Ever Wondered What Commjackers Can Actually See When They Hack Into Your Device?
Posted: March 26, 2016 / Author: Dror Liwer
If you’ve been following this blog, you’ll be very well-versed in the dangers of connecting to public WiFi and cellular networks. Yes, there is a very real possibility commjackers can eavesdrop on your online activity, putting your personal information and sensitive data in the wrong hands. But what exactly do commjackers see and what can they access when commjacking and eavesdropping on your device? If you know what commjackers want, you can avoid using particular applications and sites to ensure you are protected against efforts to steal your data. May We Tweet That for You? From 2010 to 2015, the most downloaded apps worldwide have been Facebook, Facebook Messenger, YouTube and Instagram. In a culture dominated by social media, this comes as no surprise. It also means these apps are the most commonly accessed apps – comprising 14% of all smartphone usage – usually anywhere and at random times. When you’re waiting in line at a coffee shop that offers public WiFi, you probably open Twitter to check the news or Instagram to browse photos. While this is a great time to take a quick look at social networks, it is also a prime time for commjackers to scan for your device and access your accounts. Commjackers can use software or rogue WiFi hotspots to lure you into connecting to a fake network, where they will freely roam your smartphone, tablet or laptop device and find logins to your accounts. With your login information, they can then access your social profiles and other personal accounts, see your contact lists and spam your friends. Facebook, Twitter, Google+, YouTube, Instagram, Snapchat and LinkedIn are the most commonly targeted accounts. So if you’re unsure if your account is secure when accessing a public network, resist the temptation to sign in if you want to avoid a hacked account. The best way to ensure you are using a secure site or network is to look for an “S” in the “http:” portion of a URL. Without “https,” you run the even higher risk of being commjacked. What’s Up on WhatsApp? WhatsApp Messenger and Skype are two of the most downloaded apps worldwide. Moreover, instant messaging technology pulls in hundreds of millions of daily users, including 55% of all Internet users sending instant messages every day. But most of these messaging apps and services don’t offer end-to-end encryption. Services like Gmail chat, Yahoo Messenger, Viber, WeChat, Facebook Messenger, Line, Skype and Snapchat are convenient for delivering a quick message to a colleague or friend, but beware of what you are exchanging and where because communication on these services is not fully encrypted. If you are using public WiFi at the airport or a public library, commjackers can easily read your unencrypted messages. These messages along with usernames and passwords can unintentionally lead commjackers straight to a company’s classified information. Tell Me Your Mother’s Maiden NameMany commjackers begin a search for data by scanning for packets containing HTML code to see what users around them are working on and browsing. When a commjacker first receives the packet, the code is a jumbled mess, but with simple tools, the code can be rearranged to clearly state the username and password used to log-on to that site. Often, this data is also the key component of control of a website, making it extremely easy for a commjacker to enter a site and gain command. From there, commjackers are free to do whatever malicious activity they want. Their access point was easy and the process was a breeze. Scanning also identifies emails being transmitted and can give commjackers a good idea of your online activity and passwords, leading them to a full infiltration of your systems. From here, they steal your details, such as your credit card data, usernames and passwords, to sell them on the black market or use your bank account to make purchases. Beyond individual implications, these types of hacks can greatly affect an entire company. If eavesdroppers find the right target, or look for one in the logical places, such as international first-class fliers in an airport, company data and customer information could be compromised. [Tweet "Customer data is usually sold to malicious groups and exploited for monetary gain."] So it’s not just your personal Facebook account being observed; it could be your company logins or files, leading to a bigger breach. CoroNet Raises the AlarmInstead of showing your cards to commjackers, let CoroNet reveal your opponents’ cards by alerting you of an attack before damage is done. CoroNet is the ultra-precaution of defending yourself in public WiFi and cellular network environments. But practicing safe Internet habits, such as ensuring all websites are secure and mobile apps are encrypted or not showing personal information, is the first step in protecting yourself from commjacking through public WiFi. Constant connectivity should be a convenience, not a punishment.