Gadgetell | Tech News, Reviews, and Interesting Things

Ah, summer.  Time to relax, go visit friends, vacation.  No worries, right?  Well, there may be a small one if you like to use public Wi-Fi on your travels.

The latest trend for the in hacker is what has become known as “vacation hacking.”  It works by the hacker setting up fake Wi-Fi hot spots where they can lure in unsuspecting travelers.  Some favorite locations are airports and hotels.  Vacationers think everything is safe, especially if it is set up to somehow include the name of the place they are currently in while trying to connect.  Little do they realize that instead, they are logging on to phony networks, and handing over all the information on their laptops.

A recent investigation by Fox News showed that a wireless security company called AirTight Networks, based out of the Silicon Valley, sent in a crew of their own hackers to see what was up with all of this.  These guys are known as “white hat” hackers, the good guys.  They try to shut down the “black hat” hackers to see what they do and how they do it in order to stop it.

What they found was rather disturbing.  After checking out the Wi-Fi networks at 27 airports (20 in the US, five in Asia, and two in Europe), they found insecure networks all over the place being used to run things like baggage claim and the ticketing system.  On top of that, a huge percent (77%) of the Internet connections being made were actually peer-to-peer networks.

At every single location, they found fake Wi-Fi hot spots that were set up by hackers on a mission—phishing for the clueless vacationers’ information successfully.

“More and more people are traveling with Wi-Fi devices like smartphones and laptops,” says Marian Merritt, Internet safety advocate at the computer-security giant Symantec.  “Airports and airlines and hotels are responding. They’re setting up free Wi-Fi networks to lure in customers. Now they’re luring in hackers as well.”

Most of the people didn’t seem to either realize or care if the Wi-Fi they were using was secure or not.  The just would sit down, open up their laptop and look for a connection, and get down to business.  And, they did all kinds of business on insecure connections.  Not just checking email, but banking, paying credit card bills, buying stocks—all the sorts of things a person shouldn’t be doing on public Wi-Fi.

“Much of the time, people just log in to the first robust network they see,” says AirTight spokeswoman Della Lowe. “When we did our airport study, we found only 3 percent of the people were using secure networks.”

And even those “secure” networks may not be too safe according to their study because 80% of the private Wi-Fi networks that they surveyed were secured by Wired Equivalent Privacy (WEP) protocol (which was cracked 8 years ago).

As a result of the study, some companies are starting to beef up security.  American Airlines made changes, as did JetBlue, where they found the insecure baggage claim machines at JFK. 

“Phishing is a risk that exists anywhere there are wireless services available, which is pretty much everywhere these days,” says JetBlue spokesman Bryan Baldwin.  “At our Terminal 5 at JFK, where we offer free Wi-Fi, we have measures in place to minimize risks for our customers,” he said. “We’d prefer not to go into detail about the specifics of those measures, because the details could be used by clever hackers against the defenses.”

Anyone knows, and the security experts agree, you want to stay on the offensive when it comes to this area.  Some advice from Symantec comes in five simple steps.  While it may seem like common sense to some, it still bears repeating.

1. Pay attention to your surroundings.  Just because you are on vacation does not mean you’re not in public.  Don’t look at important documents when sitting in a waiting area for a plane or a train — wait until you’re alone and in private for that.

2. Beware of “Evil Twins.”  Some Wi-Fi networks look legitimate but are actually dummy networks created by criminals.  Even if they contain the name of your airport, airline, or hotel, they will directly link your computer to the hacker’s.  If you always use the official access keys provided by the establishment, then you should be safe.

3. Always assume Wi-Fi connections are being eavesdropped on.  Never enter sensitive data—Social Security numbers, bank account information, etc.—when browsing the Web via a Wi-Fi network.

4. Set all Bluetooth devices to “hidden,” not to “discoverable.”  Better yet, if you don’t use Bluetooth, just shut off the function altogether.

5. Keep your security software current and active.  Mobile PCs are just as vulnerable to viruses, worms and Trojan horses as are desktops, so make sure you have the latest protection installed.

Bottom line, just because you are on vacation, don’t assume the “black hats” are as well.

Read:  [foxnews]