The Dangers of Public WiFi: Were you Hacked on your Daily Commute?
I had to do it. Afterall, I talk about it with customers and prospects daily. Had to see for myself.
About a week ago, I was on a train in Australia. Heading from Melbourne to my home in Essendon at about 4:50pm. There were about 60 passengers riding along and I needed to finish up some work. It was when I reached to turn on my phone’s hotspot that I got the idea.
Acting like a hacker, I changed my hotspot name. It was the name of a well-known technology store. Open WiFi and no password.
And I waited… Not long…
Within one minute, nine devices (nine phones) connected and I could see:
- Device names;
- Model numbers; and
- User names.
I obviously did nothing with the information and I quickly turned off my hotspot. However, If I had been a hacker, there are a number of things I could’ve done with the information I garnered, mainly use it as recon to profile for further attacks.
Unfortunately, this example of hijacking WiFi to eventually hack into a phone happens all too often. The overwhelming majority of attacks – by our estimates, over 90% – start with the most used feature on a mobile device: the WiFi connections. Unfortunately, WiFi relies on mostly insecure protocols and standards, making them easy to impersonate or intercept, mislead and redirect traffic.
Most users of mobile devices are completely unaware their devices are being attacked because there are very few, if any, telltale signs their device has been compromised.
“Bad WiFi” is one of the seven – what we call – “The Most Mobile Menaces” employers and employees face every day.
Whether it’s an OS Exploit, a Rogue Profile, Phishing, Bad WiFi, Man in the Middle Attack, a Malicious and/or Risky App, we really need to be on the watch. These attacks can occur anywhere – – at the airport, coffee shop, hotel, office lobby, and – as I saw first-hand – a crowded train.
So, what can be done to protect from the dangers of public WiFi?
I’m very proud to say, the best way for a business to protect itself and its employees is with Zimperium’s zIPS. zIPS is the world’s first mobile intrusion prevention system app. It provides comprehensive protection for iOS and Android devices against mobile network, device and application cyber attacks. In other words, no more worrying about The Most Mobile Menaces, including Bad WiFi.
In addition, zIPS can detect both known and unknown threats. Much like a doctor can diagnose an illness by analyzing the symptoms your body is exhibiting, zIPS analyzes the behavior of your mobile device. By analyzing slight deviations to the mobile device’s operating system’s statistics, memory, CPU and other system parameters, our detection engine – z9 – accurately identifies, not only the specific type of malicious attack, but also the forensics associated with the who, what, where, when, and how of an attack occurrence.
Zimperium developed the innovative and award-winning z9 engine by training it over many years on proprietary machine-learning algorithms. The algorithms distinguish normal from malicious behavior on Android and iOS devices. The z9 engine sits directly on the mobile devices within the zIPS app. Doing so, maintains privacy and provides complete protection around the clock. Cloud-based mobile security solutions employs app sandboxing or tunneling traffic through the cloud.
For the passengers on my train ride – or for anyone – you should never “hitch a ride” on an unknown hotspot. Configure your device to not connect automatically to networks. Of note, if the passengers had zIPS on their phones, they would have been notified they were connecting to an unsecure network with a warning saying, “connection to an unsecured network exposes your device to attack by an unauthorized party to access your network data and/or credentials.”
Daniel Ciampi is Country Manager for Australia/New Zealand at Zimperium. Daniel forges key customer relationships and develops the emerging market while challenging the status quo.
The post The Dangers of Public WiFi: Were you Hacked on your Daily Commute? appeared first on Zimperium Mobile Security Blog.