TMCnet News
FRAUD HOTSPOT ; Wi-fi users are at risk from hackers [Mirror (UK)](Mirror (UK) Via Acquire Media NewsEdge) MOBILE phone users surfing the internet from free wi-fi "hotspots" could be exposing themselves to fraud. An investigation by Your Money revealed just how easy it is to hack into someone's wireless phone connection. Armed with pounds 50 worth of hardware and freely available software, we discovered it's possible to spy on the websites a person is viewing and potentially steal highly sensitive information, like email and bank log-in details. Michael Stout, an "ethical" hacker who helped expose the security flaws, had this blunt advice for phone users: "Don't send anything over public wi-fi that you wouldn't feel comfortable shouting across the room." SECURE His stark words may shock the nearly 13million Britons with one of the latest "smart phones" with internet access, with models like Apple's iPhone and the Black-Berry proving big sellers for Christmas. And they're set to play an even more important part of daily life, with recently announced technology allowing shoppers to make purchases by swiping their handset across a till scanner. Smart phones have two options to get online; their 3G network or via a wireless router. Experts say, if you use the first option, there is relatively little to worry about because the connection should be secure. Concern surrounds wi-fi "hotspots", which people may be tempted to use because they offer a strong signal and are often free. A growing number of outlets, including Starbucks and McDonald's, have installed the technology to at t r a c t customers. But while these firms have done nothing wrong, experts claim that with the right equipment, it's possible for hackers to exploit the connection. This is how it works; a hacker with a few simple items of hardware and a laptop sits down in a public space and transmits a signal that, to the untrained eye, makes his computer appear to be just another wi-fi hotspot. Many smart phones are set-up to connect to the strongest wi-fi they find, so automatically log-on. Alternatively, hackers can trick the smart phone to connect to their hotspot rather than a legitimate one - known as a "man in the middle" attack. Either way, it's possible for the fraudster to look at - or "sniff" -the websites being viewed. But things become a lot more serious if the phone user is looking at their email, social networking or online banking website. With the right software, (the website YouTube even has step-by- step videos showing how the hacking works) it's possible for a hacker to steal a person's username and password. And with even the most basic personal information worth a packet, it's easy to see why a criminal would go to this effort. Email addresses can change hands in the criminal underworld for pounds 7 each and credit card numbers for pounds 20, but the big money is in bank details, which can go for between pounds 6 and pounds 80. Crooks also make money from addresses, phone numbers, national insurance numbers, full names and dates of birth. Your Money joined Michael Stout at the offices of Firebrand Training, in central London to experiment by setting-up our own fake wi-fi hotspot. Within minutes of going live, several smart phones or laptops had loggedon - the first step to being snared. A previous experiment carried out in conjunction with identity protection firm CPP showed more than 200 people connected to its fake hotspot over an hour. A spokesman from fraud prevention body Cifas said: "In the same way pick-pockets loiter around busy areas, so fraudsters will target where s m a r t p h o n e u s e r s congregate. "To maker matters worse, you don't need to be a genius to intercept this data." Danny Harrison, from CPP, said: "The first many people know they've been a victim of ID fraud is when they get a demand for payment from a firm they've never used or the bailiffs come knocking. "You have to convince those concerned that you're innocent, which in some cases can be easy, but other times takes months and months to put right and can be very traumatic." Even if you're not using public wi-fi hotspots, it's important you follow some basic rules to make a crook's life harder. A survey last year by Get Safe Online found two-thirds of smart phone owners don't use a password or PIN number to lock their handset . That's even more serious if you let websites remember your username and password details. Most people do it to avoid forgetting but it's a dream come true for anyone who steals your phone . And think twice about any personal information you store on your phone. Six out of 10 smart phone owners admit they store their home telephone number as 'Home' on their mobile - determined fraudsters may call the number, purporting to be someone else, and try to find out more details about you. HELP 1 Disable wi-fi "auto connect". 2 Know who you are connecting to. 3 Disconnect if you notice strange website behaviour. 4 Avoid transmitting sensitive or personal data over public wi- fi. 5 Get to know your phone - read the manual (c) 2011 ProQuest Information and Learning Company; All Rights Reserved. |