Business Information Security – Cybersecurity Services

Free Wi-Fi a risk for your summer vacation​

Lizeth Madeleinne Guzmán Salgado // 11 July 2018

Wi-Fi gratuito

WATCH OUT! Now you can hack your information from a free Wi-Fi connection

Free Wi-Fi a requirement in public spaces, although often sounds tempting when the holidays come, it can also be a danger, as it can expose our information and become victims of information theft or scams.

Whenever we look for where to spend the summer, we opt for all the possible comforts, including the free Wi-Fi connection. As is known, the use of public Wi-Fi has become increasingly essential in the day to day of people. However, as well as the number of users connected to a wireless connection network grows more and more, also its risks and its consequences.

Hotels as a hacking target point

Security is weak and very risky, security protocols have not advanced at the exponential rate in which they should, making their use insecure and easier to hack. The places of threats and most recurrent where they usually hack and make use of our information is usually in hotels, shops, cafes, buses, shopping centers, among other establishments with free Wi-Fi connection.

The problem of connecting to a public Wi-Fi access point (without password protection) is that these networks do not use WPA (Wifi Protected Access) security, a system that protects wireless networks and encrypts the data in text that is sent. However, by not encrypting the data, it allows hackers to access, control and manipulate our information.

However, in peak seasons, such as holidays, hotels are the easiest target for hackers, and the more luxurious the accommodation, the more attractive it is, as many of the guest profiles often coincide with the status of the luxurious hotels.

Other ways you can hack your information:

a) MITM attacks (Man in the Middle)

The term MITM, also known as intermediary attack (interception of a communication by a third party), can cause cybercriminals to read or modify messages without any of the parties being aware of what is happening. 

For example, if you connect to a free Wi-Fi network that is not encrypted to check your social networks, your email, or your bank account, a hacker could intercept the communications of your device (portable, smarthphone and Wi-Fi network). -Fi, allowing you to have access to everything you do. 

b) Packet Sniffing:

It is normally used to monitor and analyze traffic on computer networks to detect a network problem.

However, they can also be used illegally to obtain and modify data that is transmitted over the network.

 c) Krack (Key reinstallation attack)

Attacks and works on all WPA2 networks. It affects both home networks and companies. 

The cyber attacker seeks to directly attack the 4-way handshake of the WPA2 protocol. This handshake will occur when a user connects to the network, and it verifies that the data of the person with the access point have in their possession the correct credentials (a password). When the connection is made, a new encryption key is generated that is used to encrypt all the information. This type of attack tricks the victim into reinstalling a key. 

However, WPA3 encryption is available since October 2017. This new security protocol will prevent KRACK’s attack techniques. WiFi Alliance explained that WPA3 offers configuration, authentication and encryption improvements and will have a 192-bit encryption key. 

d) Attack by dictionary or brute force

This method consists in capturing the handshake of a client connected to a public Wi-Fi network. Subsequently, decrypt the hash of the password obtained through a text file (better known as WPA Dictionary). The WPA Dictionary contains a large variety of passwords that will be tested by a script, until you find the correct one. It is worth mentioning that the attack will be successful if it exists in the dictionary that the attacker will use.

e) Fake access points

WI-FI cybercriminals try to copy an existing access point. Then, deceive the victim making him believe that it is the original. The user connects to this controlled access point. And finally, it steals the information that travels through the network as access credentials.

How you can prevent and not be a victim of hacking:

Enjoy your holidays guaranteeing the protection of your information

– Do not connect to public Wi-Fi SSID if there are multiple variations available. Confirm the name of the Wi-Fi network and if it is an encrypted Wi-Fi network ask for the password.

– Check your work email or your bank account using your 4G connection, not the public Wi-Fi connection.

– Delete the names of the Wi-Fi networks saved in each of your devices

How to protect yourself from an MITM attack:

– Make sure the URL address shows HTTPS instead of HTTP, and if you do not, type it manually.

– Activate the verification of two steps, in order to increase the security of access to your accounts.

– Use a VPN network

 

Lizeth Madeleinne Guzmán Salgado | Marketing Digital Assistant en R3 CyberSecurity

Comparte el post con tus amigos

CON LA CONFIANZA DE

logos2

ÚNETE AL EQUIPO

Conoce todas las oportunidades profesionales que te permitirán alcanzar tus metas personales.

R3 Ciberseguridad

© R3 CyberSecurity