Wi-Fi Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/wi-fi/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 06 Jul 2023 14:48:06 +0000 en-US hourly 1 https://wordpress.org/?v=91776 200474804 Snappy Tool Helps Avoid Fraudulent Wi-Fi Hotspots https://gridinsoft.com/blogs/snappy-wifi-tool/ https://gridinsoft.com/blogs/snappy-wifi-tool/#respond Thu, 06 Jul 2023 14:24:31 +0000 https://gridinsoft.com/blogs/?p=15766 Trustwave has created a Snappy tool that will make it easy to determine if the Wi-Fi network is fake or fraudulent. The utility particularly checks whether the network spoofs the MAC address and SSID. The solution is available for free downloading on the company’s GitHub repository. For years, security experts have been warning about the… Continue reading Snappy Tool Helps Avoid Fraudulent Wi-Fi Hotspots

The post Snappy Tool Helps Avoid Fraudulent Wi-Fi Hotspots appeared first on Gridinsoft Blog.

]]>
Trustwave has created a Snappy tool that will make it easy to determine if the Wi-Fi network is fake or fraudulent. The utility particularly checks whether the network spoofs the MAC address and SSID. The solution is available for free downloading on the company’s GitHub repository.

For years, security experts have been warning about the dangers of using Wi-Fi hotspots in public places, as in cafes, airports, hotels, or shopping malls. The fact is that these access points may turn out to be devices of intruders who will eventually be able to carry out a man-in-the-middle attack, intercept the victim’s traffic, credentials from her accounts, and payment information.

Consider reading our other articles regarding Wi-Fi usage dangers. We talked about FrAg attacks on Wi-Fi access points – one of the most widespread attack types. There was also an interesting experiment where a guy hacked 70% of Tel Aviv routers. Also, there was an article where specialists explained danger of Wi-Fi devices on airplanes

Snappy tool allows detecting fake Wi-Fi networks

Trustwave expert Tom Neaves writes that spoofing MAC addresses and SSIDs of real access points in open networks is a trivial task for attackers. As a result, people’s devices often try to automatically connect to networks they have previously connected to using a saved access point, but in fact connect to a malicious device. To make it easier to avoid such situations, Neaves has created a Python script called Snappy that helps determine whether the access point the user is connecting to is the same as always, or the user is dealing with a fake device of hackers.

Explaining the mechanism

After analyzing the Beacon Management Frames, the expert found certain static elements, including data about the provider, BSSID, supported speeds, channel, country, maximum transmit power, and so on. This data varies for different 802.11 wireless access points, but remains the same for a particular access point over time.

Beacon management frames Snappy
Beacon Management Frames, that may uncover the Wi-Fi spoofing attempt

Neaves concluded that it was possible to concatenate these elements and hash them using SHA256, creating a unique access point signature that could then be used to detect matches or mismatches. >So, matches mean that the access point is the same as always (that is, trustworthy), while a signature mismatch means that something has changed, and the access point may be malicious.

Snappy interface
Console interface of the Snappy tool

In addition, Snappy is able to detect hotspots created with Airbase-ng. This tool is often used by attackers to create fake access points, intercept packets of connected users, and inject data into other people’s network traffic.

The post Snappy Tool Helps Avoid Fraudulent Wi-Fi Hotspots appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/snappy-wifi-tool/feed/ 0 15766
What Is an Evil Twin Attack? How Does It Work? https://gridinsoft.com/blogs/what-is-evil-twin-attack/ https://gridinsoft.com/blogs/what-is-evil-twin-attack/#respond Fri, 18 Nov 2022 14:42:49 +0000 https://gridinsoft.com/blogs/?p=12005 How often do we connect to free Wi-Fi networks in public places? Whether to post Instagram stories with a cup of coffee we just bought or to make edits to a project while you’re waiting for your flight. In such cases, the widespread availability of public Wi-Fi is a boon. But this general use of… Continue reading What Is an Evil Twin Attack? How Does It Work?

The post What Is an Evil Twin Attack? How Does It Work? appeared first on Gridinsoft Blog.

]]>
How often do we connect to free Wi-Fi networks in public places? Whether to post Instagram stories with a cup of coffee we just bought or to make edits to a project while you’re waiting for your flight. In such cases, the widespread availability of public Wi-Fi is a boon. But this general use of public Wi-Fi is also the perfect place to do hackers’ nefarious deeds. Evil Twin attack is right about that case. Read on and we’ll cover everything you need to know about evil twin attack meaning, how it works, and how to prevent it.

What is an evil twin attack? Main facts about evil twin attack definition

So, what is the best description of an evil twin? An evil twin cyber attack is a hacker attack that creates a fake Wi-Fi network that looks legitimate. However, its purpose is to steal the victims’ sensitive data. Typically, the victims of these attacks are ordinary people who connect to a free hotspot in a coffee shop or elsewhere. Evil twin attacks get their name because of their ability to mimic legitimate Wi-Fi networks to the point where they are indistinguishable from one another. Such networks share the same Service Set Identifier Name (SSID) and, quite possibly, the same Media Access Control Address (MAC).

How does an evil twin attack work?

First, the attackers position themselves near the legitimate Wi-Fi network and use their device to find out what service set ID and radio frequency the legitimate AP is using. They then send their own more powerful radio source using the same name as the legitimate AP. To the end user, the twin access point will appear legitimate. Since the attackers have the same network name and parameters as the legitimate AP, they were copied and physically positioned near the end user. Therefore, the signal is likely to be the strongest within reach.

Signal interruption
Since the fake AP signal is more robust, devices give it a priority when connecting.

Suppose the end user manually connects to the evil twin or his computer automatically selects the fake AP. In that case, the evil twin becomes the default wireless point for his device. The attack can include a man-in-the-middle (MITM) attack. That attack allows the person who controls the access point to eavesdrop on users and steal their credentials or other sensitive information.

What Is an Evil Twin Attack? How Does It Work?

Finally, a fake AP can be used in a phishing scam. In this case, victims will connect to the evil twin and be redirected to the phishing site. It will then prompt them to enter their sensitive data, such as their username and password, and of course, they will be sent directly to the hacker.

What is an example of an evil twin attack?

Let’s take a look at the classic airport scheme. You can’t wait to get back online after the flight and post fresh pics of a cup of coffee in front of an airplane window. On many screens around the terminal, you see the name and password of the airport Wi-Fi SSID. Opening the Wi-Fi section on your phone, you see several Wi-Fi networks with the same name. Of course, you choose to connect to the one with the strongest signal, despite the “Unsecure” label. It is worth noting that some devices display only one access point in the list if several access points contain identical SSIDs. Everything seems okay. The network is legitimate because the password works without any problems.

However, you have just connected to an evil twin network. Using the available Wi-Fi information displayed at the airport, the hackers deployed an entire network, creating an access point with an identical SSID name and password. To achieve a strong signal and more excellent range, hackers can use Wi-Fi Pineapple, deliberately set up closer to the arrival halls. Wi-Fi Pineapple is a product of some enterprising guys who ordered a Chinese Wi-Fi router with two wireless interfaces and one wired one, wrote OpenWRT-based firmware for it and stuffed it with hacking and traffic analysis utilities. However, scammers can use almost any device, including phones, laptops, portable routers, and tablets. Through such a Wi-Fi network, an attacker can see everything you do and enter online, including information such as your bank account number and passwords.

How MITM attack works
A MITM attack means that all traffic from the victim to the server goes through the attacker.

How to protect the device from Evil Twin attacks

Evil twin attacks can be challenging to identify. However, there are a few steps you can take to keep yourself safe when connecting to public Wi-Fi networks:

Use your own access point.

The easiest way to protect yourself from this attack is to use your hotspot instead of public Wi-Fi. This ensures you’re always connected to a secure network and prevents hackers from accessing your data. Set a password to keep your hotspot private.

Don’t use unsecured Wi-Fi hotspots.

When connecting to a public network, avoid open access points marked “Unsecured.” Unprotected networks lack security features, such as traffic encryption, so evil twin networks almost always carry this designation. In addition, hackers often rely on people not paying attention and connecting to their networks, ignoring the risks.

Turn off automatic connectivity.

By default, your device has auto-connect enabled. It will automatically connect to any networks you’ve used before as soon as they’re within reach. This can be dangerous, especially if you’ve unknowingly connected to a fake network in the past. Pay attention to which networks you are connecting to, and turn off the automatic connection to public networks or those you would not want to connect to automatically.

Auto-join access point switch

Never log in to personal accounts on a public Wi-Fi network.

You should avoid logging into personal accounts or transmitting sensitive information when using public Wi-Fi. Hackers can intercept it if you transfer it while connecting to their evil twin network. Therefore, refrain from logging into any accounts to protect your personal information. Moreover, the security settings of public networks are often subpar, as a person who does the setup may just ignore the dangers. That can lead to more sophisticated cracks, which require a different tactic to counter.

Use a VPN.

A VPN can help protect you from many attacks, including an evil twin attack, by encrypting your data before it leaves your device. When you run a VPN app, it encrypts your online activity before it’s sent to the network, preventing a hacker from reading it.

Avoid non-HTTPS websites

When using the public network and beyond, visit HTTPS websites. These sites offer end-to-end encryption that prevents hackers from tracking your activities while using them. HTTPS is a very advanced and secure version of HTTP that allows you to create many secure transactions by encrypting all communication using TLS. This helps you protect potentially sensitive information from theft.

Use two-factor authentication

Using two-factor authentication for your accounts is probably the best way to prevent hackers from accessing them. For example, suppose a hacker gained access to your account. But then, thanks to two-factor authentication, they won’t be able to log into your account because they can’t access the confirmation code.

The post What Is an Evil Twin Attack? How Does It Work? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/what-is-evil-twin-attack/feed/ 0 12005
Expert hacked 70% of Wi-Fi networks in Tel Aviv for research https://gridinsoft.com/blogs/expert-hacked-wi-fi-networks-in-tel-aviv/ https://gridinsoft.com/blogs/expert-hacked-wi-fi-networks-in-tel-aviv/#respond Wed, 27 Oct 2021 16:08:43 +0000 https://blog.gridinsoft.com/?p=6070 CyberArk specialist Ido Hoorvitch hacked 70% of Wi-Fi networks in his native Tel Aviv, seeking to prove that home networks are poorly secured and easily compromised. To conduct the experiment, Horwich walked around town with sniffing equipment and collected data from 5,000 network hashes. Next, he exploited a vulnerability to obtain the PMKID hash normally… Continue reading Expert hacked 70% of Wi-Fi networks in Tel Aviv for research

The post Expert hacked 70% of Wi-Fi networks in Tel Aviv for research appeared first on Gridinsoft Blog.

]]>
CyberArk specialist Ido Hoorvitch hacked 70% of Wi-Fi networks in his native Tel Aviv, seeking to prove that home networks are poorly secured and easily compromised.

To conduct the experiment, Horwich walked around town with sniffing equipment and collected data from 5,000 network hashes. Next, he exploited a vulnerability to obtain the PMKID hash normally generated for roaming. The PMKID hash consists of the network SSID, passphrase, MAC address, and a static integer.

hacked Wi-Fi in Tel Aviv

To get the PMKID hashes, he used a $ 50 AWUS036ACH ALFA NIC, which could act as both a monitor and a packet injection tool, and then analyzed them using WireShark in Ubuntu.

hacked Wi-Fi in Tel Aviv

Using the method of Jens “atom” Steub (lead developer of Hashcat), Horwich collected PMKIDs, which were then cracked to obtain passwords.

The atom method is not client-driven, so there is no need to capture a user’s login in real time, nor is there a need to [wait] for users to connect to the network in general. Moreover, an attacker only needs to grab one frame and eliminate incorrect passwords and corrupted frames that interfere with the cracking process.Horwich says.

So Horwich started with mask attacks to identify people using their mobile phone number as a password for Wi-Fi (a common occurrence in Israel). To crack such passwords, it is necessary to calculate all variants of Israeli phone numbers, and these are ten digits, always starting with 05, which leaves only eight digits.

Using a regular laptop and this technique, the researcher successfully compromised 2,200 passwords at an average rate of nine minutes per password. In the next step, he switched to a dictionary attack using Rockyou.txt. This led to the rapid cracking of an additional 1,359 passwords, most of which used only lowercase characters.

hacked Wi-Fi in Tel Aviv

As a result, Horwich successfully compromised about 70% of the passwords for the selected Wi-Fi networks and confirmed all his guesses about the poor security of Wi-Fi networks.

The specialist summarizes that users should not enable the roaming function on routers intended for personal use (WPA2-personal), because there is no need for roaming in such networks. He also notes that passwords longer than 10 letters/numbers are more resistant to cracking.

Let me remind you that Any Wi-Fi enabled devices are vulnerable to Frag Attacks issues.

The post Expert hacked 70% of Wi-Fi networks in Tel Aviv for research appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/expert-hacked-wi-fi-networks-in-tel-aviv/feed/ 0 6070
Manufacturers release patches for Frag Attacks problems https://gridinsoft.com/blogs/patches-for-frag-attacks-problems/ https://gridinsoft.com/blogs/patches-for-frag-attacks-problems/#respond Mon, 17 May 2021 16:28:56 +0000 https://blog.gridinsoft.com/?p=5477 Manufacturers of various Wi-Fi-enabled equipment and software developers for this equipment release patches for Frag Attacks problems. Let me remind you that last week the details of twelve vulnerabilities were disclosed, collectively called Frag Attacks (Fragmentation and aggregation attacks). These problems were discovered and described by the well-known information security expert Mathy Vanhoef. All Wi-Fi… Continue reading Manufacturers release patches for Frag Attacks problems

The post Manufacturers release patches for Frag Attacks problems appeared first on Gridinsoft Blog.

]]>
Manufacturers of various Wi-Fi-enabled equipment and software developers for this equipment release patches for Frag Attacks problems.

Let me remind you that last week the details of twelve vulnerabilities were disclosed, collectively called Frag Attacks (Fragmentation and aggregation attacks). These problems were discovered and described by the well-known information security expert Mathy Vanhoef.

All Wi-Fi enabled devices (computers, smartphones and smart devices) released after 1997 are vulnerable to Frag Attacks.

Bugs allow an attacker in range of Wi-Fi to collect information about the owner of the device and execute malicious code. Even worse, the vulnerabilities are relevant even if WEP and WPA protection is active.

The researcher demonstrates the attack on unpatched Windows 7 in the video below.

Vanhof writes that the three vulnerabilities are design flaws in the Wi-Fi 802.11 standard, which are related to the aggregation and fragmentation functions of frames, while other bugs are programming problems in various Wi-Fi products.

Experiments show that every Wi-Fi product is vulnerable to at least one problem, and most products are vulnerable to several at once.says the expert.

Fortunately, Wanhof said, most vulnerabilities are difficult to exploit, as they either require user interaction or the attack would only be possible using highly non-standard network settings.

On his website, Vanhof listed a number of protective measures that users should take. The simplest defence is to ensure that websites are only accessible via HTTPS, which blocks attacks.

Nevertheless, work on fixing vulnerabilities has been activelly going on and for quite some time. Over the past nine months, Wanhof and the WiFi Alliance have worked together to patch Wi-Fi standards and have worked with device vendors to deliver patches as soon as possible.

If last week there was very little information about patches, now many large vendors and developers have prepared statements and security bulletins:

Let me remind you that I also reported that the Kr00k problem threatens devices with Qualcomm and MediaTek Wi-Fi chips.

The post Manufacturers release patches for Frag Attacks problems appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/patches-for-frag-attacks-problems/feed/ 0 5477
Any Wi-Fi enabled devices are vulnerable to Frag Attacks issues https://gridinsoft.com/blogs/any-wi-fi-enabled-devices-are-vulnerable-to-frag-attacks-issues/ https://gridinsoft.com/blogs/any-wi-fi-enabled-devices-are-vulnerable-to-frag-attacks-issues/#respond Wed, 12 May 2021 16:32:42 +0000 https://blog.gridinsoft.com/?p=5464 The well-known information security expert Mathy Vanhoef reported the discovery of a whole set of vulnerabilities named Frag Attacks (Fragmentation and aggregation attacks), which affect all devices with Wi-Fi support, released after 1997 (computers, smartphones and “smart” devices). Let me remind you that earlier Vanhof discovered such dangerous vulnerabilities as KRACK and Dragonblood, which significantly… Continue reading Any Wi-Fi enabled devices are vulnerable to Frag Attacks issues

The post Any Wi-Fi enabled devices are vulnerable to Frag Attacks issues appeared first on Gridinsoft Blog.

]]>
The well-known information security expert Mathy Vanhoef reported the discovery of a whole set of vulnerabilities named Frag Attacks (Fragmentation and aggregation attacks), which affect all devices with Wi-Fi support, released after 1997 (computers, smartphones and “smart” devices).

Let me remind you that earlier Vanhof discovered such dangerous vulnerabilities as KRACK and Dragonblood, which significantly improved the security of the Wi-Fi standard.

Frag Attacks issues allow an attacker to gather information about the device’s owner and execute malicious code. Even worse, the vulnerabilities are relevant even if WEP and WPA protection is active. The researcher demonstrates the attack on unpatched Windows 7 in the video below.

Vanhof writes that the three vulnerabilities are design flaws in the Wi-Fi 802.11 standard, which are related to the aggregation and fragmentation functions of frames, while other bugs are programming problems in various Wi-Fi products.

Experiments show that every Wi-Fi product is vulnerable to at least one problem, and most products are vulnerable to several at once. The vulnerabilities affect all modern Wi-Fi security protocols, including the latest WPA3 specification. Even the original Wi-Fi security protocol, WEP, is affected. This means that some of the discovered flaws have been part of Wi-Fi since its introduction in 1997!says the expert.

As in the case with KRACK and Dragonblood, Wanhof immediately reported his findings to the WiFi Alliance engineers. For the past nine months, the organization has been working on fixing the standards and working with device vendors to get fixes ready as soon as possible.

You can determine if a specific device has received a fix by looking at the manufacturer’s security bulletins for the following CVE IDs:

  • CVE-2020-24588: aggregation attack (receiving non-SPP A-MSDU frames);
  • CVE-2020-24587: Mixed Key Attack (reassembling frames encrypted under different keys);
  • CVE-2020-24586: Attack on Cache Fragments (Fragments are not removed from memory when reconnecting to the network);
  • CVE-2020-26145: receive broadcast fragments in plaintext as full frames (over an encrypted network);
  • CVE-2020-26144: Accept plaintext A-MSDU frames when they begin with an RFC1042 header with EtherType EAPOL (over encrypted network);
  • CVE-2020-26140: Receive data frames in clear text on a secure network;
  • CVE-2020-26143: Receive fragmented data frames in clear text on a secure network;
  • CVE-2020-26139: Forwarding EAPOL frames even if the sender is not yet authenticated (should only affect access points);
  • CVE-2020-26146: reassembling encrypted fragments with inconsistent packet numbers;
  • CVE-2020-26147: reassembly of mixed chunks (encrypted and plaintext);
  • CVE-2020-26142: Treat fragmented frames as complete;
  • CVE-2020-26141: No TKIP MIC verification of fragmented frames.

Neveretheless, the good news is that Vanhof found that most of these vulnerabilities are difficult to exploit, either requiring user interaction or the attack would only be possible using highly non-standard network settings.

On his website, Vanhof listed a number of protective measures that users should take. The simplest defence is to ensure that websites are only accessible via HTTPS, which blocks attacks.

Microsoft is known to have released fixes for 3 of 12 vulnerabilities affecting Windows systems. Also, patches for their products were prepared by Cisco, Juniper Networks, HPE/Aruba and Sierra Wireless. Other vendors plan to submit fixes in the coming weeks, ICASI reports.

Let me remind you that I also reported that the Kr00k problem threatens devices with Qualcomm and MediaTek Wi-Fi chips.

The post Any Wi-Fi enabled devices are vulnerable to Frag Attacks issues appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/any-wi-fi-enabled-devices-are-vulnerable-to-frag-attacks-issues/feed/ 0 5464
AIR-FI attack turns RAM into a makeshift Wi-Fi signal source https://gridinsoft.com/blogs/air-fi-attack-turns-ram-into-wi-fi/ https://gridinsoft.com/blogs/air-fi-attack-turns-ram-into-wi-fi/#respond Fri, 18 Dec 2020 19:34:50 +0000 https://blog.gridinsoft.com/?p=4863 Experts from Israel’s Ben-Gurion University have demonstrated the AIR-FI attack, which turns RAM into Wi-Fi. In fact, this is a new method of extracting data from machines that are physically isolated from any networks and potentially dangerous peripherals. Such computers are often found in government systems and corporate networks, they store secret documents, as well… Continue reading AIR-FI attack turns RAM into a makeshift Wi-Fi signal source

The post AIR-FI attack turns RAM into a makeshift Wi-Fi signal source appeared first on Gridinsoft Blog.

]]>
Experts from Israel’s Ben-Gurion University have demonstrated the AIR-FI attack, which turns RAM into Wi-Fi. In fact, this is a new method of extracting data from machines that are physically isolated from any networks and potentially dangerous peripherals. Such computers are often found in government systems and corporate networks, they store secret documents, as well as classified and confidential information.

This time, the researchers proposed turning the RAM into an impromptu wireless emitter for transmitting data “over the air.”

The AIR-FI attack is based on the fact that any electronic component generates electromagnetic waves with the passage of electric currents.say the researchers.

Since Wi-Fi is radio waves, which is very close to electromagnetic waves, the researchers write that, in theory, a hacker can manipulate the RAM power to generate electromagnetic waves with a frequency corresponding to the frequency of the Wi-Fi signal (2.4 GHz).

Experts show in their report and accompanying video that carefully controlled RAM read / write operations can cause the memory bus to emit electromagnetic waves similar to a weak Wi-Fi signal.

Such a signal can be received by any Wi-Fi-enabled device located near an isolated computer, for example, a smartphone, laptop, IoT device, smart watch, and so on.

The experts tested AIR-FI on various isolated systems and, as a result, were able to transfer data at a speed of up to 100 bps to devices located several meters away from the compromised machine.

AIR-FI is not the first exotic attack developed by specialists from Ben-Gurion University (a list of other attacks can be seen below), but the researchers note that this method is one of the easiest to implement.

Indeed, in this case, the attacker does not need to obtain root / administrator rights before launching his exploit. In essence, this allows the attack to run on any OS and even on virtual machines. It is also noted that most modern RAM strips can easily emit signals in the 2.4 GHz range, and the old memory is easy to overclock to achieve the desired effect.

Other developments of scientists from Ben-Gurion University include the following:

  • USBee: turns almost any USB device into an RF transmitter for transferring data from a secure PC;
  • DiskFiltration: intercepts information by recording sounds that the hard disk of the computer emits while the computer is running;
  • AirHopper: uses the FM receiver in the mobile phone to analyze the electromagnetic radiation emanating from the computer’s graphics card and turn it into data;
  • Fansmitter: regulates the speed of the cooler on the infected machine, as a result of which the tone of the cooler’s operation changes, it can be listened to and recorded by extracting data;
  • GSMem: will transfer data from the infected PC to any, even the oldest push-button telephone, using GSM frequencies;
  • BitWhisper: uses thermal sensors and thermal energy fluctuations;
  • An unnamed attack using flatbed scanners and smart bulbs to transmit information;
  • HVACKer and aIR-Jumper: stealing data using CCTV cameras that are equipped with IR LED (infrared light-emitting diodes), as well as use as a “bridge” to isolated networks of heating, ventilation and air conditioning systems;
  • MOSQUITO: data extraction is suggested to be carried out using ordinary headphones or speakers;
  • PowerHammer: It is suggested to use normal power cables for data extraction;
  • CTRL-ALT-LED: Caps Lock, Num Lock and Scroll Lock diodes are used to retrieve information;
  • BRIGHTNESS: retrieve data by changing the brightness of the monitor screen.

And also, let me remind you that we talked about the fact that specialists from the Ben-Gurion University of Negev (Israel) presented a new type of cyber-biological attack that can bring biological warfare to a new level.

The post AIR-FI attack turns RAM into a makeshift Wi-Fi signal source appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/air-fi-attack-turns-ram-into-wi-fi/feed/ 0 4863
How To Use Public Wi-Fi Safely: Risks To Watch Out For https://gridinsoft.com/blogs/use-public-wi-fi-safely/ https://gridinsoft.com/blogs/use-public-wi-fi-safely/#respond Tue, 02 Oct 2018 10:40:38 +0000 https://blog.gridinsoft.com/?p=3045 In a world where almost everything comes with a price it’s sometimes nice to have at least free wifi. But starting with such a poetic intro here actually comes the real concern: how to use Wi-Fi for free and keep your data private.  Many people don’t realize it but using public Wi-Fi puts you at… Continue reading How To Use Public Wi-Fi Safely: Risks To Watch Out For

The post How To Use Public Wi-Fi Safely: Risks To Watch Out For appeared first on Gridinsoft Blog.

]]>
In a world where almost everything comes with a price it’s sometimes nice to have at least free wifi. But starting with such a poetic intro here actually comes the real concern: how to use Wi-Fi for free and keep your data private

Many people don’t realize it but using public Wi-Fi puts you at a great risk of losing confidentiality of your data and many other unpleasant consequences of poor cyber hygiene. A wireless access point (WAP) or just access point (AP) allows you to connect as many as possible wifi devices to a wired network.

The danger comes from within. In all public places like hotel rooms, public transport, libraries, coffee shops, restaurants, airports, shopping malls, etc. often lack some important security measures. And we are not talking here only about passwords. 

Why is Public Wi-Fi Insecure?

The public Wi-Fi network can be considered insecure for several reasons that can lead to further compromise of your device and data. Any public wifi will surely have some of them that you should be aware of in order to have some countermeasures already prepared in case you would need to use a public wifi network. You also would not necessarily have some of them immediately but rather when there’s one then here comes the another. Using tips and tricks you will be able to protect yourself and use public Wi-Fi safely. To be short, here are the reasons why it is important to secure your Wi-Fi network:

  1. Theft of personal information. If you get hacked on any public wifi network the most serious loss could be of your personal info including banking logins, social security number, etc. Once a threat actor manages to obtain some of them they can infer further damage to you.
  2. Potential cyberattacks. We mean here the risk of getting malware that depending on the nature of it can also bring no less “pleasant” consequences. It can be something like an infostealer or trojan but sometimes other interesting representatives of this specific fauna.
  3. Unencrypted connection. Some websites have unencrypted connections that puts a user on the public wifi to significant risk.
  4. You don’t control network network security settings. You have not set up passwords and also don`t know if there`s encryption in place.
  5. Outdated router software. If it’s outdated then there’s a huge amount of exploits for anyone willing to go after your device and data.
  6. Misconfigured Wi-Fi routers. Configuration means setting general wifi router settings like LAN (Local Area Network) Setting, DHCP (Dynamic Host Configuration Protocol) Setting, WAN (Wide Area Network) Setting, etc. For those threat actors who would know how to exploit any of the security breaches in one of these elements, misconfiguration of them gives an excellent try.

IMPORTANT: The Emotet Trojan tries to spread through available Wi-Fi networks1. Once it finds an available network, Emotet tries to guess the credentials to access it. If the attempt is successful, the malware searches the new network for all Windows machines that might also be infected.

Hackers Can Use Public Wi-Fi

How to use Wi-Fi for free and keep your data private2 is a very important topic to research. If you are intrested how exactly you can get hacked while using public wifi then it`s the next “challenge” for threat actors:

  • You can get your session hijacked. During a session between your computer and some website an attacker can intercept the connection and pretend to be on the backend of the website you were connecting to. Because you’ve already logged in the attacker can have all the access, for example, to your banking account.
  • You can get infected with a malware3. If you use public wifi you put yourself at a risk of a malware infection. It can be ads on the websites you visit that usually don’t have ads or it can be a much more serious threat like some info stealer.
  • You can have your packet sniffed. It may sound funny but actually it’s not as funny as you’d think. In simple words anyone that is on the same connection as you can view what you are transmitting over the wifi network. Of course it’s possible if the connection is unencrypted, which in most cases is true for the public wifis.
  • You can become victim of a Man-In-The-Middle Attack. When conducting this type of an attack the threat actor will set their own hotspot similar to the one, for example, of a hotel you`re currently staying in. The hotel named their wifi WellSleep but the attacker`s could be named WellSleap. Everything you will do while connecting to this fake public wifi will be on the attacker`s computer like login information,personal info, passwords, etc. Pay attention to this so that you can use public Wi-Fi safely and without threats.

Protect Your Information: Use Public Wi-Fi Safely

We’d say it’s better to use your own smartphone as a hotspot but if it can`t  be an option then a user should stick to some security measures to have safe and secure usage of public wifi. In all their bad light public wifis can sometimes really help you when you urgently need to connect to some website or just check the currently needed information. Don`t forget to use them every time you decide to connect to any public Wi-fi in a hotel or airport:

1) Use Antivirus. The most basic thing of today`s cyber hygiene. Use a special antivirus solution to protect your device in case of a malware cyber attack. Also don’t forget to check if you will be running the latest version of an antivirus solution. Set an alert for any future malware encroaching on your device`s safety and security. One of the profitable and working methods is Gridinsoft Anti-malware.

2) Also use a firewall. Firewall doesn’t allow any external threats to come to your system. It can be considered a complete protection but having one on the security guard of your device won’t be a waste of time and effort. You already have the inbuilt firewall in your system just go to check if it’s enabled or not. This is one of the recommendations that will help you use public Wi-Fi safely.  

3) Use HTTPS.  If you don’t use VPN then it’s very important for you to look only for those sites that have the encryption in place. The encryption means that the connection between the web server and browser is secured and no one except you can access the shared data. Most browsers will have a padlock to show that the connection on this website is secured.

4) Use  Virtual Private Network.  A VPN (Virtual Private Network) allows you anonymously to surf through the internet without anyone knowing your actual location. The tool also helps you to encrypt your data traffic so when you are using an unencrypted connection on some website your data will be secured. It creates a protected tunnel that your data will be passing through making it unobtainable by threat actors. Using a VPN will help you use public Wi-Fi safely and without threats to your personal data. 

5) Verify public wifi network,  configure it and turn off sharing option. Before you connect to any public wifi network go and ask for the right name for it. Check with an employee if that is the right wifi hotspot you are looking for. If you have this set then put the important for your safety security settings like disable sharing file option, right after you are done working with the public wifi network put the optin forget it so you won’t be automatically connecting to it once you will come to the place again. 

6) Don’t access or send any sensitive data. To be hundred percent sure your highly sensitive data won’t get exposed while you are using a public wifi network it will be better not to work with it at all. Simply because you don`t know for sure if the apps you are using don’t have any flaws themselves that will allow threat actors to access your sensitive data. 

7) Use 2-Factor Authentication. In case a threat actor will manage somehow to obtain your login information they still could not use it. Because in this security method apart from entering your login information you will also have to enter a code sent to your phone to additionally check your identity. Any website that deals with highly sensitive information will have this one that works as a secondary authentication method.

8) Pay attention to any warnings arisen. Always attend to any notifications that will appear on your phone as they might indicate the compromise of your device, let it be fake notifications created by malware or the actual system alert. The same goes for the websites because most browsers will warn before you proceed to the website you want to visit. Don’t just be careless and instead be your own first security guard. 

8) Install browser add-ons or plug-ins that will help you to boost the security. You can use special add-ons in your browser to help you with the encryption of website connection. For example in the Firefox browser you can install HTTPS-Everywhere and Force-TLS that makes the browser apply the encryption on popular websites that don’t have it. But they do not work on every website so you still have to look for the padlock in the address bar. 

The post How To Use Public Wi-Fi Safely: Risks To Watch Out For appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/use-public-wi-fi-safely/feed/ 0 3045
How can hackers crack your router? https://gridinsoft.com/blogs/can-hackers-crack-router/ https://gridinsoft.com/blogs/can-hackers-crack-router/#respond Sat, 14 Jan 2017 14:43:42 +0000 https://blog.gridinsoft.com/?p=98 Do you think that you are protected from hackers? Of course, you are using a wireless access point with encryption. You are wrong! pull your password from the air! There are 4 things, that hackers hope you won’t find out WEP encryption is unworkable for protecting your wireless network. WEP (stands for Wired Equivalent Privacy… Continue reading How can hackers crack your router?

The post How can hackers crack your router? appeared first on Gridinsoft Blog.

]]>
Do you think that you are protected from hackers? Of course, you are using a wireless access point with encryption. You are wrong! pull your password from the air!

There are 4 things, that hackers hope you won’t find out

  1. WEP encryption is unworkable for protecting your wireless network.

    WEP (stands for Wired Equivalent Privacy – is one of the security algorithms for wireless networks) just give users a false sense of security that can be easily cracked in a minute.
    Even a novice hacker can break down a WEP password within minutes which proves it a useless piece of protection.
    If you have an old router and have never changed your encryption from WEP to the advanced and more powerful WPA2 (Wi-Fi Protected Access II is a security protocol and security certification program that secures wireless computer networks) security you are in danger. Switching your router to WPA2 is a very simple process. More details about how you do this can be found on your router manufacturer’s website.

  2. Using the router’s MAC filter to avoid unknown devices from joining your network is inefficient and easy to hack.

    Each IP-based hardware has its own hard-coded MAC address in the network interface. Most routers give you the option of permitting or denying network access based on the device’s MAC address. Then router investigates the MAC address of any device requesting access and matches it with a list of permitted or denied MACs. This appears to be a great security hurdle but the problem is that hackers can fake the MAC into accepting one, which has been pre-approved.

  3. Switching off your wireless router’s remote administration feature can be a very efficient way to make your data safe from hackers.

    Most routers have a setting that gives you the option to administer the router with a wireless connection. What does this function mean? It’s that you have an access to all of the router’s settings without using the computer that you registered into the router using an Internet cable. This is very convenient for a user, it is also very convenient for a hacker. We recommend you turn off this remote access and change the security settings so you need a physical ‘hard-wired,’ connection to the network.

  4. If you use public hotspots you are the perfect victim of hacker and hijacking attacks.

    Hackers can use programs like Firesheep and AirJack to do “man-in-the-middle” attacks where they incorporate themselves into the wireless chat between sender and receiver. Once they have included themselves in the communication, they can see all your account passwords and have an access to your e-mails, etc.
    We recommend you to read our article How to use Wi-Fi for free and keep your data private.


So how to keep your PC safe?

  • First of all, create a difficult password and change it regularly. Use a long enough (12 characters at least) password that includes numbers, symbols, capital letters, and lower-case letters.
  • Ask someone to hack your site or device so you can identify weaknesses.
  • Regularly update your software, because new versions have a stronger security system.
  • Choose a strong anti-malware program for your PC so it can protect you from malware programs and data breaches. GridinSoft Anti-Malware will protect you and keep devices and information safe.

The post How can hackers crack your router? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/can-hackers-crack-router/feed/ 0 98