Are you always on the hunt for open public hotspots to save on data costs? Or perhaps you are on the road and you need an internet connection to quickly check on remote documents on your work laptop.
We have warned you before about how crooks can use public Wi-Fi networks to steal your data or even rig public charging stations to steal your data. It is quite simple and easy really for determined hackers to set up fake public "honey pot" traps.
Yesterday, former top hacker turned cyber security consultant Kevin Mitnick demonstrated to ABC's Four Corners how easy it really is.
53-year-old Mitnick was arrested in 1995 for the security breaches of more than 40 major corporations including Nokia, Motorola and IBM. He served five years in prison and is now one of the top white-hat security consultants in the industry.
In the Four Corners video, Mitnick showed how a hacker can steal data by setting up a fake Wi-Fi public hotspot with a legitimate-sounding name, like "Telstra Air" in an airport, as used in his example.
Once the victims unsuspectedly log into the fake Wi-Fi network, the hacker could then sniff and record all the keystrokes coming from their devices, including usernames and passwords from websites they visit, such as banking information.
Mitnick says once this user information is stolen, hackers could then send out fake software updates to the target computers to install malware. If the malware is successfully installed, the hackers will gain full control of the infected computers.
He also said that these hacking tools are so accessible to everyone on the internet that even high school students download and deploy them.
To summarize, here are the three steps that Mitnick demonstrated:
- Hackers set up their own fake public Wi-Fi with a misleading name.
- Upon logging in, the victim's keystrokes are recorded and stolen to obtain personal information.
- Hackers will send malware disguised as updates to the victim's computer. Once the malware is installed, the hackers gain full control of the computer without the victim's knowledge.
To watch the ABC Four Corners excerpt, click play on the YouTube video below:
How to protect yourself:
When you do connect to public networks, encrypted data is essential to your online security. However, you can't always trust that the network is encrypting that data for you. Visiting SSL sites, or websites that begin with the letters H-T-T-P-S means that the data exchanged is being encrypted. But you still may want to take additional precautions. Here's how:
- VPNs: You might not realize that it's easy to create your own private network. VPNs, or Virtual Private Networks, can be created wherever you go if you have the right software. There are several apps that create VPNs, as well as online security software.
- Online security software: Encryption is also something that's included with from our sponsor, Kaspersky Lab. Total Security software offers security for your computer, smartphone and tablet, so that you're covered no matter which device you're using. This coverage includes anti-phishing technology, Wi-Fi security alerts, webcam protection, secure shopping and banking, malware detection, and more.
How it works:
Kaspersky Total Security scans your computer for threats, blocks malicious programs from installing, steers you away from phishing sites, makes online banking safer and so much more. A single license covers up to five gadgets whether it's Windows, Apple or Android.