Are you always on the hunt for open public hotspots to save on data costs? Or perhaps you are on the road and you need an internet connection to quickly check on remote documents on your work laptop.
We have warned you before about how crooks can use public Wi-Fi networks to steal your data or even rig public charging stations to steal your data. It is quite simple and easy really for determined hackers to set up fake public "honey pot" traps.
Yesterday, former top hacker turned cyber security consultant Kevin Mitnick demonstrated to ABC's Four Corners how easy it really is.
Mitnick was arrested in 1995 for the security breaches of more than 40 major corporations including Nokia, Motorola, and IBM. He served five years in prison and is now one of the top white-hat security consultants in the industry.
In the Four Corners video, Mitnick showed how a hacker can steal data by setting up a fake Wi-Fi public hotspot with a legitimate-sounding name, like "Telstra Air" in an airport, as used in his example.
Once the victims unsuspectedly log into the fake Wi-Fi network, the hacker could then sniff and record all the keystrokes coming from their devices, including usernames and passwords from websites they visit, such as banking information.
Mitnick says once this user information is stolen, hackers could then send out fake software updates to the target computers to install malware. If the malware is successfully installed, the hackers will gain full control of the infected computers.
He also said that these hacking tools are so accessible to everyone on the internet that even high school students download and deploy them.
To summarize, here are the three steps that Mitnick demonstrated:
- Hackers set up their own fake public Wi-Fi with a misleading name.
- Upon logging in, the victim's keystrokes are recorded and stolen to obtain personal information.
- Hackers will send malware disguised as updates to the victim's computer. Once the malware is installed, the hackers gain full control of the computer without the victim's knowledge.
For more pointers on how to protect yourself, please check out our tips on how to stay safe on public Wi-Fi.
How to protect yourself:
When you do connect to public networks, encrypted data is essential to your online security. However, you can't always trust that the network is encrypting that data for you. Visiting SSL sites, or websites that begin with the letters H-T-T-P-S means that the data exchanged is being encrypted. But you still may want to take additional precautions. Here's how:
- VPNs: You might not realize that it's easy to create your own private network. VPNs, or Virtual Private Networks, can be created wherever you go if you have the right software. There are several apps that create VPNs, as well as online security software.
- Online security software: Encryption is also something that's included with some antivirus software. This software offers security for your computer, smartphone and tablet, so that you're covered no matter which device you're using.