DUBAI // We’ve all strolled into a coffee shop looking for a decent cup of coffee and a free wifi connection before.
But as one internet security specialist and “former ethical hacker” demonstrated on Wednesday, a free internet connection can sometimes come with the price of being exposed to malicious cyber criminals.
Jason Hart, a chief technology officer in charge of identity and data protection with security company Gemalto, demonstrated at a Dubai Media City restaurant how hackers could be monitoring an unsuspecting surfer’s web activity before they’ve even taken a sip of their macchiato.
Using a device that looks like a small router, that he says can be bought in the United States for roughly US$80 (Dh293), Mr Hart set up a wifi network with its own unique name and connected it to the venue’s wifi.
The network, which is often labelled with an innocent-sounding name such as “free public wifi” showed up in the list of available networks of those searching for wifi, conning users into selecting it – and allowing it to access the user’s data.
He said his device, for which he would not give its official name out of fear that crooks might invest in it, isn’t illegal, but can be used to perform illegal acts.
“What I’m trying to emphasise here is this tiny little gadget is so powerful, so the risk is immense,” he said. “Any built-up public area, I can just drop this, leave it, and everyone thinks they’re connected to the internet, when in fact there is someone collecting information.”
The network, which is often given an innocuous name such as “free public Wi-Fi” showed up in the list of available networks, conning users into selecting it and allowing it to access their data.
Mr Hart said his device is legal but can be used for illegal acts. He kept its name to himself so as not to tip off hackers.
Using it, he said he could see anything typed on the screen, such as credit card and banking details and emails.
He also had access to “cookies” stored on connected devices, which would give him access to password data.
Many are unaware of the risks, Mr Hart said.
“I can see everything on the internet that you’re doing,” he said.
“I can be invisible, intercept and put messages on your computer. I can inject content into your browser, I can extract content, I can do all of this without you knowing.”
The device also allows him to see who is logged on to the venue’s official Wi-Fi and kick them off, forcing them to go through his fraudulent network.
Even devices loaded with social media applications that are not being used but still have Wi-Fi enabled – such as phones and tablets stowed away in a handbag or pocket – are also vulnerable to the device.
“All those apps are talking and I can intercept all of that traffic,” Mr Hart said.
He gave several tips on how to protect personal data when using public Wi-Fi. It should always be disabled when not in use, and users should switch to using one-time passwords, which are available with services such as Gmail and also used by banks.
And 4G or mobile data should be used instead of Wi-Fi whenever possible.
Mohammad Hasbini, a senior researcher with security software company Kaspersky Lab, said the threats associated with public Wi-Fi were serious, and he advised people to limit their use as much as possible.
“Those who pursue online financial transactions or access personal or corporate data while using an open public Wi-Fi network put themselves at risk of having data and accounts stolen,” he said.
Mr Hasbini quoted a study by his firm showing that fewer than one in five users in the UAE adapt their online surfing habits when using public Wi-Fi networks, despite the threats.
Source: uae news