Hackers can steal your info in three easy steps when you use public Wi-Fi

Are you always on the hunt for open public hotspots to save on data costs? Or perhaps you are on the road and you need an internet connection to quickly check on remote documents on your work laptop.

We have warned you before about how crooks can use public Wi-Fi networks to steal your data or even rig public charging stations to steal your data. It is quite simple and easy really for determined hackers to set up fake public "honey pot" traps.

Yesterday, former top hacker turned cyber security consultant Kevin Mitnick demonstrated to ABC's Four Corners how easy it really is.

53-year-old Mitnick was arrested in 1995 for the security breaches of more than 40 major corporations including Nokia, Motorola and IBM. He served five years in prison and is now one of the top white-hat security consultants in the industry.

In the Four Corners video, Mitnick showed how a hacker can steal data by setting up a fake Wi-Fi public hotspot with a legitimate-sounding name, like "Telstra Air" in an airport, as used in his example.

Once the victims unsuspectedly log into the fake Wi-Fi network, the hacker could then sniff and record all the keystrokes coming from their devices, including usernames and passwords from websites they visit, such as banking information.

Mitnick says once this user information is stolen, hackers could then send out fake software updates to the target computers to install malware. If the malware is successfully installed, the hackers will gain full control of the infected computers.

He also said that these hacking tools are so accessible to everyone on the internet that even high school students download and deploy them.

To summarize, here are the three steps that Mitnick demonstrated:

  1. Hackers set up their own fake public Wi-Fi with a misleading name.
  2. Upon logging in, the victim's keystrokes are recorded and stolen to obtain personal information.
  3. Hackers will send malware disguised as updates to the victim's computer. Once the malware is installed, the hackers gain full control of the computer without the victim's knowledge.

To watch the ABC Four Corners excerpt, click play on the YouTube video below:


How to protect yourself:

When you do connect to public networks, encrypted data is essential to your online security. However, you can't always trust that the network is encrypting that data for you. Visiting SSL sites, or websites that begin with the letters H-T-T-P-S means that the data exchanged is being encrypted. But you still may want to take additional precautions. Here's how:

  • VPNs: You might not realize that it's easy to create your own private network. VPNs, or Virtual Private Networks, can be created wherever you go if you have the right software. There are several apps that create VPNs, as well as online security software.
  • Online security software: Encryption is also something that's included with from our sponsor, Kaspersky Lab. Total Security software offers security for your computer, smartphone and tablet, so that you're covered no matter which device you're using. This coverage includes anti-phishing technology, Wi-Fi security alerts, webcam protection, secure shopping and banking, malware detection, and more.

How it works:

Kaspersky Total Security scans your computer for threats, blocks malicious programs from installing, steers you away from phishing sites, makes online banking safer and so much more. A single license covers up to five gadgets whether it's Windows, Apple or Android.


Topics: Speaking Engagements, Telstra Air, penetration testing, phishing simulation, fake software, cyber security, IBM, Motorola, Nokia, Password Management, record keystrokes, security breaches, Kevin Mitnick Security Awareness Training, Wi-Fi, banking information, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›