Risks Associated with Wireless Activity
Evil Twin Attacks
Evil twin attacks are slowly mounting as wireless device users are increasingly conducting business over the Internet. While grabbing a few minutes of connectivity is convenient and productive, identity thieves are discovering that, through
evil twin attacks, hotspots are a great way to steal unsuspecting users' private information and business data.
While users are connecting their laptops, PDAs, and smartphones to a wireless network or hotspot, a hacker may be in the area sending out his own Wi-Fi signal, with an exact replica of the sign-in Web page of a legitimate service - hence the name
The damage from an evil twin attack can have many consequences. An intruder can degrade network performance or deny service completely. An evil twin may offer fake login prompts to steal user names and passwords, which can then be used for later access by the hacker or a third party. The hacker's goal is to have unsuspecting surfers log on to the page and dole out private, sensitive data including credit card numbers, passwords, and confidential business information.
Security Risks Associated with Web Browsers
There are several measures already in place by most Web browsers to warn about unencrypted Web pages. However, various security flaws still exist in these browsers.
- Pop-up warnings: Web browsers often use a pop-up dialog box to indicate that information being sent is not encrypted. However, these boxes offer the option to users to
turn offthe dialogue box so it never appears again. Even when enabled, many users are prone to simply clicking through such warnings without paying much attention.
lockicon: Most Web browsers display a small lock icon to indicate an encrypted Web page. Though users should be diligent about looking for them every time they log on to a new Web page, they often are not. Additionally, hackers often register commonly misspelled domains names or ones that closely resemble legitimate sites. When a user is redirected to that page it will display the lock icon, and the user may not notice the changed domain name. While the connection to the site may be encrypted, the user is not communicating with the site they believe they are.
- HTTPS and unfamiliar links: Many financial services advertise the unencrypted version of their Web pages (https indicates a secure version; http, however, is easier to remember). When a user logs on to that page and clicks to enter the encrypted version, he or she can be redirected to a page with a domain name that is different than the company's normal home page. If users don't recognize the name, however, it is difficult to know if they have been redirected to a page operated by the company or a hacker.
Physical Loss of Computer
The biggest risk associated with Wi-Fi activity is, in fact, the loss or theft of the Wi-Fi enabled laptop or other devices. Before taking any action to secure Wi-Fi communication, it is important to establish the physical security of the device itself. The risks associated with the physical loss of a laptop or wireless mobile device include (but are not limited to):
In the office, physical security means using computer locking cables during the day to ensure that laptops that are in use on desks cannot simply be picked up and removed. In theory, laptops are safer at home than they are in an unattended office (i.e., don't leave your laptop or other wireless mobile devices on your desk overnight), as long as the home is secured from theft.
The real challenge is in transit: it's what happens to the laptop in the coffee shop, in its bag on the bus, plane or train, or in the taxi cab. More laptops are lost in taxis than by any other means. The basic guidance (apart from paying attention) is store laptops in nondescript carry bags, or inside brief cases or luggage - anything that doesn't look like a computer case, so as to avoid encouraging a passing criminal to consider stealing it.
When in public places, hold on to the laptop at all times, especially in bars, hotels, and airport lounges. When you're not using it, keep it under your feet or better yet, on your lap. Do not leave a laptop unattended, not in a public place, not on view inside a vehicle, not anywhere. Keep a close eye on it when you go through a security checkpoint - someone might grab it while you're distracted by something or someone else.