Do you ever consider the threat posed by WiFi Hacking?
As the former owner of a Managed Service Provider (MSP) business, and somebody who has worked in the IT industry all my life, I consider myself quite cybersecurity savvy.
However, I realised I had become complacement in connecting to public WiFi hotspots.
And then, I started to become aware of the very real dangers of connecting to an unfamiliar WiFi signal.
Can you really trust free WiFi?
The dangers of connecting to a free WiFi signal hit home for me a few years ago, when my wife and I were staying at a very nice Airbnb.
Free WiFi was provided by the owners, and shortly after we arrived, my wife and I needed to log in to our online banking to make a funds transfer.
I opened my laptop and logged onto the Airbnb provided WiFi.
Then, I opened a web browser and went to log on to our online banking when the thought suddenly hit me.
While I was treating the Airbnb WiFi as trustworthy and reliable — how did I really know that?
The truth hit me that, in reality, I couldn’t trust the WiFi and so needed to err on the side of caution.
As a result, since that time, I’ve taken my WiFi security seriously.
And if you don’t think the threat of WiFi security applies to you, I’d encourage you to read on…
A Demonstration of WiFi Hacking
Business owners are told that WIFI hacking is a real danger to their business, but if you see how it’s done, it really brings it home.
Here, Privatise employee Claudia (‘the hacker’) demonstrates a live hack, and it makes for fascinating (albeit scary) viewing!
How a WiFi Hacker Works
WIFI data is sent as easily-intercepted radio waves, and hackers use interception tools.
One such interception tool (the one seen in the demo above), a WiFi Pineapple, is cheap to buy and is frequently used by cybersecurity professionals.
Although there are several ways a hacker can compromise your system, the ‘hacker’ in this demo clones the wireless network and sets up an evil twin.
The hacker achieves this by firstly doing a site survey.
A site survey scans for and displays not only the wireless networks available, but the devices looking to connect to a wireless network.
As a result, the top four lines of code you’ll see in the video represent four open networks in the region of the hacker’s computer.
Within the pineapple interface, the ‘hacker’ creates a fake wireless access point that mimics one of the available networks.
This fake access point is created in the hopes that victims will connect to it.
In the ‘open SSID’ section of the video, the hacker enters one of the networks found in the site survey, reduces the maximum number of clients to five and then updates the access points before saving the configuration.
The pineapple’s radius restarts, emitting the cloned fake access point.
As you can see in the video demo, a phone and a tablet are used instead of a real client, and these are shown as connected in the dashboard.
NB: during the course of this demo, the ‘hacker’ ensured that no other devices could connect to the cloned network.
The ‘Evil Twin’ Hack
The ‘hacker’ runs a second site survey, and in the demo, you’ll see that the network addresses are on two different channels, but with the same Service Set Identifier (SSID).
If you look closely, you’ll see that the BSSID (MAC address) is different, but it can be spoofed to make it look exactly like the original network!
The real danger of connecting to an evil twin access point is that the ‘hacker’ can now see all the traffic coming through his network from the victim’s devices using a TCP dump.
In the demo video, traffic from the devices connected to the cloned network is visible, including from Facebook, YouTube and other sites.
The ‘hacker’ saves all of this information to review and exploit at a later date.
Potential Damage from a WiFi Hack
In the video, the split screen shows the victim’s computer, a PC running Windows 10 and Chrome, on the right.
On the left, the ‘hacker’s’ computer is intercepting WIFI data via the pineapple.
The ‘hacker’ has added a ‘man in the middle’ proxy, which sits between the victim’s computer and the web and reads information from the victim’s machine.
The victim logs on to an Apple account, an Amazon Web Services management console and a WordPress admin area with their usual usernames and passwords.
It appears to the user that the sign-in has failed, but his information has successfully been captured on the hacker’s computer.
The ‘hacker’ then closes the hack session, the victim returns to a regular session and is able to log in as usual.
As a result, the user is none the wiser that their username and password have been stolen!
The reality is that their login details have been syphoned off and entered onto the ‘hacker’s’ network to be used at their convenience.
In five minutes, we’ve watched an extremely successful hack quickly set up and at minimal cost.
However, the victim may only find out they’ve been hacked at a later date when their compromised data is used.
How Can You Avoid WiFi Hacking?
If the above scenario scares you (and it should do!) then you’re not alone.
How many hotel, coffee shop, pub or other public WiFi hotspots have you connected to under the assumption they are secure?
As a result of watching the video, you may be wondering how you can stay safe using WiFi.
The quickest method would probably be to avoid using free WiFi.
Instead, rely on connecting to the Internet via your smartphone’s 4G or 5G connectivity.
However, this is not always practical (or possible).
Therefore, one way to stay safe when connecting to a WiFi connection is to use a Virtual Private Network, or VPN.
When you should use a VPN when connecting to WiFI
Very simply put, a VPN tool encrypts any data that is transmitted by your computer.
As a result of the encryption, your data is virtually unreadable by hackers.
I’ve written before about consumer-grade VPN tools including:-
- ProtonVPN – Protect Your Privacy with a Free VPN
- ExpressVPN – High-Speed, Secure & Anonymous VPN Service
- TunnelBear – VPN for Chromebooks
Many of these tools are low-cost, or free to use.
Consumer tools like this could be recommended for friends or family. They will help them stay safe when away from the home or office.
However, if you’re an IT Solution Provider or Managed Service Provider, these consumer tools won’t be a good fit for your clients.
For example, you don’t want to be managing dozens, hundreds or even thousands of users working with different consumer products!
Therefore, if you’re an IT business, I’d recommend reading my article on How To Secure Clients with a Managed VPN for MSPs.
For instance, within my business, we use Privatise VPN.
Privatise is easy to deploy and manage for MSPs, and very easy to use for end-users.
When it comes to WiFi security, the majority of us think that we would never become a target. However, the reality is that everybody is a target for Cybercriminals!
Therefore, when it comes to using any type of public WiFi connection you need to stay safe.
This public wifi connection might be a hotel, restaurant, coffee shop, pub, or even an Airbnb.
Using your 4G or 5G connectivity is safer than connecting to an untrusted WiFi connection. However, this is not always practical, and so I’d always recommend the use of a Virtual Private Network (VPN).
A VPN tool will encrypt your WiFi traffic, making your data inaccessible to hackers.
The bottom line here is, you cannot blindly trust WiFi connections. Hackers can, and will, easily fool you into giving up your confidential data via WiFi.
Make sure that you use a VPN tool and stay safe on WiFi!
I’m intrigued — have you experienced a WiFi hack? What are your thoughts on staying safe when away from your home or office?
Please, leave a comment below or get in touch.