NET SECURITY I That mysterious someone can steal your personal data by duplicating the networks you find at local hot spots
Gillian Shaw
Sun
Ryan Purita of Totally Connected Security says it’s easy for thieves to steal passwords and confidential information in public wireless zones. Photograph by : Peter Battistoni, Vancouver Sun
If you use your laptop at your local coffee shop to catch up on banking or shopping online, your financial secrets could be going straight to the latte-sipper with a laptop open at the next table.
“Give me an encrypted wireless network and in 10 minutes I will give you the password,” said Ryan Purita, a senior security consultant with Totally Connected Security.
Purita is among security experts who warn wireless hotspots can be minefields for unsuspecting computer users. Even legitimate security-enabled sites can be cracked with hacker software that’s freely available on the Internet.
Free short-range wireless Internet access is sweeping across North American cities, but it’s coming with a security cost. That’s the risk of signing on to a free WiFi network or one purporting to be from a legitimate carrier and instead ending up on a so-called “evil twin” network where identity thieves can pick off personal data.
Combine that with the risk of running into a “man-in-the-middle” wireless scam and enterprising identity thieves can turn wireless hotspots into their own little profit-making centres.
“Sharing information via the Internet is a positive thing and doing so can reap a great deal of positive benefits,” said Staff Sergeant Bruce Imrie, Pacific regional coordinator for the RCMP’s integrated technological crime unit. “But people need to be aware there are also risks involved.
“Many people consider WEP or wireless encryption programs to be secure when in fact they are relatively easily broken.”
WEP, a wireless encryption protocol for wireless local area networks, is typically used on wireless networks identified as “security enabled” and requires a WEP key to sign on. There is more stringent security available; including WPA2, for WiFi Protected Access 2 but WEP is still the most common.
Punching in a WEP key or a password can lull users into thinking their data transmissions are safe.
That isn’t necessarily the case.
“Technology is always one step behind the bad guys,” said Christopher Faulkner, president and chief executive of CI Host, a Web hosting and data management centre with 300,000 customers around the globe. “WEP is junk encryption. … All you have to do is intercept one packet and you know the password.”
That leaves security experts warning users to limit their public wireless computing to non-critical tasks such as Web surfing or checking e-mail that they wouldn’t mind sharing with strangers.
“People should be aware that what they are doing could be captured by a third party,” said Faulkner. “They have to ask themselves, would it be okay if they saw it published in a newspaper, or a copy given to their wife, or would their banker approve of them sending those confidential documents where they could be read by a third party.
“It is like having someone standing over your shoulder looking at your computer and they could be yards away from you in the coffee shop.”
Faulkner points out that since wireless networks don’t have to have unique names, identity thieves can easily masquerade as legitimate WiFi providers.
“It is no wonder hackers set up evil twins and name them T-Mobile or Linksys or D-Link,” said Faulkner. “If you are a hacker and you want to broadcast an evil twin, you’ll mimic a legitimate or real SSID [the public name of a wireless network].”
So if your home wireless network is called Linksys, your computer will log on if it finds a network of the same name, whether that’s at home, at the local coffee shop or in an airport in another country.
“You could think you are on a trusted network and that Linksys could be a rogue access point with somebody logging everything you are typing in your keyboard,” said Faulkner.
An “evil twin” operates by duplicating a legitimate WiFi hotspot provider. The hacker gives the network a feasible-sounding name and a log in page that looks like the real thing. When you type in the required password or credit card information, the hacker has scored and likely you’ll find the wireless connection ends there.
In the case of the “man-in-the-middle” scheme. a hacker can get between your computer and the legitimate wireless access point, scooping all the information that you transmit while you are online.
“He can log into a real access point and pay five bucks or whatever it is to get a day pass, then he turns on Internet sharing on his laptop,”Faulkner said. “He has a $50 wireless access point and he broadcasts an SSID called Rogers, or he could call it ‘free Starbucks Internet.’
“Your computer scans and says, ‘free Starbucks Internet — cool,’ and it will connect.”
Meanwhile, everything you punch into your computer is being logged by the interceptor so passwords, credit card information or inflammatory e-mails about your boss are available for the hacker’s perusal.
“Using your laptop in public over a wireless connection, particularly when it is free, is the same as letting someone look over your shoulder while you are punching in your banking PIN,” said Ron O’Brien, senior security analyst for North America for Sophos, an Internet security company. “Keep in mind if you are using your laptop in a public place over what may not be a secure network, do not conduct any kind of transaction where the information you are exchanging with a third party may fall into the wrong hands.”
It’s not only free wireless access that poses the risks. Even if you have a paid account with a WiFi provider for its hotspots, you could fall victim to a pirate of the airwaves. There are measures such as VPNs — virtual private networks — that safeguard wireless computing but for the most part these are steps taken by corporations, not consumers just hoping to do a little Christmas shopping while they have a coffee.
“We are seeing an increase in this type of incident,” Telus spokesman Shawn Hall said of schemes such as evil twin networks and man-in-the-middle interceptions.
Hall said people often let their computers default to the strongest wireless signal and that may not necessarily be the one they trust, or a hacker could fake a network to fool users.
“If you are not 100-per-cent confident about what you are doing, don’t do anything sensitive like banking or business,” said Hall. “Don’t just do that in a random cafe, do that somewhere you trust on a network you know.”
Michael Kuhlmann is a co-founder of FatPort who left that wireless hotspot company to start another company, Colony Networks, that delivers managed wireless services to small and mid-sized customers. He said he has been using public access points for five years and has never installed extra security software on his laptop.
“There is no question people should be vigilant,” he said. “This could be on the rise, especially because there are more wireless users.
“I do think that the future of these networks will include some sort of over-the-air security, but the man-in-the-middle attacks, the evil twin attacks are really tricky to safeguard against.”
© The Vancouver Sun 2006
