Tuesday, July 19, 2016

Wi-Fi (In)Security

One of the fastest growing trends over the last decade had been the availability of wireless internet. From homes and businesses to coffee shops and restaurants Wi-Fi has significantly changed the way we work and play. We have the ability to interact with the virtual world from pretty much anywhere, and that access is on the rise, with new networks and mobile hotspots popping up everywhere. However, the convenience of free Wi-Fi comes with some very real threats – from viruses to identity theft. Wi-Fi is a type of wireless local area network (WLAN) technology that allows laptop or smartphone users to exchange data or connect to the internet using radio waves. The core technology behind Wi-Fi is a hardware device called an access point, which connects the wired network and broadcasts the radio waves to extend the network wirelessly. All of the transmissions sent and received on a Wi-Fi network are encrypted using one of 3 different protocols (WEP, WPA, WPA2) to attempt to protect the data from theft. If your device uses WEP replace it immediately, it is outdated and insecure. A hacker can break through WEP in about 10-15 minutes of being within range of the network. WPA2 is the newest and most popular, and generally considered to be the most secure. There are more considerations that go into protecting your own network, and even some steps you can take to make your Wi-Fi network more secure, but what about public Wi-Fi? What risks do you face, and how can you know if you are safe? Public access points, called “hotspots” allow many people within a certain area to “tune in” to the specific radio waves used my that network to access the internet. An example of this is going to Starbucks and connecting to the “Starbucks Wi-Fi” while you are there. One of the biggest risks of public Wi-Fi like Starbucks is called Network Sniffing. If a hacker has gotten access to the wireless network they can use a “sniffing” application to intercept and sort through all visible traffic on the network. Anything you would do online could potentially be watched by someone else. Even without the presence of active hackers, your privacy is never guaranteed when you access a public hotspot. One of the biggest breaches of privacy is often perpetrated by the organization or business offering the free Wi-Fi. Often, when joining a public network you will be asked to leave an email address, phone number, or even like a page on social media. In addition they can use signal strength to track where you are in the store, and what types of websites you visit. Next thing you know, you are getting advertisements targeted to you based on your browsing history and location data. These may be less malicious that some threats, but can certainly be intrusive. One of the most dangerous threats you can face with public Wi-Fi is a spoofed or rogue access point. A savvy hacker could hook up their own access point next to a legitimate one and name it something similar, luring unsuspecting individuals to connect to it in error. Once you have connected to a malicious hotspot they can use it to install malware on your system, or track your activity to steal passwords or bank information. For example, if you try to go to facebook.com they may redirect you to a spoofed “look-alike” site they put together that will steal your password and any other information you give them. Before you even know if you could be well on your way to becoming a victim of identity theft. Although you always run a certain amount of risk when using public Wi-Fi there are certain measures you can take to protect against attackers. Here are the most common precautions: 1. Always confirm the legitimacy of a Wi-Fi network before connecting to it; do not reply on the name alone. If there are multiple access points showing up for the same venue, ask a staff member which one to use. Also, be sure to read that venue’s Terms of Service carefully to ensure that your privacy will not be breached. 2. Ideally, you should only use public Wi-Fi to browse websites that do not require login credentials (e.g., news websites, Wikipedia, etc.). However, if you do need to access sensitive data or enter login credentials, only go to websites that start with HTTPS ( a more secure version of the HTTP web protocol). 3. Never install software while using public Wi-Fi, it can often introduce viruses or malware into your computer. For example, a common attack is to inform a user of an outdated service like Adobe Flash and take them to a spoofed website to download the “update” 4. A good way to ensure good security while accessing public Wi-Fi is to use a VPN. A VPN essentially creates a secure tunnel between your device and a third party server. All data that passes through the tunnel is encrypted, and therefore protected from prying eyes like the Wi-Fi provider or anyone trying to “sniff” the network. It is easy to take free Wi-Fi access for granted. Unfortunately, as public hotspots become more prevalent, so will hackers. Your best protection against data theft is an understanding of Wi-Fi and its vulnerabilities, and taking a few precautions. If you want to look further into some of the different ways you can protect yourself, or how you can further protect your wireless network from breaches, please give us a call. We would be more than happy to review your current setup and make recommendations for any changes needed.