Hacking is so easy these days, even non-hackers can do it. Some kinds of hacking, that is.
Like public wifi, for example. To spy on people’s Internet browsing while they’re sipping a cup of brew, you don’t need to be a pro. Thanks to freely available online software, you barely need to know anything about coding.
I tell you this not to encourage you to start snooping around at coffee shops and airports. But so you’ll be better aware of the need to protect yourself against shady characters that do that sort of thing. Because the barrier to entry is not high.
In the same way that tools like Blogger and WordPress made it easy for anyone to have a good-looking blog without knowing a stitch of code, freely downloadable “sniffing” software has made it easy for anyone to be able to hack into someone’s wifi session and see what they’re surfing.
These software tools are actually meant for IT administrators to troubleshoot network problems. But like everything, they can be used for good or for evil.
Let’s say you’re grabbing lunch at your favorite café, waiting for your order to arrive. You pull out your tablet and begin browsing some news sites over the cafe’s wifi to catch up on the latest headlines. Unbeknownst to you, that guy in the corner is snooping on your traffic and can see everything you’re seeing.
You may not care that he now knows you’re interested in the media buzz around Donald Trump. But let’s say you decide to log in to a forum you belong to. Now the hacker has your username and password. With those credentials, he can try logging into some other accounts you might be re-using them on – Facebook, Gmail, etc.
See, if the sites you’re surfing are not https-encrypted, the guy in the corner will be able to see everything you’re seeing. And the majority of sites still aren’t – out of the top 100 most popular sites, only 25 use encryption by default.
If you think you’re safe because the wifi you’re using is password-protected, think again. Anyone else with the password (and the right software) would be able to spy on your browsing.
Watch out for that hotspot
And it gets trickier. For a very small hardware investment, a snoop can set up his own rogue wifi hotspot that appears legitimate. If you use it, he can not only see what you’re seeing, he can also jump in and alter what you’re seeing. So you think you’re logging into Gmail, but you’re actually logging into his spoofed Gmail page – and now he has your credentials. This is known as a man-in-the-middle attack, and you can see some fun examples of it being done in this video where three politicians were hacked. This kind of attack is more complicated, but it can still be picked up pretty quickly in online tutorials.
But why would someone do this? It gives them a way to snag some sensitive info about you, which opens the door to plenty of opportunities for exploitation. And the end goal is usually, of course, money.
Yep, hacking wifi is pretty easy these days. Much easier than a lot of things regular people are expected to do. (As an American, filing my US taxes comes to mind.)
But fortunately we don’t have to fall victim. With online privacy, as with a lot of things in life, we need to look out for ourselves. They say you should take responsibility for your health by “being your own doctor.” If that analogy can be carried over to public wifi, you can take responsibility for your privacy by using your own VPN.
A VPN (Virtual Private Network) creates a secure connection so that your public wifi connection will be protected from snoops. Even with their sniffing tools, all they’ll be able to see is encrypted gobbledygook. (Bonus: our VPN is even easier to use than wifi hacking tools.)
If you don’t want to use a VPN, then just use your imagination. Imagine a shady stranger is spying on your connection, and don’t do anything you wouldn’t want them to see. Someone, after all, might be watching.
Photo: Getty Images
After F-Secure principal security consultant Tom Van de Wiele stepped into the #CyberSauna for the second episode of…
January 19, 2018