The Dangers of Using Public Wi-Fi
When I was trying to decide what the next topic should be for my blog post I knew one thing, it had to do with hacking. As I rummaged through the vast internet, there was one topic that popped up, and it immediately had my full attention. I wanted to learn just how easy it is to steal information from unsuspecting victims while using public wi-fi. I also was interested in the applications and tools that are needed. Well, one hop over to YouTube, forty minutes, and a cup of coffee later you could say that I believe I am now an expert.
I wanted to show you a short and sweet video. In this video, Kevin from KnowBe4 does a great job explaining just how easy it is to intercept everything the unsuspecting victim is looking at on their device.
After the quick video, I will be going over different terms that he uses and the applications that you need to pull this off. I am not condoning hacking at all. I just would like to share that with little perseverance and the right tools stealing sensitive information is extremely easy. So promise me, no matter how much you may be tempted to connect to unsecured wi-fi....Don't!
Read: 5 Tips to Keep your Child Safe on Social Media
Terms to Know
- Man-in-the-Middle Attacks- is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party.
- Rogue Access Point- A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator or has been created to allow a hacker to conduct a man-in-the-middle attack.
- Packet Sniffing/ Packet analysis- A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer—or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.
- DNS Spoofing- DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect IP address.
Applications Needed
- Wi-Fi Pineapple- The Wi-Fi Pineapple is a device that closely resembles a Wi-Fi access point. Designed for penetration testing, it can be re-purposed to perform malicious man-in-the-middle attacks.
- Wireshark- Wireshark is a free and open source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
- Driftnet- Driftnet is a tool that is used to capture images when hackers launch a Man-in-the-Middle Attack.
- Kali Linux- Kali Linux is an advanced penetration testing Linux distribution used for Penetration Testing, Ethical Hacking, and network security assessments. Sadly, it is also used for non-ethical hacking.
Best Advice
- Purchase a VPN
- Turn off sharing settings, so others on the network cannot access your information
- Use two-factor authentication for all login credentials on accounts
- Turn off Wi-Fi whenever you are not using it – this prevents it from automatically connecting and putting you at risk
- Always use HTTPS for websites you visit
- Use a firewall
- Update your settings to forget network, preventing these networks from being saved on your phone and automatically connecting without you knowing.
Sources:
Eddy, Max. “The Best VPN Services of 2018 .” PC Mag , 27 Dec. 2017, 9:37 AM, https://www.pcmag.com/roundup/296955/the-best-vpn-services
“Rogue Access Points .” Telelink , itsecurity.telelink.com/rogue-access-points/.
“The Dangers of Public Wi-Fi .” Performance by Kevin Mitnick, KnowBe4, 2 Feb. 2017, www.youtube.com/watch?v=vz9IPVhBUpc
“Wi-Fi Not: The Dangers of Public Wi-Fi .” Golden Frog , 2 Feb. 2017.