The Surprising Ways We Can Learn About Cybersecurity from Public Wi-Fi

4GHadmin | 03 December 2018
Reading Time: 6 minutes

A discussion of cybersecurity isn’t exactly a popular topic of conversation for most people, but those same people would likely gush at length if asked about how fond of public wi-fi connections they are! That’s a reflection of our modern world it would seem; we’re all about digital connectivity, but the potential for that connectivity to go sour on us is less of a focus of our attention. That is until it actually does go sour on you, of course, at which point you’ll be wondering why more couldn’t have been done to keep your personal information secure.

Here at 4GoodHosting, cybersecurity is a big priority for us the same way it should be for any of the best Canadian web hosting providers. We wouldn’t have it any other way, and we do work to keep abreast of all the developments in the world of cybersecurity, and in particular these days as it pertains to cloud computing. We recently read a very interesting article about how our preferences for the ways we (meaning the collective whole of society) use public wi-fi can highlight some of the natures and needs related to web security, and we thought it would be helpful to share it and expand on it for you with our blog this week.

Public Wi-Fi and Its Perils

Free, public Wi-Fi is a real blessing for us when mobile data is unavailable, or scarce as if often the case! Few people really know how to articulate exactly what the risks of using public wi-fi are and how we can protect ourselves.

Let’s start with this; when you join a public hotspot without protection and begin to access the internet, the packets of data moving from your device to the router are public and thus open to interception by anyone. Yes, SSL/TLS technology exists but all that’s required for cybercriminal to snoop on your connection is some relatively simple Linux software that he or she can find online without much fuss.

Let’s take a look at some of the attacks that you may be subjected to due to using a public wi-fi network on your mobile device:

Data monitoring

W-fi adapters are usually set to ‘managed’ mode. It then acts as a standalone client connecting to a single router for Internet access. The interface the ignore all data packets with the exception of those that are explicitly addressed to it. However, some adapters can be configured into other modes. ‘Monitor’ mode means an adapter all wireless traffic will be captured in a certain channel, no matter who is the source or intended recipient. In monitor mode the adapter is also able to capture data packets without being connected to a router. It has the ability to sniff and snoop on every piece of data it likes provided it can get its hands on it.

It should be noted that not all commercial wi-fi adapters are capable of this. It’s cheaper for manufacturers to produce models that handle ‘managed’ mode exclusively. Still, should someone get their hands on one and pair it with some simple Linux software, they’ll then able to see which URLs you are loading plus the data you’re providing to any website not using HTTPS – names, addresses, financial accounts etc. That’s obviously going to be a problem for you

Fake Hotspots

Snaring unencrypted data packets out of the air is definitely a risk of public wi-fi, but it’s certainly not the only one. When connecting to an unprotected router, you are then giving your trust to the supplier of that connection. Usually this trust is fine, your local Tim Horton’s probably takes no interest in your private data. However, being careless when connecting to public routers means that cybercriminals can easily set up a fake network designed to lure you in.

Once this illegitimate hotspot has been created, all of the data flowing through it can then be captured, analysed, and manipulated. One of the most common choices here is to redirect your traffic to an imitation of a popular website. This clone site will serve one purpose; to capture your personal information and card details in the same way a phishing scam would.

ARP Spoofing

The reality unfortunately is that cybercriminals don’t even need a fake hotspot to mess with your traffic.
Wi-Fi and Ethernet networks – all of them – have a unique MAC address. This is an identifying code used to ensure data packets make their way to the correct destination. Routers and all other devices discover this information Address Resolution Protocol (ARP).

Take this example; your smartphone sends out a request inquiring which device on the network is associated with a certain IP address. The requested device then provides its MAC address, ensuring the data packets are physically directed to the location determined to be the correct one. The problem is this ARP can be impersonated, or ‘faked’. Your smartphone might send a request for the address of the public wi-fi router, and a different device will answer you with a false address.

Providing the signal of the false device is stronger than the legitimate one, your smartphone will be fooled. Again, this can be done with simple Linux software.

Once the spoofing has taken place, all of your data will be sent to the false router, which can subsequently manipulate the traffic however it likes.

MitM – ‘Man-in-the-Middle’ Attacks

A man-in-the-middle attack (MITM) is a reference to any malicious action where the attacker secretly relays communication between two parties, or alters it for whatever malevolent reason. On an unprotected connection, a cybercriminal can modify key parts of the network traffic, redirect this traffic elsewhere, or fill an existing packet with whatever content they wish.

Examples of this could be displaying a fake login form or website, changing links, text, pictures, or more. Unfortunately, this isn’t difficult to do; an attacker within reception range of an unencrypted wi-fi point is able to insert themselves all too easily much of the time.

Best Practices for Securing your Public Wi-Fi Connection

The ongoing frequency of these attacks definitely serves to highlight the importance of basic cybersecurity best practices. Following these ones to counteract most public wi-fi threats effectively

  1. Have Firewalls in Place

An effective firewall will monitor and block any suspicious traffic flowing between your device and a router. Yes, you should always have a firewall in place and your virus definitions updated as a means of protecting your device from threats you have yet to come across.

While it’s true that properly configured firewalls can effectively block some attacks, they’re not a 100% reliable defender, and you’re definitely not exempt from danger just because of them. They primarily help protect against malicious traffic, not malicious programs, and one of the most frequent instances where they don’t protect you is when you are unaware of the fact you’re running malware. Firewalls should always be paired with other protective measures, and antivirus software being the best of them.

  1. Software updates

Software and system updates are also biggies, and should be installed as soon as you can do so. Staying up to date with the latest security patches is a very proven way to have yourself defended against existing and easily-exploited system vulnerabilities.

  1. Use a VPN

No matter if you’re a regular user of public Wi-Fi or not, A VPN is an essential security tool that you can put to work for you. VPNs serve you here by generating an encrypted tunnel that all of your traffic travels through, ensuring your data is secure regardless of the nature of the network you’re on. If you have reason to be concerned about your security online, a VPN is arguably the best safeguard against the risks posed by open networks.

That said, Free VPNs are not recommended, because many of them have been known to monitor and sell users’ data to third parties. You should choose a service provider with a strong reputation and a strict no-logging policy

  1. Use common sense

You shouldn’t fret too much over hopping onto a public Wi-Fi without a VPN, as the majority of attacks can be avoided by adhering to a few tested-and-true safe computing practices. First, avoid making purchases or visiting sensitive websites like your online banking portal. In addition, it’s best to stay away from any website that doesn’t use HTTPS. The popular browser extender HTTPS everywhere can help you here. Make use of it!

The majority of modern browsers also now have in-built security features that are able to identify threats and notify you if they encounter a malicious website. Heed these warnings.

Go ahead an make good use of public Wi-Fi and all the email checking, web browsing, social media socializing goodness they offer, but just be sure that you’re not putting yourself at risk while doing so.

0

IT Security Insiders: Expect an Escalation in DDoS Attacks for Duration of 2017

4GHadmin | 31 July 2017
Reading Time: 4 minutes

The long and short of it is that Internet security will always be a forefront topic in this industry. That’s a reflection of both the never-ending importance of keeping data secure given the predominance of e-commerce in the world today and the fact that cyber hackers will never slow in their efforts to get ‘in’ and do harm in the interest of making ill-gotten financial gains for themselves.

So with the understanding that the issue of security / attacks / preventative measures is never going to be moving to the back burner, let’s move forward to discuss what the consensus among web security experts is – namely, that DDoS Attacks are likely to occur at an even higher rate than previously for the remainder of 2017.

Here at 4GoodHosting, in addition to being one of the best web hosting providers in Canada we’re very active in keeping on top of trends in the Web-based business and design worlds. as they tend to have great relevance to our customers. As such, we think this particularly piece of news is worthy of some discussion.

Let’s have at it – why can we expect to see more DDoS attacks this year?

Data ‘Nappers and Ransom Demands

As stated, IT security professionals predict that DDoS attacks will be more numerous and more pronounced in the year ahead, and many have started preparing for attacks that could cause outages worldwide in worst-case scenarios.

One such scenario could be – brace yourselves – a worldwide Internet outage. Before you become overly concerned, however, it would seem that the vast majority of security teams are already taking steps to stay ahead of these threats, with ‘business continuity’ measures increasingly in place to allow continued operation should any worst-case scenario come to fruition.

Further, these same insiders say that the next DDoS attack will be financially motivated. While there are continued discussions about attackers taking aim at nation states, security professionals conversely believe that criminal extortionists are the most likely group to successfully undertake a large-scale DDoS attack against one or more specific organizations.

As an example of this, look no further than the recent developments regarding Apple and their being threatened with widespread wiping of devices by an organization calling itself the ‘Turkish Crime Family’ if the computing mega-company doesn’t cough up $75,000 in cryptocurrency or $100,000 worth of iTunes gift cards.

A recent survey of select e-commerce businesses found that 46% of them expect to be targeted by a DDoS attack over the next 12 months. Should that attack come with a ransom demand like the one above, it may be particularly troublesome for any management group (given the fact that nearly ALL of them will not have the deep pockets that Apple has)

Further, the same study found that a concerning number of security professionals believe their leadership teams would struggle to come up with any other solution than to give in to any ransom demands. As such, having effective protection against ransomware and other dark software threats is as important as it’s ever been.

Undercover Attacks

We need to mention as well that these same security professionals are also worried about the smaller, low-volume DDoS attacks that will less 30 minutes or less. These have come to be classified as ‘Trojan Horse’ DDoS attack, and the problem is that they typically will not be mitigated by most legacy DDoS mitigation solutions. One common ploy used by hackers is to employ a Trojan horse as a distraction mechanism that diverts guard to open up the gates for a separate, larger DDoS attack.

Citing the same survey yet again, fewer than 30% of IT security teams have enough visibility worked into their networks to mitigate attacks that do not exceed 30 minutes in length. Further, there is the possibility of hidden effects of these attacks on their networks, like undetected data theft.

Undetected data theft is almost certainly more of a problem than many are aware – and particularly with the fast-approaching GDPR deadline which will make it so that organizations could be fined up to 4% of global turnover in the event of a major data breach deemed to be ‘sensitive’ by any number of set criteria.

Turning Tide against ISPs

Many expect regulatory pressure to be applied against ISPs that are perceived to be insufficient in protecting their customers against DDoS threats. Of course, there is the question as to whether an ISP is to blame for not mitigating a DDoS attack when it occurs, but again it seems the consensus is that it is, more often that not. This seems to suggest that the majority would find their own security teams to be responsible.

The trend seems to be to blame upstream providers for not being more proactive when it comes to DDoS defense. Many believe the best approach to countering these increasing attacks is to have ISPs that are equipped to defend against DDoS attacks, by both protecting their own networks and offering more comprehensive solutions to their customers via paid-for, managed services that are proven to be effective.

We are definitely sympathetic to anyone who has concerns regarding the possibility of these attacks and how they could lead to serious losses should they be able to wreak havoc and essentially remove the site from the web for extended periods of time. With the news alluded to earlier that there could even be a worldwide Internet outage before long via the new depth and complexity of DDoS attacks, however, it would seem that anyone with an interest in being online for whatever purpose should be concerned as well.

0