In 2016, connectivity seems less like a technological feature and more like a birthright.
Though limitless WiFi and 4G/LTE may seem like nirvana, it also means hackers have nearly limitless opportunities to take control of your mobile device. While connectivity is a passport to the digital world, it is also a hacker’s gateway to sensitive personal and business data.
Hackers exploit how mobile devices trust the networks—both wireless and cellular—that they typically connect to. They use readily-available tools to trick a device into thinking it has found the proper network and then gain access to user passwords, usernames, personal data and employer information. And hackers can do this from anywhere, while using publically available tools.
It’s easy to forget your mobile devices are vulnerable almost anywhere you use them, especially if you have to urgently email a file to a client or update your Slack channel. So if you depend on WiFi to work – and even have fun – it’s worth reviewing the top 6 places prone for hacking.
A café is probably the leading destination for people who want to work away from the office, meet clients or friends, or just want to relax a bit with a cup of coffee. But cafés are also go-to spots for hackers to breach electronic devices. You could be seated right next to a hacker and not even realize they’re accessing your personal business data.
Many times, this will be due to the fact that publically available WAPs aren’t typically monitored for vulnerabilities. Some café’s won’t even change the default administrator password on their nodes. This means that hackers can easily take over an access point, and subsequently take over connected phones, laptops, or tablets. Alternatively, one might create a compromised access point with the same name as a legitimate service, and watch users fall for the trap, as in the “evil twin” hack written about by Andy O’Donnell. Another way is through “KARMA,” as demonstrated by Binni Shah. Regardless of method, hackers pose a legitimate threat to users and their employers’ networks.
Planes, Buses, Train Stations and Airports
Just as a coffee shop can serve as the ideal hiding spot for a hacker, so too, can an airport or bus or train station. As long as free WiFi is offered to all travelers, their devices are exposed to hackers who can sit nearby.
Even in-flight wireless—an increasingly prevalent novelty on airplanes—is not safe from attackers. Steven Petrow, a correspondent for USA Today, was hacked while in the air, ironically enough while working on a story about the privacy standoff between the FBI and Apple. While the hacker used an undisclosed technique, it’s likely to have been similar to one described in the café scenario above—a reminder that as far as connectivity is concerned, no location is likely to be safer than any other.
As tests have shown, moving cars are also susceptible. Again, WiFi is the common denominator. For example, Sammy Kamkar, found a flaw in BMW‘s ConnectedDrive software, the system that connects a BMW to the Internet for a variety of services, including navigation systems, real-time traffic and remote door locking. Researchers imitated the company’s servers and sent unlocking requests remotely.
Don’t even think about relaxing in your hotel room if you’re relying on free WiFi to finish work before turning in for the night. Practicing what is called “DarkHotel,” attackers infiltrate hotel WiFi networks and trick users into downloading malicious software that looks like a legitimate software update, and then take documents and data.
Anywhere Outside Your Home or Office
You may think, reading the tales of breach and compromise above, that there’s a simple solution to mobile security—turn off your WiFi. Unfortunately, even that decision cannot save you, thanks to a device known as a Stingray.
A Stingray device works on the same principle as the “evil twin” example described above, except that instead of impersonating a Wireless Application Protocol, Stingray mimics a cellphone tower. SmartPhones will generally connect to the closest and strongest antenna that they find, so if you walk into a Stingray’s broadcast perimeter, your SmartPhone will connect without you even knowing. Attackers will be able to siphon a user’s cellphone metadata and location information, eavesdrop on calls, and even intercept text messages.
While it’s important to note that Stingray devices have mostly been used by law enforcement in the past, they are built out of commercial off-the-shelf (COTS) components. Not only could anyone build them, there have been persistent rumors of Stingray devices in use by organized crime.
Your Home and Office
Your home may be sweet, but, alas, it also isn’t an ironclad getaway from hackers, who can strike your router.
First, routers: as Khyati Jain tells us, outdated firmware on routers that aren’t even two years old leave them open to breaches. Consider how security companies discovered in 2015 they could have “full remote unauthenticated root access” of Netgear routers.
And, no, even Barbie isn’t safe. Hackers have also found a way to infiltrate children’s toys.
Children’s bedrooms, cafés, train stations, airplanes – it doesn’t matter where you are. As this blog illustrates, as long as you rely on WiFi, no place is safe from the risk of network threats and hacking. If you’re not sure of the security of the network you’re using, don’t use it.