • If you are using a private network, make sure that you understand that they, too, are vulnerable. Anyone who has some knowledge can use these networks for evil. Always use a secure connection, and seriously, consider a VPN.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Hackers Hacking Airport USB Ports

Have you ever wondered if it’s a good idea to surf the internet using a public WiFi network at the airport? It’s heavily trafficked, so it’s more likely that your information could get stolen, right? In some cases, it is safe to use public WiFi; your information isn’t always entirely at risk if you’re connecting to the airport network but there are definitely vulnerabilities. And, when at the airport, you may want to rethink the urge to plug in your phone using one of the USB charging stations near the gate.

It is possible that cybercriminals could use those stations to download your personal data or install malware onto your device without your knowledge or consent. It’s a crime that’s being called juice jacking.

The IBM Security X-Force Threat Intelligence sector, says that using a public USB port for charging is similar to finding a toothbrush in the street and making the decision to put it in your mouth. You don’t know where the toothbrush has been, and the same applies to that USB port. You don’t know who used it before you and may not be aware that these USB ports can pass along data.

While it is possible for this to happen, it’s not necessarily an epidemic, and there isn’t a reason to panic just yet. There haven’t been widespread reports that juice-jacking has happened in airports (or anywhere else.) However, it could be happening without people knowing, which means it could be a significant issue, and no one knows it yet.

If you don’t like the idea of cybercriminals stealing your information and want to stay safe, do this:

Prevent Juice Jacking

  • Before leaving your house, make sure your phone is fully charged if possible.
  • Buy a second charger that stays with you or in your car at all times, and make a habit of keeping your phone charged while you drive.
  • Of course, there will be times when you’re out and about, and before you realize it, your device has gotten low on power. And it’s time to hunt for a public charging station.
  • Have a cord with you at all times. This will enable you to use a wall socket.
  • Turn off your phone to save batt. But for many people, this will not happen, so don’t just rely only on that tactic.
  • Plug your phone directly into a public socket whenever you can.
  • If you end up using the USB attachment at the station, make a point of viewing the power source. A hidden power source is suspicious.
  • If bringing a cord with you everywhere is too much of a hassle, did you know you can buy a power-only USB cord on which it’s impossible for any data to be transferred?
  • Another option is an external battery pack. This will supply an addition of power to your device.
  • External batteries, like the power-only USB cord, do not have data transfer ability, and thus can be used at any kiosk without the possibility of a data breach.
  • Search “optimize battery settings” iPhone or Android and get to work.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to kick People off your Wi-Fi

If someone is “borrowing” your Wi-Fi service, there’s more to this than just the nerve of someone secretly mooching off of you.

2WTheir use of your service could interfere with bandwidth and mess up your connection. If they’re a bad guy hacker or even a skeevy child porn peddling pedophile and get caught, it can be traced to your connection—and you will have a lot of explaining to do to the authorities when they bang on your door at 4am with a battering ram.

How can you tell if someone’s riding on your signal?

  • Log into your router to see what’s connected.
  • For less techy people, use the free Wireless Network Watcher to get the list of connected devices.
  • Do all the devices on the list belong to you? Any that don’t? Ones that don’t are thieves. You will not know, of course, how often they mooch off you unless you bring up the list regularly.
  • Make a record of this device/gadget list (or take a screenshot).

How do you figure out whom the user is?

  • Their devices name may coincide with their real name, address or other identifying information.
  • But knowing who they are isn’t important. Just encrypt your Wi-Fi network, as this will usually stop the mooching.

Encryption is key.

  • Keep in mind a savvy Wi-Fi thief can get past WEP encryption. If this is the case, change your password and make sure you are at least on WPA encryption. Then recheck the device list.

Upgrade and update.

  • Unfortunately, many routers have security flaws and hackers can still sneak in through a backdoor in your router.
  • Make a backup of your settings, take screenshots if necessary. You will need to reset the router to factory settings, update all software and firmware, and then set things up all over again.
  • Bear in mind that changing the encryption password means you will have to update the password on every one of your devices.

What if there’s no intruder but your connection is still slow?

  • Evaluate your Internet speed: Do a search for “internet speed test” and see what you are supposed to be getting.
  • Check your “throughput”. Throughput is the measurement of data speeds within your home network. You can check your throughput with numerous online tools. This will show if your Wi-Fi speed is slower than the Internet speed.
  • Determine how many devices your router will support. Some routers bog down after 5-7 devices. Many homes may have as many as 10-20 devices connected and not realize it. If so, you may have too many devices in the household. Disconnect all but one, then check the speed. If this is the cause, then you need a new router that can handle multiple connections.
  • If you only have a few devices connected, however, then you may need a modem upgrade or router upgrade. Consumers already know their devices constantly need upgrading so shouldn’t be surprised that their modem and router need to be swapped out every couple three years.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Be Cautious When Using Wi-Fi

The proliferation of mobile devices means that we can work or play online from almost anywhere, so it’s no surprise that public Wi-Fi networks have become more common. From hotels and coffee shops, to universities and city centers, Wi-Fi is widely available, but is connecting to these networks safe?

4WIf you were carrying on a highly sensitive conversation on a park bench with your closest friend, would you want everyone in the immediate area to gather around and eavesdrop?

That’s essentially what happens—or what could happen—when you communicate online using public Wi-Fi, such as at coffee houses, hotels and airports.

Non-secured public Wi-Fi makes it easy for hackers to read your email correspondence and the information you type to get into your critical accounts.

Of course, with a VPN, your online activities will be unintelligible to eavesdroppers. A virtual private network will encrypt everything you do so that hackers can’t make sense of it. A VPN is a service you can use when accessing public Wi-Fi. A VPN will also prevent exposing your IP address.

So, if you are going to connect to public Wi-Fi, make sure that you take some steps to keep your device and information safe.

Follow these tips to stay protected:

  • Turn off sharing—Keep others from accessing your computer and files by turning off sharing when you are on a public network. This can be accomplished by visiting your computer’s control panel (on Windows), or System Preferences (Mac OS X).
  • Use a “Virtual Private Network”—If you frequently use public Wi-Fi, it might be a good idea to use a Virtual Private Network (VPN). A VPN is like your own private network you can access from anywhere. You can subscribe to VPN services for a low monthly fee.
  • Avoid information-sensitive sites—When using public Wi-Fi, try to avoid logging in to banking and shopping sites where you share your personal and financial information. Only do these transactions from a trusted connection, such as your protected home network.
  • Use sites that start with “https”—Sites that begin with “https” instead of just “http” use encryption to protect the information you send. Look for this level of security on sites where you plan to enter login and other personal information.
  • Use multi-factor authentication – Find out which of your accounts offer two-factor authentication. This would make it next to impossible for a hacker, who has your username and password, to bust into your account—unless he had your phone in his hand—the phone that the two-factor is set up with.
  • Always log out – Don’t just click or close out the tab of the account when you’re done; log off first, then close the tab
  • Avoid automatically connecting to hotspots—Keep your computer or device from automatically connecting to available Wi-Fi hotspots to reduce the chances of connecting to a malicious hotspot set up to steal information. Make sure your device is set up so that it doesn’t automatically reconnect to that WiFi when within range. For example, your home WiFi may be called “Netgear” and will reconnect to “Netgear” anywhere, which might be a hackers connection who can snoop on your data traffic.

PC:
For Windows
Make sure no “Connect Automatically” boxes are checked.
Or, go to the control panel, then network sharing center, then click the network name
Hit wireless properties.
Uncheck “Connect automatically when this network is in range.

For Mac:
Go to system preferences, then network
Under the Wi-Fi section hit the advanced button.
Uncheck “Remember networks this computer has joined.”

Mobile:
For iOS:
Go to settings, select the Wi-Fi network, then hit forget this network.
For Android:
Get into your Wi-Fi network list, hit the network name and select forget network.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!

Risks of Public WiFi

Wired internet or wireless WiFi, the warnings are out there: Don’t visit any websites that you have important accounts with when using a public computer (hotel, airport, café, etc.).

3WVisiting even a more trivial account, such as an online community for cheese lovers, could sink you—in that a cyber thief might get your username and password—which are the same ones you have for your bank account, PayPal and Facebook.

Why is public Wi-Fi such a bad thing for shopping and banking and other such activities?

Snooperama

  • As already touched on, a roving hacker could glean your username and password, or credit card number and its three-digit security code when you do online shopping, because the cyber communications of public Wi-Fi are not encrypted. They are not protected or scrambled up. The cybersnoop can thus see what everyone’s passwords, usernames and account information is.
  • Hackers can also see what sites you’re visiting and what you’re typing on those sites.

If you plan on using public Wi-Fi, make sure your device has full protective software including a firewall (and you should always have these anyways).

When connecting to public Wi-Fi, always choose the “public” network rather than the “home” or “work” options when using Windows. This will prevent Windows from sharing files.

If you absolutely must conduct work or personal business while on public Wi-Fi, then use a VPN: virtual private network; it scrambles communication into gibberish by encrypting it.

Malicious Locations for the Wi-Fi

Don’t assume that a hacker is far away when he snoops for something to steal. For instance, the “hotspot” to connect online may have been set up by a thief like a spider in a web waiting for flies. Additional ways a hotspot could be malicious:

  • HTTP connections can be hijacked by software called sslstrip. This software generates copycat links—a domain name that looks just like the authentic one, but appearances are deceiving because these imposter domain names use different characters.
  • Hackers can use the Wi-Fi Pineapple to set up the attacks mentioned above. The Pineapple is on the lookout for when a laptop is trying to connect to a network it recalls, barges in and claims the summoning. Pineapple is now in a position to perform additional attacks.

Hack Prevention

  • Avoid online activity using public Wi-Fi with important accounts. If their site has HTTPS with the padlock icon there is a degree of security here, however, the rule still stands: no public Wi-Fi for important accounts. The only exception to this hard rule is if you have the VPN.
  • Using a VPN will encrypt all of your online activities, freeing you to use public Wi-Fi for anything. Hotspot Shield is a VPN provider that’s compatible with iOS, Android, PC and Mac. It runs quietly in the background.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Things You should and shouldn’t do on Public Wi-Fi

Public Wi-Fi is the location where you can get online: airport, airplane, coffee house, hotel, motel and more. Many people don’t give this a second thought, unaware of how risky this really is.

4WPublic Wi-Fi is very non-secure, a goldmine for hackers who want to steal your identity and commit fraud, destroy your website, you name it. They can do this many ways, including intercepting your activity with an imposter website where you input login details—that the hacker then obtains.

But public Wi-Fi will always be risky as long as its proprietors, such as the coffee house, find that enabling security features hampers ease of use for patrons.

So even if you don’t do banking and shopping online, the wrong person can still see, word-for-word, your e-mail correspondence.

Do’s at a Public Wi-Fi

  • Make sure your devices are installed with antivirus, antimalware and a firewall, all updated.
  • Prior to when you anticipate using public Wi-Fi, consider the nature and amount of sensitive data on your device, maybe remove it (and back it up).
  • Make sure the hotspot is legitimate; speak to the proprietor. Cybercriminals could set up hotspots as “evil twins”.
  • Sit against a wall so that nobody can spy what’s on your screen.
  • If sitting against a wall is not possible, be aware of who’s around you. Cover your hand when typing in login information.
  • Use a privacy screen; this makes it impossible for a “shoulder surfer” to see what’s on your screen while they peak over your shoulder or from the side.
  • Use a VPN: virtual private network. It will encrypt all of your online transactions, making them impossible to decipher by cyber criminals, whether it’s login information, usernames, passwords or e-mail correspondence. Even your IP address will be concealed. Hotspot Shield is a VPN provider, and it’s compatible with Mac, PC, iOS and Android, quietly running in the background after it’s installed.

Don’t’s at a Public Wi-Fi

  • Don’t let your device connect with the first network that “takes.” Instead, select it.
  • Do not keep your wireless card on if you’re not using it.
  • Do not keep your file sharing on.
  • Can you not wait till you’re in a secure location to do banking and other business transactions? No matter how bored you are waiting at the airport or wherever, do not do banking and other sensitive activities.
  • Don’t engage in any serious or sensitive e-mail communications.
  • Never leave your devices unattended for a single second. Not only can someone walk off with them, but a thief can insert a keylogger that records keystrokes.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Tips to Stay Digitally Safe on Spring Break

Give me a break! In the next month, students will get the week off for spring break—a much needed reward after months of hard work and, for some, gnarly winter weather. Spring break means free time, family vacations, trips with friends, and timeless memories.

7WBut, spring break can pose some risks to your online reputation and your identity. So whether you are going to party it up in the Caribbean or you are taking the kids to Disney World, here are some tips to keep you digitally safe this spring break.

  1. Don’t bring more technology than you have to. Do you really need to bring your laptop, tablet, and smartphone on your beach vacation? The more devices you bring, the more chances for someone to steal or compromise your device and your personal data.
  2. Backup your data. No matter what devices you decide to bring, make sure you back them up before you leave. You don’t know what will happen on your trip, don’t risk your data.
  3. Share when you get home. It’s tempting to share that family picture with Mickey, but it could alert thieves that you aren’t home. Wait until you return home before you share your vacation pictures online.
  4. Review your privacy settings. Just because you aren’t sharing anything from your spring break on social media, doesn’t mean that your friends aren’t. Check up on your privacy settings so you can manage who sees your content, and as best as possible, what others say about you. That embarrassing video of your belly flop doesn’t need to be seen by everyone.
  5. Be careful when using public Wi-Fi. Don’t log on to bank/credit card sites or shop online when using a public Internet connection. You don’t know who else is on your network.
  6. Install security software on all your devices. Use comprehensive security software likeMcAfee LiveSafe™ service to protect your devices no matter where you are.

Have a great spring break!

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Everyone is vulnerable to Attack

There’s the war on drugs, the war on terrorism, the war on cancer and the war on cyber threats. In fact, more people are vulnerable to cyber attacks than they are to the first three threats combined.

7WSo pervasive is this threat that President Obama fully recognizes that everyone is at risk. He even signed an executive order recently in the hopes of promoting the sharing of more cybersecurity related data between the government and the private sector.

Recently President Obama presented a speech at Stanford University; the attendees included government officials and leaders in the tech world. He admitted that the government is a bit befuddled over how to provide the private sector with protection from cyber threats. And don’t forget that many hackers operate overseas, making them tougher to track down.

Obama’s message is that it’s difficult for the government to simultaneously protect the public and not be intrusive into peoples’ privacy.

He referred to the cyber world as the “Wild Wild West,” but it sounds more like the Wild Wicked Web. But he likens it to the Old West because people want the government to play the role of sheriff.

With practically the entire world online (even people living in huts along rivers have computers), everyone’s a potential victim.

Obama has really been putting his foot down hard about this, having begun in 2013, when the so-called cybersecurity framework was formulated—a scheme that’s designed to enhance cyber security, and this protocol has been put in place by some major corporations.

But Obama hasn’t stopped there. In January he announced plans for additional protection for the private sector.

Nevertheless, many people, including business decision makers, believe that the Obama Administration isn’t moving fast enough. They want to see these plans in writing, but these executive orders have not been made obtainable, perhaps making some tech leaders feel that Obama isn’t taking things quite as seriously as he says he wants to.

Regardless, the onus of responsibility is on you good reader. Nobody is going to protect your device or data better than you. Keep reading, keep your devices updated and maintain your awareness of various scams because criminals are getting better and better every day.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Beware of scary WiFi Virus

It’s called Chameleon—a computer virus—but maybe it should be called FrankenVirus. You wouldn’t believe what it can do: literally move through the air, as in airborne—like a biological pathogen.

2WAnd like some Franken-creation, it came from a laboratory, cultivated at the University of Liverpool’s School of Computer Science and Electrical Engineering and Electronics.

Chameleon leaps from one WiFi access point to another. And the more access points that are concentrated in a given area (think of them almost like receptor sites), the more this virus gets to hop around and spread infection.

The scientists behind this creation have discovered that the more dense a population, the more relevant is the connectivity between devices, as opposed to how easy it was for the virus to get into access points.

Access points are inherently vulnerable, and Chameleon had no problem locating weak visible access points from wherever it was at, and it also avoided detection.

“When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it,” explains Professor Alan Marshall in an article on Forbes.com. He added that this malware pursued other WiFi APs to connect to and infiltrate.

The scientists made this virus subsist only on the network—a realm where anti-virus and anti-malware systems typically do not scavenge for invaders. Protective software seeks out viruses on your device or online. Thus, Chameleon earns its name.

Think of this virus like the burglar who goes from house to house overnight, jiggling doorknobs to see which one is unlocked. WiFi connections are like unlocked doors, or locked doors with rudimentary locks.

Chameleon’s creators have come up with a virus that can attack WiFi networks and spread its evil fast. The researchers now want to come up with a way to tell when a network is at imminent risk.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

5 Ways to prevent Airline WiFi from Hackers

When getting on a flight many business professionals connect online. It’s common these days to see a number of people on an airplane busy at their laptops—business-looking people dressed in suits, eyes pasted to spreadsheets, charts, graphs and other grinding tasks.

4WHow many know that their company’s data can be snatched out of thin air, literally?

Here’s the thing: If you are connecting to WiFi on a plane and have all these company secrets on your device and all this client data, there is a solid chance you are risking information. Savvy business travelers may not be savvy about security—or, specifically, the lack thereof in airplane WiFi.

When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

The plane’s WiFi service comes in cheap (something like $12.95), but with a cost: no protection. Other people can see your or your company’s trade secrets and other private information. If the airline boasts there IS security, they mean for your credit card. Not much more.

Another thing travelers usually don’t know is that when they boot up their device, they may be tricked into selecting a particular connection (wireless network), without knowing that this network has been set in place by a hacker, they call this an “evil twin”. If you connect to it, your data is his to see.

GoGo is an in-flight WiFi service that a researcher says was using phony Google SSL certificates that interfered with passengers’ ability to get video streaming services but more alarming it was reported it also allowed data leakage. In short, GoGo made it look like this was coming from Google.

GoGo was called on this. In a report on theregister.co.uk, GoGo’s chief technology officer explains that the company’s feature did not snatch data from passengers, and that it only served the purpose of blocking streaming services. They said that GoGo simply wanted to upgrade network capacity for air travel passengers, and that they don’t support video streaming. Still, not cool.

How can airline passengers protect their data?

  • When you’re not using WiFi, when it’s time to nap or read some nonsense about the Kardashians in a print magazine, go to your wireless manager and disable the WiFi connection with a right-click. Your laptop may also have a keyboard key to do this.
  • If you must absolutely use public Wi-Fi for activities involving highly sensitive information, make sure that the Wi-Fi network is secure and trusted.
  • Before you get onto any website, check the URL field to make sure that there is an “https” (not “http”) AND a padlock icon; these indicate the site is secure. Also check the security certificate.
  • Make sure that every device that you own has full protection such as antivirus and a firewall.
  • You can also use encryption. Encryption scrambles your data so that it appears to be gibberish to any hackers or snoops wanting to get ahold of it. Encryption comes in the form of a virtual private network, such as that offered by Hotspot Shield. It’s free and will scramble (encrypt) all of your online activity such as things you download, purchases, etc. This provides an impenetrable shield that guards your online actions.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.