Do You Know What You’re Connecting To At CES?

The fact is, events like CES can be a hot spot for hackers. Unsecure WiFi connections make it easy for cyber crooks to sniff your sensitive information without leaving any footprints. What’s more, with the high concentration of wireless enabled consumer electronic devices all connecting to the same hotspot, it’s extremely difficult to spot a hotspot network name that’s out of place or an Evil Twin using the event’s legitimate hotspot name.

In the deluge of calls, texts and emails at CES, the high competition for air time is likely to trigger frequent roaming attempts as devices experience high interference and poor performance and automatically search for better access points. Even worse, hotspot operators at the venue have almost no hope of detecting suspicious activity.

Hotel WiFi Isn’t Any More Secure Than Event WiFi

That might lead you to think it would be safer to retreat to the privacy of your hotel room to use your laptop or your mobile device. Well, think again. Hotels use the same WiFi technology as events.  The truth is cyber thieves are far more interested in the confidential data transmitted over hotel WiFi hotspots than they are in the valuables left in hotel rooms. Even WiFi networks that are password protected won’t prevent any other guest connected to the same network from swiping the personal information on your device.

Hackers At Crowded Hotspots Work Just Like Pickpockets

Once you leave CES, you may be tempted to log into WiFi hotspots at the casinos, coffee shops and restaurants along the strip. But your online information won’t be secure there either. Hackers work just like pickpockets in crowded spaces.  Once they’ve gained access to users’ laptops, smartphones or tablets in busy hotspots, it’s easy to harvest their victims’ credit card, bank account and confidential business information – and use it to commit identity fraud and other crimes.

Remember, public WiFi networks are just that – not private. Whether you’re connecting to a hotspot at a big event like the Consumer Electronics Show or to a hotspot at your local coffee shop, don’t gamble with your online security.

• Make sure you install firewall and anti-malware apps on your mobile devices and install app and OS updates.
• Use long strong passwords of upper and lower case letters, numbers and symbols and different passwords for each site.  And uncheck the box that automatically saves them.
• Check before you connect to any hotspots with strange names. Ask the establishment for the name of its hotspot.  Watch out for unusual variations in the logo or name of the establishment displayed on the login page. That could be a sign it’s an Evil Twin – a fake hotspot designed to steal your data.
• Don’t connect to any network name displayed with two little computer symbols. That means you’d be connecting directly to someone else’s computer, not a legitimate WiFi hotspot.  There’s no way to tell whether it’s safe.
• Disable features that automatically connect your device to any available network. That will prevent you from accidentally connecting to a fake WiFi hotspot or to a stranger’s computer.
• Turn off file and printer sharing options when you’re at a hotspot.
• Turn off wireless connectivity when you’re not using it.
• Use a virtual private network like PRIVATE WiFi. VPNs protect your personal information by transmitting it through a secure tunnel which makes it invisible to hackers. That’s the only safe way to use WiFi hotspots.

Watch as CBS News' Jericka Duncan gets her email credentials -- including user name and password -- literally stolen out of thin air. The PRIVATE WiFi team was able to demonstrate the insecurity of public WiFi and why everyone needs a personal VPN for their security. After all, most people use the same password across multiple sites -- including email, social media, online banking, and photo-sharing sites.

A VPN like PRIVATE WiFi will encrypt everything on your device. This means hackers and crooks can't access any of your sensitive communications and personal data.

Public WiFi and Your Sensitive Information

A new online study conducted in the United States by Harris Poll on behalf of PRIVATE WiFi revealed that 66% of U.S. adults have used public WiFi; and 39% of those who have  said they have accessed or transmitted sensitive information while using it:

• 26% checked a bank account  
• 19% paid a bill
• 8% sent an email with sensitive information such as their Social Security Number or an account number
• 6% filed their taxes
• 10% have done so in another way

Despite the fact that they transmit sensitive information while using public WiFi, there are potential online security risks that people recognize. The top concerns include identity theft (88%), compromised accounts (76%), and fraudulent tax filings (39%).

Click here to enlarge infographic.

These findings come during tax season, when U.S. adults who use public WiFi may be more likely to access or transmit sensitive information containing financial data.

For Protection Against Hackers: Use a VPN

A VPN (Virtual Private Network) like PRIVATE WiFi protects you when you access public WiFi by encrypting everything you send and receive—including web traffic, emails, and IMs. PRIVATE WiFi uses the same technology employed by your bank or your credit card company to keep your data safe, while you are connected to public WiFi. By rerouting your data through an encrypted server in another location, you stay anonymous.

The survey also asked about preferences and attitudes towards VPN technology. U.S. adults who don’t already use a VPN said they would purchase one if it were affordable (45%), if they had more information overall (30%), or if their identity were compromised (24%).

The results of the Harris Poll reveal that the public needs to know just how easy it is for hackers to steal their private and sensitive information out of thin air. VPN technology can protect them, and it’s an easy, affordable solution. But they shouldn’t wait until after their identity has been stolen to seek protection. Instead, they should do so pre-emptively to avoid the inherent threats of being put in a compromising position—such as identity theft—that could happen when using a free WiFi hotspot.

Who Uses Public WiFi?

Curious about what else we learned about public WiFi users? Here are some additional facts from the survey:

• 53% of free public WiFi users are men, while 47% are women
• 37% of free public WiFi users are ages 18-34, 19% are ages 35-44, 18% are ages 45-54, 15% are ages 55-64, and 11% are ages 65+
• 64% of free public WiFi users have at least some college education
• 17% of free public WiFi users have a total household income of $50K-$74.9 and 42% have at total household income of $75K+

Share this Infographic:

<p><strong>Please include attribution to privatewifi.com with this graphic.</strong></p> <p><a href="http://www.privatewifi.com/are-you-protected-from-hackers-on-public-wifi-infographic" _mce_href="http://www.privatewifi.com/are-you-protected-from-hackers-on-public-wifi-infographic"><img src="http://www.privatewifi.com/wp-content/uploads/2014/03/AreYouProtectedFromHacker_Harris_Infographic.jpg" _mce_src="http://www.privatewifi.com/wp-content/uploads/2014/03/AreYouProtectedFromHacker_Harris_Infographic.jpg" alt='Are You Protected From Hackers on Public WiFi' width='660px' border='0' /></a></p> <p>

You might be wondering how we know for sure that public library hotspots are exposed. We know because we sent one of our employees to the New York Public Library to see if he could “listen in” to the information being sent over its public WiFi network.

As we’ve mentioned before, WiFi signals are just radio waves. That means anyone with a laptop or mobile device and free, easily accessible software can access all information being sent over a public WiFi network.

Public WiFi Leaves You Completely Exposed

In this case, our employee used a variety of readily available tools to observe risky online behavior of nearby users. The primary tool used was a proprietary program that only lists the names of the websites that people were visiting.

What he uncovered on the library’s public WiFi was astonishing:  People were accessing their financial records, filling out residential applications and apartment leases, checking their email and accessing social media websites, among other things.

Everything these hotspots users were doing online could have been captured and stolen by even a novice hacker, including their login information, financial data and credit card numbers.  

In case you still doubt it, here is what the New York Public Library’s disclaimer says about using its WiFi hotspot:                                

“When using the Library’s wireless network, please keep the following in mind:  Wireless access is provided on an “as is” basis at your own risk.  Information passing through the Library’s wireless network is not secure and may be monitored, captured or altered by others. The Library staff is not able to provide technical assistance and assumes no responsibility for changes in your wireless device configuration, security breaches and changes to data files from connecting to the Library’s wireless network.”

Cybercrimes can be committed with almost no risk of detection at WiFi hotspots. That's because it's nearly impossible to monitor how they are being used. Even the Federal Trade Commission has urged consumers to protect themselves. 

E-filing is safe and easy.  But use caution: It’s best to do your taxes on your secure home WiFi network. Even if you are using  your own laptop, e-filing on a public WiFi hotspot – no matter where it is – leaves you vulnerable. A hacker could hijack your passwords, your Social Security number and your financial data. 

Remember, if you can connect to a WiFi hotspot, so can an identity thief.

Protect Your Sensitive Information When You E-file Your Taxes

• If you use a library computer or another nonprofit organization’s computer to e-file, ask whether it’s connected to a secure network or to a public WiFi hotspot.
• If you use your own computer on a WiFi hotspot, make sure it’s patched, your firewall is turned on and your security software is up to date.
• Protect your passwords by making them long and strong. Use different ones for each site and don’t automatically save them.
• Turn off printer and file sharing options.
• Disable features that automatically connect you to any available wireless network. This will prevent you from accidentally connecting to a stranger’s computer or to fake WiFi hotspot designed to steal your information.
• Turn off your WiFi connection when you’re not using it.
• Use a VPN like PRIVATE WiFi to protect your sensitive information whenever you use a WiFi hotspot. VPNs encrypt the data traveling to and from your computer and make you invisible to identity thieves.

Oerting stated that there have been an increasing number of incidents in Europe, where hackers are using public WiFi to steal personal information from users. He also mentioned that man-in-the-middle attacks are the primary danger inherent to public WiFi networks.

In a recent BBC interview, Oerting proclaimed that it’s difficult for users to know when their identity has been stolen over WiFi networks, because while they might become aware that someone has stolen a credit card, it’s impossible to pinpoint exactly when and where it happened.

He said, "Everything that you send through the WiFi is potentially at risk, and this is something that we need to be very concerned about both as individual users but also as police.”

Man-in-the-middle Attacks

A man-in-the-middle attack is a form of active eavesdropping, where attackers within range of a public WiFi network can redirect all network traffic through their computer, usually by imitating another WiFi network. Users won’t know if they are logging into a legitimate WiFi network or a fraudulent one.

Once they connect to this fake WiFi network, attackers can see everything that users are doing on the Internet, including the websites they login into, information they access in their banking accounts, and activities they perform on social media websites.

Another man-in-the-middle attack can occur when attackers create a fake website that poses as an online bank or merchant that enables them to steal users’ login information.

Attackers can then log onto the real website using victim-supplied information.

Public WiFi is Inherently Insecure

Public WiFi networks are popping up every day, but users seem to be in the dark about the dangers they face if they do not encrypt their data. In fact, nearly all public WiFi networks transmit data without encrypting it. WiFi signals are just radio waves, and anyone with the right software can easily steal data from free public WiFi networks right out of thin air.

It is good to see that the head of the Interpol’s cybercrime division is warning users of the dangers inherent to public WiFi networks. Remember, using a VPN like PRIVATE WiFi is the only way to stay completely safe when accessing public WiFi.

That’s what WAFB 9 recently demonstrated in a hacking experiment conducted on a crowded university WiFi network in Baton Rouge, Louisiana. During the lunchtime rush, WAFB asked computer security expert Josh Henderson to find out how many IP addresses he could collect at LSU Student Union. (An IP address is a unique digital identifier for every device that’s connected to the Internet that allows the device to be pinpointed).

WiFi Hotspot Hacking:  It’s As Easy As 1-2-3

Using a program called Look@Lan, Henderson scanned the WiFi network and detected 134 IP addresses in about a minute. Not surprisingly, most of them belonged to phones, which make more connections to WiFi hotspots than any other device.

Next, Henderson used a program called Wireshark to capture information sent from devices so he could see what users might be doing online – activities like logging into email and bank accounts and checking Facebook.                                                                                         

Finally, Henderson used a tool for network administrators called Cain & Abel. Unfortunately, hackers also use Cain & Abel for ARP poisoning which makes it possible to detect when your device is online and hijack it by tricking the device into thinking it’s on the Internet when it's actually connected to a hacker's computer.  As a result, the intruder can capture people’s user names, passwords and other sensitive information without the device owner knowing it.

While LSU’s wireless network is secure, there are other unsecure WiFi hotspots in the Student Union that were easy to exploit. Using the same hacking tools, Henderson found two people, both women, who were connected to one of them. He was able to figure out one woman’s name before she revealed it. The other woman admitted she connected to any available WiFi hotspot when she wasn’t on LSU’s secure network. That, said Henderson, is a hacker’s dream. 

That kind of careless behavior on WiFi hotspots could quickly become anyone’s worst nightmare. According to Javelin Strategy & Research, smartphone and tablet users are far more likely to become victims of identity fraud than the general public. In 2013, one person became a victim of ID fraud every two seconds. Make sure this doesn’t happen to you.

Disconnect from Hotspot Hacking Risks

The Better Business Bureau offers this advice when you're connecting to public hotspots:

• Never connect to any unfamiliar network.
• Disable automatic connections to wireless networks.
• Turn off file sharing before connecting to a hotspot.
• Turn off WiFi when you’re not using it.
• Use a personal VPN like PRIVATE WiFi to prevent hackers from intercepting your data at WiFi hotspots.  

Trend Micro teamed up with First Base Technologies to set up a series of Evil Twin hotspots in London.  Hotspot users could only take part in the experiment if they consented to have their data collected. None of the participants knew beforehand about Evil Twin WiFi hotspots. And they didn’t know fake hotspots could be used to steal the information of users who connect to them.

That’s probably why the participants in the test were surprised to learn how easily ethical hackers could snatch their sensitive information from public WiFi locations. Of those surveyed, 22% said they access business e-mails on public hotspots and 10% check confidential documents. Equally alarming, usernames and passwords, coupled with their transactions on some websites, are all the kind of data cyber criminals routinely use to commit identity fraud.

Volunteer Victims React to Being Hacked After Connecting To An Evil Twin

Even though the experiment was a test, after being told they had unknowingly logged into an Evil Twin hotspot, the volunteer victims used words like these to describe their feelings: “Cautious, scared, paranoid, self-conscious, angry, worried, invaded, unsecure.”

Ten of the participants were interviewed by Dr. Chris Brauer, founder of the Centre for Creative and Social Technologies at Goldsmiths, University of London.  When he asked them about the impact of learning there could be rogue WiFi networks in public places, they said:

• Their dignity was compromised by fears of knowing they could connect to Evil Twins.
• They felt an increased lack of trust in their physical environment.
• They worried about their liability for other people’s data than for their own – especially corporate data.
• Their worst fears about compromised data were about their bank details, followed by company secrets, email log-ins and intimate photographs or communications.

In spite of the risks of their behavior, seven out of 10 participants said they had connected to an unsecure WiFi hotspot. The ease which with researchers in this experiment were able to grab mobile users’ sensitive information should be another wakeup call for WiFi hotspot users everywhere.

According to Rik Ferguson, a major contributor to the study and the global vice-president of security research at Trend Micro, IT departments provide a VPN for employees to create a secure connection to enterprise networks. However, the same principle should apply to any individual accessing public WiFi; all should have access to the same technology. So if you’re not using a VPN like PRIVATE WiFi to encrypt your data, the same thing could happen to you. If it does, it won’t be a test and the hackers who get hold of your data won’t be wearing a white hat.

Cybercriminals are setting up bogus public WiFi hotspots in airports and hotels around London, and when wealth managers from large banks, managing millions of dollars for their clients, log into these hotspots, the criminals are able to access the manager’s email account and other software.

The results have been disastrous.  These incidents shed light on just how unsafe public WiFi hotspots really are and showcase just how far behind Europe is on cybercrime awareness, as compared to the U.S.

How They Did It

According to Kroll, the cyber investigation agency, after gaining access to the wealth manager’s system, the hacker sends an e-mail to the clearing bank requesting that some of the client money held by the manager be transferred into a separate account.
When the bank e-mails the wealth manager back for confirmation, the hacker intercepts it and responds. Once the money is transferred to this other account, it disappears.

EJ Hilbert, leading the cyber investigation, reports this has happened at least six times over the last four months to London-based wealth managers, with tens of millions of dollars stolen.

Cybercrimes are up 60% over the past year in London, and in response, the London police are planning on quadrupling their cybersecurity police force over the next year.

Remember to Use a VPN

This is just one more reminder why a VPN like PRIVATE WiFi is so essential. You may not have access to millions of dollars, but we believe your personal information is worth that much, and deserves to be protected with bank-level encryption technology.

Hacking Hotel WiFi Yields A Treasure Trove of Confidential Data

Smarttech’s engineers used the hack test known as a network sniffer –
so simple, even a novice hacker can use it with ease. Within 20 minutes of hacking each hotel WiFi network – and with very little effort – they were able to access a huge amount of hotel guests’ confidential data. Their haul included email logins and passwords, credit card, banking and PayPal account details, Facebook passwords and login information for mobile phones. The company even conducted one of its security checks from outside a hotel, proving that hackers could access guests’ sensitive information from a distance.

Smarttech’s chief executive Ronan Murphy had bad news for hotspot users everywhere, not just those at Irish hotels.  He said, “The tests it conducted proved that these risks affect anyone using public WiFi.”

When It Comes to WiFi Security, The Buck Stops With Users

Smarttech contacted the hotels it hacked about their WiFi security, or should we say, their lack of WiFi security. Meanwhile, the Irish Hotels Federation said hotels should inform their guests about the nature of wireless security that’s in place and it urged WiFi users to make sure they have the necessary security installed on their devices, especially if they’re conducting commercial transactions or entering personal data online.

That’s good advice since hotel hotspots – like other public wireless networks – are by their very nature unsecure. That means it’s up to you to protect your sensitive information every time you log in. It’s not enough to ensure your security software is up to date. Nor will using strong passwords safeguard your personal data when you’re online. The only way to do that is to use a VPN like PRIVATE WiFi whenever you’re at a WiFi hotsppot. VPNs protect your identity by encrypting the information traveling to and from your laptop and mobile devices. That means it’s hidden from hackers.

Yet a recent survey by PRIVATE WiFi and the Identity Theft Resource Center found that more than three out of four respondents don’t use a VPN even though they should.

You wouldn’t leave your hotel room door unlocked.  So why would you leave your hotel WiFi connection wide open for cybercriminals?

As an internet connection is one of the most coveted things that any nomadic businessperson covets, PRIVATE WiFi is one of the featured tools in Sisson’s book:

You can access free Wi-Fi throughout most of the first world, and that’s only going to continue to increase. In second and third world countries, you take what you can get...

The upsides of having Wi-Fi constantly available are that you can work from “almost anywhere,” for free, and this gives you unbelievable flexibility in running your business, staying in touch and making money.

The downside is that most Wi-Fi signals are unencrypted. This means that anything you do online in hotels, coffee shops and airports can be intercepted by others using the same network. That’s why it pays not to login to online banking or other important sites through an unsecured network, to protect yourself from being hacked. Even anti-virus software won’t keep you safe from this...

Wi-Fi hotspots at hotels, airports and coffee shops are likely to be your lifeline to getting the job done when you’re on the road. But even though hotspots have revolutionized the way we work when we travel, they’re not secure. 

If you’re concerned about the privacy and security of your sensitive information, Private Wi-Fi is a virtual private network service (VPN) that encrypts your communications, making them invisible to hackers and creating a private tunnel within any public Wi-Fi network.

Once you download the software, you can do whatever you like online in a secure environment (with bank level encryption). There are versions for laptops (PCs and Macs) as well as tablets and phones (Android and iOS). So no matter what devices you use, your online personal and business communications are protected anywhere in the world. It’s certainly worth the monthly US $10 subscription fee.

Sisson’s thorough research in this book even uncovered a real life victim of WiFi hacking, Audrey Scott from uncorneredmarket.com. Scott’s story truly illustrates the risks involved in using an unsecured WiFi hotspot without a VPN: “When we were at the Portland Airport last year, we used their open (no password) Wi-Fi network to pay for our tickets... using PayPal. When we touched down in Berlin the next day, I saw all these emails from PayPal for Postal Service Payments... I logged into PayPal and saw that there was over $2,000 charged to our account. With the open Wi-Fi network, someone had been able to hack into my account...  Lesson learned: never do any financial transactions over an unsecured Wi-Fi network!"

Sisson’s book also covers other privacy and security threats that a traveling entrepreneur should be aware of. Additionally, she offers tips on social branding, networking, getting insurance, stretching a budget and more. The Suitcase Entrepreneur is available for purchase at Amazon.com.