It is available in hotels, restaurants, libraries, airports or train stations. Nowadays most locations offer public WiFi networks and we don’t hesitate to enjoy its benefits. It is easy and free. We take out our smartphone, our tablet or our laptop and we connect to them without thinking that a cyber-attacker could intercept our device and steal our data.
We have advised you more than once to take precautions before using them, though you probably think that no one in the coffee shop has the knowledge to spy on you. We are sorry to tell you that you are wrong: the attacker does not need a big budget or any special computer skills to steal your data. Actually, if he tries he will be able to do spy on you without any difficulty.
“All you need is 70 euros, an average IQ and a little patience”, says the hacker Wouter Slotboom. The security expert showed how, in just 20 minutes, he was able to get the personal information of almost all the users of a coffee shop in Amsterdam, even the history of their Google searches.
With only a laptop and a small device the size of a pack of cigarettes, Wouter launched a program and the antenna began to intercept the cellphones and laptop signals in the establishment. Then he ran the classic “man in the middle” attack, making his network to be the intermediary between the victim and the source: users believe they were connecting to the local network, but instead they were connected to the fictitious one the security expert deployed. He claims all the programs needed to do this can be easily downloaded from the internet.
In a short period of time, 20 users were connected to the network. But not only that, Slotboom was able to get their MacIDs and even see the specifications of their mobile phones, an information that could have easily been used for detecting the security gaps of each device. He even discovered what application was using each user.
This hacker asked the Dutch journalist who accompanied him to write his username and password. Within seconds, the data was in his possession. If we use the same password on multiple services, a technique not recommended but highly used, a cyber-attacker could easily access all the details of our virtual life. He also explained how to divert traffic, making the user believe he is entering his banks’ web but instead he is in a cloned site. This technique can be used to clean you out virtually.
You are probably thinking that because Slotboom is a security expert these tasks come easy to him, but in fact even a child could access your devices if they are connected to a public network, literally. Recently, Betsy Davis, a seven-year-old British girl, was able to spy the communications of the devices around her, which were connected to a public WiFi network, in just ten minutes.
The virtual private network (VPN) provider Hidemyass conducted this experiment to point out these networks insecurities. Betsy created a Rogue Access Point (using the same attack “man in the middle”) and began intercepting data following just the instructions she found searching in Google. The messages from the other users of the public network started coming to her instead to arriving at their rightful recipient.
If even Betsy is capable of spying on the devices connected to a public network, you should start being more careful and stop thinking that the people next to you in the coffee shop are harmless.
Although the best advice we can give you is not to use these networks, if you have to we recommend you to use a VPN service to connect through a private network, and that you access web pages with secure https protocol. Also avoid making bank transactions from an open network, in the unluckily event that there is a thieve waiting to empty your account.
Here you have some tips on how to connect to a public network safely, just in case. Its better be safe than sorry.
6 comments
nice article with good knowledge provided with information about cyber attacking how to hack data from public network
We’re glad you enjoyed it! We appreciate the feedback and we will continue to bring you useful content in the future.
All the best,
Panda Security