Malware risk on unsecured WiFi networks

Security camera

Image via Wikipedia

It’s something I have mentioned previously but it’s worth reiterating…. using unsecured WiFi networks put you and your precious data at risk. This is true not just when connecting to such networks via your laptop whilst on the move. It’s just as true when using your smartphone or iPad or iPod Touch, indeed any of the various types of devices that come with a WiFi ability.

“Consumers need to realize that mobiles, whether smartphone or tablet, are mini computers,” said David Gorodyansky, CEO of AnchorFree. “This means all the vulnerabilities of a computer exist, often with a less-protected OS.”

For companies and individuals, smartphone access should be a concern when that access is via unsecured mobile networks. For banks and e-commerce sites in particular, as well as consumers,  security has become much more important now than ever before.

So, what steps can you take to protect yourself? Well, just like when using your normal PC, don’t click on links in unsolicited emails (known as ‘phishing’ emails) and don’t respond to emails that you weren’t expecting, or from sources you hadn’t signed up to and certainly don’t click on links asking you to verify your logon details, in particular ones claiming to be from your bank.

Be wary of emails that come from social networks such as Facebook, MySpace and the likes of Twitter, especially if it’s not from any of your regular contacts. Spam is a real problem at the moment with these and there are numerous scams going around the social networking world at the moment.

It’s good advice to never give out personal information via email, smartphone or on the Web, and always verify independently  any unknown text or email message, game, application or security update.

Don’t logon in the first place to an unsecured network and instead use security all the time, using a VPN to encrypt and secure your browsing.

For more on the risks of malware on wifi and other networks read http://www.technewsworld.com/story/71816.html

You may also want to check out these excellent security sites:

Related articles

Enhanced by Zemanta
Advertisements

The Future of Wi-Fi

A photograph of a metro Wi-Fi antenna in Minne...

Image via Wikipedia

Wi-Fi is growing in popularity, according to the WiFi Alliance (but then it would say that, wouldn’t it!). However, it appears to be the case, with increasing numbers of smartphones coming with built-in Wi-Fi and one only has to think of the iPad and the iPhone sales numbers to realise that there is a growing number of wireless devices out there.

So, what can we expect from our wi-fi in the future? Well, 802.11n is becoming more ubiquitous and now the Wi-Fi industry has its sights set on increasing Wi-Fi throughput and range, with upcoming certification programs for Wi-Fi in the 60 GHz frequency band and with Very High Throughput (VHT) Wi-Fi in 5 GHz.

There is also the introduction of Wi-Fi CERTIFIED Wi-Fi Direct™, a certification program for device-to-device communication without a wireless network or access point. This may well see the death of bluetooth.

Certainly, the rapid growth in wireless devices (device shipments expected to reach two billion by 2015 )  means we all need to think  more about security and avoid using unsecured networks whenever possible. It’s thought that some 400, 000 of the 3.5 million hotspots around the world are unsecured and vulnerable to hacking, so beware.

Enhanced by Zemanta

Wi-Fi Firesheep Hacking Tool Threat to Public Wi-Fi

Mozilla Firefox Icon
Image via Wikipedia

Firesheep is a Firefox add-on that it possible for anyone to hack into open Wi-Fi networks, such as those commonly found in public networks. Written by Eric Butler, it allows you to intercept cookies by Amazon, bit.ly, Facebook, Twitter, CNET, Cisco, Dropbox, Google and numerous others. The technique is known as ‘HTTP session hijacking’ (or ‘sidejacking‘). The programmer also says its easy for any competent programmer to write their own plugins to add to the sites that can be hacked.

The captured cookies contain the login details of the unsuspecting user of the public network and will also display their photo and name in the browser sidebar. By double-clicking on the user you can then login to the site in question, just as if you were the actual user. The potential for anyone to exploit this for nefarious ends is frightening, and should make everyone think twice about using public (open) networks at all.

Butler has said that the only effective way to combat the vulnerability his Firefox web browser add-on Firesheep takes advantage of is for the sites to use full end-to-end encryption, known as HTTPS or SSL but many sites default to the HTTP protocol because it’s quicker.

Although you can download the add-on from eleewhere I am not including any links here to it as I don’t want to encourage such activity.

Enhanced by Zemanta

Google sinks deeper in the mire of its own creation

Its a while since the fuss over Google’s Street View cars ‘stealing’ wifi details as it cruised by our houses first blew up. We may have forgotten about it but the lawyers haven’t and now Google has come clean. Finally, they have admitted to taking some emails, URLs and passwords during its Street View operation. How many precisely isn’t clear but it means Google is now facing further legal action and in all probability, a hefty fine. hefty by most folk’s measure but in this case it seems the maximum fine could be just £500,000. This is a tiny amount for a company as rich as Google. Admittedly, this is only in the UK but even so, it’s nothing.

The same can’t be said about the negative publicity that Google will receive and its not likely to be the end of the matter either, with other countries legislators looking to fine them too. Some commentators think Google has broken no laws so that no fine is possible. Privacy groups of course have a different view and are calling for Google to be heavily punished.

Whether you believe Google acted in a malicious and illegal manner or that it was an entirely unintentional and accidental error on their part is somewhat irrelevant. What’s important is that if Google can collect private data so easily ( a drive-by snatch ) then how easy can it be for a determined hacker? All this underlines the need for you to have decent security on your wireless network, so make sure you are using WPA2 (and not the easily hacked WEP) security on your network. Otherwise you are asking others to come and steal your private data, possibly your identity and your money sitting in your bank accounts too. You have been warned.

Othello Tech Systems

Enhanced by Zemanta

Thousands of UK Wi-Fi users still vulnerable to hackers

A diagram showing a possible WI-FI network.
Image via Wikipedia

It seems the message still isn’t getting across. A recent report by insurance firm CPP shows some 40,000 wi-fi networks across the UK could be easily hacked, often within a few seconds. What’s most shocking about this finding is that almost half of them had no password at all – that’s nearly 20,000!

These networks are vulnerable to even the most inept hacker. With little more than a laptop, a wireless connection and some easily obtained software all of these networks could be hacked and the owner wouldn’t even know it. That means if they are using their internet connection to do online banking that they could find their logons stolen, followed soon after by their cash. They are also vulnerable to having their online identity stolen, their computers taken over and turned into zombies spewing forth spam and sending more viruses and Trojans around the net.

Another surprising finding of the research is that 82% of those interviewed thought their networks were secure. This just underlines the fact that most of the public have little understanding about Wi-Fi security and are oblivious to the risks they are facing. When one considers that Wi-Fi is very common now on smartphones and other devices (iPods and iPads for example) then this is a very worrying situation indeed. Its difficult to know what can be done about it too as most of the public develop a glazed look whenever you try and explain Wi-Fi security through the use of WPA2 security etc.

One solution would be for manufacturers to design devices with automatic security configuration and the SSID and wireless keys stuck on a label on the device. SKY do this with some of their routers so it’s possible to do it. Until all Wi-Fi devices come automatically configured with WPA2 encryption however, it’s down to the end-user to educate themselves and make sure their devices and networks in general are all properly secured.

Check out my post here for some tips on how to do this. I intend to write another post on how to secure your Wi-Fi network step by step so keep visiting.

Enhanced by Zemanta

WiFi: Definitions in Plain English

IEEE Logo
Image via Wikipedia

Computers and computing can be somewhat bewildering for the novice. The terminology can be somewhat technical and ‘geeky’ at times. In view of this, I thought it would be a good idea to have a ‘Plain English’ guide, so here it is.

Wi-Fi

Sometimes written as WiFi, this is really a trademark of the Wi-Fi Alliance to be used with products and devices that have been approved and meet the required standards for wireless products and devices. The standard is known as IEEE 802.11 and so the next definition is for IEEE. Wireless products and devices basically use radio technology to broadcast and receive signals between devices.The actual name ‘Wi-Fi’ doesn’t actually stand for anything, but was a marketing term coined to be more catchy than IEEE 802.11!

The original standard and specification for Wi-Fi was proposed in 1980 and in May 1985 the U.S Federal Communications Commission made available several radio bands for unlicensed use. Other countries followed its lead and 1991 the foundation of what we now know as IEEE 802.11 was established by NCT/AT&T in Holland.

An interesting story is that it was actually CISRO (Commonwealth Scientific and Industrial Research Organisation), an Australian Government scientific body, that obtained the first patent for its version of wireless data transfer technology in 1192. They successfully obtained a similar patent in the US in 1996, essentially for the mathematical formulae used in Wi-Fi. In 2000, they successfully gave the first practical demonstration of the world’s first wireless LAN (Local Area Network). In April 2009, they successfully sued Intel, Microsoft, HP and Dell for $250 million for infringing their patents.

The advantage of Wi-Fi is that unlike wired networks, you don’t need wires! So, you can use your laptop (for example) at some distance from your router without needing to be physically tethered by a cable (Ethernet – see below) to your router. This means you can work on your laptop in the garden whilst the router sits in the house as normal. However, you can only does this if you a wireless router and a wireless adapter or internal wireless card in your laptop. However, most routers these days are wireless and most laptops come with an internal wireless card.

There are some differences between how Wi-Fi is implemented in different countries. The bandwidth for Wi-Fi signals is divided into channels. In the U.S. there are only 11 channels (1 to 11) whilst in most of Europe there are 13 (1 to 13). In Japan there are 14. However, to further complicate matters, the 2.4 GHz band used by most Wi-Fi devices, there are actually 5 channels. This means that of the channels in the U.S. there are only three channels which do not overlap (1, 6 & 11), whilst in Europe most countries have 4 (1, 5, 9 & 13)! You can change what channel your wireless router operates on by logging into the configuration page in a browser window. This is one way to minimise interference from adjacent networks operating on the same channel. This is quite common as most routers come with a default setting out of the box and so there’s a good chance your neighbours will all have their routers using the same channel as yours. In this situation it best to try each of the non-overlapping channels to see which gives the best signal.

IEEE

IEEE 802.11 is a set of standards carrying out wireless local area network (WLAN) computer communication in the 2.4, 3.6 and 5 GHz frequency bands. They are created and maintained by the IEEE LAN/MAN Standards Committee (IEEE 802). The base current version of the standard is IEEE 802.11-2007.

The Institute of Electrical and Electronics Engineers or IEEE (read I-Triple-E) is an international non-profit, professional organization for the advancement of technology related to electricity. It has the most members of any technical professional organization in the world, with more than 395,000 members in around 150 countries. [credit:Wikipedia]

Originally established in 1963 following the merger of two organisations, Institute of Radio Engineers (IRE, founded 1912) and the American Institute of Electrical Engineers (AIEE, founded 1884), it publishes the standards for Wi-Fi but does not test actual devices. This led to the forming of the non-profit Wi-Fi Alliance in 1999 to enforce standards and to promote the wider use of wireless local area network technology. An important part of its role is to ensure the backward compatibility of devices whenever the standard is revised and updated. This means that if you use say a 802.11n router it will still work with your old 802.11g adapter.

You will see some devices are labeled as 802.11 b/g, some as 802.11a/b/g and some as 802.11 a/b/g/n. This refers to the standards that it is compatible with and as mentioned above, a 802.11 a/b/g/n device should work with a 802.11 b/g device. Some devices may simply be labeled on the box as Wireless G or Wireless N or MIMO. Wireless G devices are 802.11 a/b/g devices and Wireless N and MIMO devices are 802.11a/b/g/n devices.

Power issues

As well as using power (electricity), wireless devices signal output (the strength of the radio waves transmitted in effect) is measured  in terms of decibels over a reference power emitted by an isotropic radiator (of radio waves) with an equivalent signal strength. What this means is that different kinds of antenna radiate their signals in different patterns. Some are omnidirectional, some are directional. Also, the signal is not truly omnidirectional (like in a sphere around the antenna) but varies along the length and is also perpendicular. This gives a sort of doughnut shaped space around the antenna. If the antenna is vertical, the strongest signal will be found on the same level in a horizontal direction. The power of the antenna is given as a measurement such as 20 dBm (equivalent to 100 mW).

Typically, a wireless router rated as 802.11b or 802.11g will have a range of about 32m (120 ft) indoors and 95m (300 ft) outdoors. In theory, 802.11n routers can exceed that by more than two times. However, all these distances are affected by various factors. These not only include interference from adjacent networks but also other devices that operate n the 2.4 GHz band. These include baby alarms, cordless phones and microwave ovens. Also, physical obstacles such as buildings will affect the signal strength and quality. Some reports even claim that chicken wire in plaster walls can kill wi-fi signals almost completely. As this was a technique used by some Victorian builders, if you live in a Victorian house with walls like these then you are going to have problems.

Some manufacturers, such as hField technologies of the U.S., claim that their devices can provide better signal strength and signal quality through the use of proprietary technology. Certainly, their claims for their Wi-Fire adapter have been backed up in many a review over the years and so far no-one has sued them for the Wi-Fire not living up to the claims of range to 1,000 feet with signal strength being improved to 300% compared to internal wireless cards in laptops. [I must declare my own interest at this point. As the UK distributor of the Wi-Fire I am somewhat biased. I sell it because it lives up to its claims but you should read the reviews and make up your own mind before purchasing the Wi-Fire.]

Another aspect of the power requirements of wi-fi devices is that they are fairly high consumers of electricity and this means that always leaving your wireless card in your laptop on will deplete your battery quicker. The advice is to turn off your wireless card when not needing to connect to a network or browse the internet. Same principle applies to your smart-phone by the way, so if yours comes with wi-fi, turn it off when not needing to use it. This also applies to bluetooth but as this requires less power than wi-fi it will run your battery down less.

Ethernet

I mention Ethernet here as although wireless networks don’t rely on wires (hence the name), wireless routers come with with Ethernet ports and it’s not uncommon to first connect your computer via Ethernet cable to set up your router and especially when setting up security (see below) on it.

Ethernet is a family  computer networking technologies for local area networks (LANs). The name came from the physical concept of the ether.

Ethernet is standardised as IEEE 802.3 (see above under IEEE). The combination of the twisted pair versions of Ethernet for connecting end systems to the network, along with the fiber optic versions for site backbones, is the most widespread wired LAN technology. It has been used from around 1980 to the present, largely replacing competing LAN standards such as token ring, FDDI, and ARCNET.

Security

You should never operate your network without security. The risks have increased since the introduction of Wi-Fi and so its vital to make sure your network is secured. Unlike wired networks, wireless ones broadcast information widely in the vicinity of your devices (router and computer’s wireless card or adapter). This means its possible to someone, with the right knowledge and equipment, to snoop on your network traffic and using software, hack into your system, perhaps stealing passwords, personal information, downloading files from your computers and even using your internet connection to illegally download files or upload viruses etc. A German citizen was recently prosecuted for having an unsecured  wireless network which someone else used to illegally download files from the internet so its important to secure your network.

Security begins with the router itself and once again you will need to login to the configuration page using a web browser (Firefox or Safari or Internet Explorer). Usually you type in an I.P. address in the format 192.168.x.x where it might be for example 192.168.1.1 or 192.168.2.1. Once the configuration page has loaded you will find a menu with various options, one of which will be labeled ‘Security’. There you will find various settings such as SSID and password.

SSID

Service set identifier, or SSID, is simply a name that identifies a particular 802.11 wireless LAN. It’s wise not to use something too obvious for your network name, such as ‘familyname’ or ‘name+house number’, e.g. ‘Robertsons‘ or ‘Smith72.’ Likewise, its best to change it from the default as these are widely known. I recommend something boring and meaningless to any would-be hacker such as ‘networkdefault‘or simply ‘default‘.

Password

Passwords are easy to get wrong. Many people use ones that are too easy to crack such as ‘Frido68‘ or ‘heidismith22‘. Usually a minimum of 6 characters is required and it must consist of at least one letter and one number character. However, its best to include characters such as punctuation (! or ; or ? for example) and other symbols (such as @ or % or $) as well. Even better is to use a secure password generator such as 1Password or an extension for Firefox or Safari that will easily generate a secure password and will also store it securely for you. Such secure passwords will look something like 7vbZx4Z&*UZJeccPDF. Not easy to remember but even harder to crack, which is what matters. bear in mind you will need to write this down if you have other computers on the network in order to set them up to use your network but once this is done you should destroy the note.

So, that’s all for now. In another post I will cover some of the other annoying acronyms used when talking about networks such ‘ad-hoc‘ and ‘repeater‘.

If you are interested in reading more about the hField Wi-Fire then check out www.hfield.com and www.newbeltanetechmedia.co.uk

Enhanced by Zemanta

Google still in the doghouse over its sniffing of private unsecured wi-fi networks

Image representing Google as depicted in Crunc...
Image via CrunchBase

It seems that the company that prides itself on ‘doing no evil’ is still in the doghouse over recent admissions that it ‘inadvertently’ gathered snippets of data from private unsecured wireless networks whilst gathering images for its Street View service on Google Maps.

Not only is there a move in the US for a Class Action in the courts against Google, but government officials around the world are demanding that Google lets them look at just what data it did collect.

In a funny twist, Google is claiming that if it did so it might be breaking data protection laws and so its not, as yet, handing over the data!

Whatever the final outcome of this, its perhaps just another example of how Google is no longer going to get an easy ride. Further evidence of this are moves to get US legislators to investigate Google under anti-competition laws in view of the virtual monopoly it has in online search.

Enhanced by Zemanta