Beware of hackers when using free Wi-fi

Be wary of using free Wi-Fi connections from public places such as airports as an increasing number of South African users risk having sensitive personal information captured while doing so, warn IT experts.

Empowering women through improved computer literacy TAKE CARE: Wireless technology may be convenient, especially for travellers since wi-fi hot spots are plentiful, but users should guard against criminals prowling networks. REUTERS

Chris Welham, marketing director at Space Age Technologies, warned consumers operating a computing device to do so in a safe manner because, like any type of security, IT security cannot be guaranteed through technology alone.

However, he added that the technology aspect should be fully addressed anyway and relevant security updates should be applied for all software. Reputable antivirus software should also be installed.

“When making use of wireless hot spots, there are a few simple precautions everyone should take, in addition to the technology aspects just mentioned.

“For example, do not use a free wireless connection – use only wireless connections for which you have obtained a token – and ensure you are using reputable wireless providers (such as Skyrove and MWeb) and ask at the information desk for the correct name of the wireless network. Importantly, once connected, only access services over secure connections.

“In other words, if using your browser, make sure the site address starts with ‘https’. Be very careful when downloading e-mail – some e-mail connection types are very unsecure, and addressing this may require a change to the way you receive your e-mail and what service you use for e-mail.”

He said it was unsecure for users to access files over the internet as this largely depended on the service used and how consumers are connected to it.

“My recommendation would be to obtain advice from a reputable IT professional – show them the services you would like to access and let them comment on your risk level for each.”

Carey van Vlaanderen, chief executive of ESET Southern Africa, said logging in to check bank balances, do online shopping or send e-mails all mean computers have to send login information across the network – a goldmine scammers look for.

“Sitting in an airport is the ideal time to grab your laptop and send out a couple of e-mails using a free Wi-Fi hot spot. You connect and send, and are off on your way.

“What you don’t know is that the free Wi-Fi may come with a price: your login credentials and network traffic being sniffed and captured before sending them along to the real Wi-Fi hot spot, and your information stolen en route, undetected.” She said according to the firm’s global research project Online Security Brand, which includes other players, almost half of the users worldwide were connecting to the internet using portable devices as the primary connection device. Notebooks were found to be the most popular at 41 percent, followed by netbooks at three percent, smartphones at two percent and tablets at one percent.

Van Vlaanderen warned that hot spots with unrecognisable names or ones that closely resembled the names of the official ones should raise danger flags.

“Be especially wary of ‘unsecured’ hot spots, ones where you don’t need to enter a password to gain access.

“The magic happens through a proxy technology, which intercepts your Wi-Fi communication, captures and stores a copy locally on the scammer’s laptop, then sending your information on to a ‘real’ Wi-Fi hot spot.

“This will slow down your traffic a little, but with congested networks, it is often hard to tell if your traffic’s being snooped, or if there are just many users logging in at the same time,” said Van Vlaanderen.

She said that normally, bank websites have the bank address beginning with “https” rather than “http” which meant the traffic was encrypted.

“If the scammers succeed in capturing your encrypted credentials, they can still run a programme later in an attempt to get to your credentials.

“So, if the criminals get their hands on the information, they have all the time in the world to work on decrypting it, and you may notice fraudulent account activity days or even weeks later. Use caution and pay attention to details when using public Wi-Fi.”

She cautioned South African consumers to be aware of the following security threats when using free Wi-Fi:

l Evil twin login interceptions: networks set up by hackers to resemble legitimate Wi-Fi hot spots.

l Zero-day OS/app attack attempts: an attack through previously unknown exploits, or an attack or threat that tries to exploit computer application vulnerabilities that are unknown to others or the software developer.

l Sniffing: computer software or hardware that can intercept and log traffic passing over a network.

l Data leakage (man-in-the-middle attacks): Cyber-criminals can modify network traffic and let you think you are dealing with your bank while, in reality, you are sending them all your credentials. – Cape Argus

Source – IOL SciTech By Joseph Booysen, September 22, 2011