14.1 C
London
Thursday, November 23, 2017
Home Tags Wi-Fi hotspots

Tag: Wi-Fi hotspots

Apple patched so-called "Trident" bugs were in iOS 9.3.5 back in August.
Study of nearly 300 apps finds shocking omissions, including a failure to encrypt.
The very nature of wireless Wi-Fi networks means that hackers or criminals simply need to be located near an access point in order to eavesdrop and intercept network traffic. Poorly configured access point encryption or services that allow data to be sent without any encryption pose a serious threat to user data. Confidential data can be protected by encrypting traffic at wireless access points.
In fact, this method of protection is now considered essential for all Wi-Fi networks.

But what actually happens in practice? Is traffic always encrypted on public Wi-Fi networks? How does the situation differ from country to country? Kaspersky Security Network statistics can answer all these questions. We compared the situation with Wi-Fi traffic encryption in different countries using data from our threat database. We counted the number of reliable and unreliable networks in each country that has more than 10 thousand access points known to us (this obviously excludes Antarctica and other regions where there is not enough data to draw any conclusions). Security of Wireless Networks Using statistics from Kaspersky Security Network (KSN), we analyzed data from across the world for almost 32 million Wi-Fi hotspots accessed by the wireless adapters of KSN users. Encryption type used in public Wi-Fi hotspots across the world Approximately 24.7% of Wi-Fi hotspots in the world do not use any encryption at all.

This basically means that by using an antenna capable of sending and receiving data at 2.4 GHz, any individual located near an access point can easily intercept and store all user traffic and then browse it for data they are interested in.

Fortunately, modern online banking systems and messengers do not transfer unencrypted data.

But this is the only thing that prevents users of Wi-Fi networks with unencrypted traffic from revealing their passwords and other essential data when using an unsecure access point. The WEP (Wired Equivalent Privacy) protocol for encryption of data transferred over Wi-Fi is used by approximately 3.1% of all analyzed access points.

The protocol was the first to be created, quite a long time ago, and is now completely unreliable – it would take hackers just a few minutes to crack it.

From a data security point of view, using WEP is not much different from using open networks.

This protocol is being relegated to oblivion everywhere, but as we see from the chart above, it can still be found in use. Around three-quarters of all access points use encryption based on the Wi-Fi Protected Access (WPA) protocol family.

The protocols from this family are currently the most secure.

The effort required to hack WPA depends on its settings, including the complexity of the password set by the hotspot owner.
It is worth noting that an attempt to decipher traffic from “personal” (WPA-Personal, PSK authentication) wireless networks (with public access points) can be made by intercepting the handshakes between the access point and the device at the beginning of the session. “Corporate” versions are protected from this sort of interception because they use internal company authorization. When it comes to “personal” WPA2 attacks, the situation is similar to that of WPA and mostly depends on the strength of the password set by the hotspot owner. It is only fair to note that during a standard attack on a Wi-Fi access point, a personal computer can generate from 50 to 300 keys per second on average.
If the encryption key is strong, it will take years to hack it.
Still, no one can guarantee that the key used at a cafe will be secure and that the attacker will have nothing but a PC at their disposal. Overall, it can be said that today’s WPA/WPA2 “non-enterprise” versions are reasonably, but not absolutely, secure.
In particular, they allow brute-force and dictionary attacks.

There are ready-to-use publicly available tools (aircrack-ng and similar software) for performing such attacks, as well as a large number of manuals. Geography of Unsecured Wi-Fi Access Points Share of Wi-Fi hotspots that use unreliable WEP or do not encrypt data (by country) We would like to note that the five countries with the highest proportion of unsecured connections include Korea (47.9% of unsecured Wi-Fi access points), while France (40.14%) and the US (39.31%) rate 9th and 12th respectively in the list. Germany appears to be the most secure among Western European countries, with 84.91% of access points secured by WPA/WPA2 protocol encryption. Share of Wi-Fi hotspots that use WPA/WPA2 (by country) However, even when using an encrypted connection, you should not completely rely upon this security measure.

There are several scenarios that could compromise even well-encrypted network traffic.

These include fake access points with names that duplicate or mimic real ones (for example, TrainStation_Free or TrainStation Free) and compromised routers forwarding traffic without encryption to attackers (malware tools that infect such devices are already “in the wild”).

At any rate, taking care of your own security is a good idea. Recommendations for Users There are several simple rules that help protect personal data when using open Wi-Fi networks in cafes, hotels, airports, and other public places. Do not trust networks that are not password-protected. Even if a network requests a password, you should remain vigilant. Fraudsters can find out the network password at a coffee shop, for example, and then create a fake connection with the same password.

This allows them to easily steal personal user data. You should only trust network names and passwords given to you by employees of the establishment. To maximize your protection, turn off your Wi-Fi connection whenever you are not using it.

This will also save your battery life. We recommend disabling automatic connection to existing Wi-Fi networks too. If you are not 100% sure the wireless network you are using is secure, but you still need to connect to the internet, try to limit yourself to basic user actions such as searching for information. You should refrain from entering your login details for social networks or mail services, and definitely not perform any online banking operations or enter your bank card details anywhere. To avoid being a target for cybercriminals, you should enable the “Always use a secure connection” (HTTPS) option in your device settings.
It is recommended to enable this option when visiting any websites you think may lack the necessary protection. If possible, connect via a Virtual Private Network (VPN). With a VPN, encrypted traffic is transmitted over a protected tunnel, meaning criminals won’t be able to read your data, even if they gain access to them. And, of course, you should use dedicated security solutions.

They inform users about any potential dangers when connecting to a suspicious Wi-Fi network and prevent any passwords or other confidential data from being compromised if there is a threat. One example of a dedicated solution is the Secure Connection tool included in the latest versions of Kaspersky Internet Security and Kaspersky Total Security.

This module protects users connected to Wi-Fi networks by providing a secure encrypted connection channel.
Secure Connection can be launched manually or, depending on the settings, activated automatically when connecting to public Wi-Fi networks, when navigating to online banking and payment systems or online stores, and when communicating online (mail services, social networks, etc.).
Enlarge / The debate hall at Hofstra University hours before the debate is set to begin.Spencer Platt / Getty Images News reader comments 47 Share this story News organizations attending Monday evening’s presidential debate must pay $200 for a “Secure Wireless Internet Connection” at Hofstra University in New York state.

The debate is set to begin at 9pm Eastern. While profiteering during a high-profile occasion such as this is not unheard of—$15 for a patch cable?—what’s worse is that event staff at Hofstra University are reportedly using a $2,000 device to actively scan for hotspots and other ad-hoc Wi-Fi networks. Dear god. @RyanBeckler just sent me this from Hofstra.

They're charging $200 for media WiFi access. pic.twitter.com/VSagT6ZerF — (((Steph Haberman))) (@StephLauren) September 26, 2016 There was just an announcement in the debate filing center that personal wifi dongles are prohibited, instead you must buy their $200 wifi — Jim Newell (@jim_newell) September 26, 2016 Politico reporter Kenneth Vogel, who posted a related photo, said on Twitter that journalists are essentially being given an ultimatum: use your own hotspot and get “tossed” from the debate site. (Of course, this problem can simply be solved via a Bluetooth or USB tether from an active smartphone to a laptop.) Hofstra's action may be unlawful under an advisory published by the Federal Communications Commission in January 2015 which found that "willful or malicious interference with Wi-Fi hotspots is illegal." As Ars reported previously, the FCC fined fined Marriott $600,000 in October 2014 for blocking customers’ personal Wi-Fi hotspots at a Nashville, Tennessee, branch.

Although Marriott paid the fine, it remained defiant and filed a request for rulemaking with the commission, asking that Wi-Fi blocking be permitted. Marriott’s reasoning was that it could better manage the security of its own network if it blocked unauthorized Wi-Fi broadcasts. Neither Hofstra University nor the FCC immediately responded to Ars’ request for comment. UPDATE 8:29pm ET: Apparently the overpriced Wi-Fi is actually down, according to Wired editor Emily Dreyfus.
‘I vote Trump! free Internet’ A Wi-Fi hack experiment conducted at various locations at or near the Republican National Convention site in Cleveland underlines how risky it can be to connect to public Wi-Fi without protection from a VPN. The exercise, carried out by security researchers at Avast, an anti-virus firm, revealed that more than 1,000 delegates were careless when connecting to public Wi-Fi. Attendees risked the possibility of being spied on and hacked by cybercriminals or perhaps even spies while they checked their emails, banked online, used chat and dating apps, and even while they accessed Pokemon Go. Avast researchers set up fake Wi-Fi networks at various locations around the Quicken Loans Arena and at Cleveland Hopkins International Airport with fake network names (SSIDs) such as “Google Starbucks”, “Xfinitywifi”, “Attwifi”, “I vote Trump! free Internet” and “I vote Hillary! free Internet” that were either commonplace across the US or looked like they were set up for convention attendees. Of the people connecting to the fake candidate name Wi-Fi in Cleveland, 70 per cent connected to the Trump-related Wi-Fi, 30 per cent to the Clinton-related Wi-Fi. With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting.

Although convenient, this feature is eminently easy to exploit by cybercriminals who set up a false Wi-Fi network with a common SSID. Moreover, web traffic can be visible to anyone on any Wi-Fi network that is unencrypted.

Any Wi-Fi that does not require a password is a risk. In its day-long experiment Avast saw more than 1.6Gbs transferred from more than 1,200 users.
Some 68.3 per cent of users‘ identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps.

The researchers scanned the data, but did not store it or collect personal information. Avast learned the following about the Republican National Convention attendees: 55.9 per cent had an Apple device, 28.4 per cent had an Android device, 1.5 per cent had a Windows Phone device, 3.4 per cent had a MacBook laptop and 10.9 per cent had a different device 13.1 per cent accessed Yahoo Mail, 17.6 per cent checked their Gmail inbox, and 13.8 per cent used chat apps such as WhatsApp, WeChat and Skype 6.5 per cent shopped on Amazon, and 1.2 per cent accessed a banking app or banking websites like bankofamerica.com, usbank.com, or wellsfargo.com 4.2 per cent visited government domains or websites 5.1 per cent played Pokemon Go 0.7 per cent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup 0.24 per cent visited pornography sites like Pornhub.com “With Washington heatedly discussing cybersecurity issues virtually every week, we thought it would be interesting to test how many people actually practice secure habits,” said Gagan Singh, president of mobile at Avast. “Understanding the talking points behind these privacy issues is very different from implementing secure habits on a daily basis.

Though it is not surprising to see how many people connect to free Wi-Fi, especially in a location with large crowds such as this, it is important to know how to stay safe when connecting. When joining public Wi-Fi, consumers should utilize a VPN service that anonymizes their data while connecting to public hotspots to ensure that their connection is secure.” ® Sponsored: Global DDoS threat landscape report