Computer hacker Jonathan Singer wants to remind everyone that not all hackers are of the so-called "black hat" variety who have sinister intent.
"White hat" is what I do in my industry and profession, to help secure networks and bring awareness to make it safer," said Singer.
The longtime computer enthusiast tells Local 6 that one way "black hat" hackers can steal information from smart phones and other mobile devices is through free public Wi-Fi hotspots, like the kind found in coffee shops, gyms, and airports.
The longtime computer enthusiast tells Local 6 that one way "black hat" hackers can steal information from smart phones and other mobile devices is through free public Wi-Fi hotspots, like the kind found in coffee shops, gyms, and airports.
A skilled hacker with a laptop and some free software can intercept data being shared on a Wi-Fi network, similar to someone eavesdropping on conversations at a cocktail party.
"It's called 'sniffing,'" said Singer. "Your computer determines whether information (shared on a Wi-Fi network) is meant for you or is meant for somebody else. For the most part, your computer is going to say 'this isn't meant for me' and discard it. What we're saying is, 'everything is meant for me.'
To demonstrate how a hacker can view data on a mobile device, realtor Charlene Larney accessed a free public Wi-Fi hotspot along the Sanford Riverwalk using her iPhone. It did not require her to enter a password.
Larney then navigated her phone's web browser to Realtor.com, a website she visits several times a day. She pulled up a map showing home listings in East Orange County. Within seconds, Singer was able to view that exact same map on his laptop, along with other data Larney's phone was sharing on the public Wi-Fi.
"We can basically reconstruct what her web page looks like," said Singer. "Anything that is appearing on her phone screen when she visits the website, I get a copy of that information, too."
Larney then navigated to another website with her iPhone, where she typed a secret message in a text box. Almost instantaneously, Singer's laptop displayed the phrase, "Hi, how are you?"
"I couldn't believe he could pull it up in just seconds and see everything I'm looking at," said Larney, who had never given much thought to security using public Wi-Fi. "They can see where you're going, where you're traveling to, where you live, your bank information."
To demonstrate how a hacker can create a phony Wi-Fi hotspot, Singer attached a small device with antennas to his laptop called a Wi-Fi Pineapple. With it, he is able to broadcast his own Wi-Fi signal. By naming it something enticing like "Free Wi-Fi," a mobile device user might be tricked into logging onto it.
"It's what we call 'man-in-the-middle'," said Singer. "You can provide that free internet service, but you're monitoring all of the traffic."
With the Wi-Fi Pineapple, Singer can also mimic a legitimate Wi-Fi hotspot and force the mobile device to log on without the user's knowledge.
After a mobile device accesses a Wi-Fi network, such as one at Orlando International Airport, it constantly sends out signals trying to automatically establish contact with that Wi-Fi network again. Using the Wi-Fi Pineapple, Singer is able to see all of the places a mobile device has accessed Wi-Fi previously. He can then create his own Wi-Fi signal using one of the legitimate Wi-Fi hotspot names, tricking the mobile device into logging on to his network.
"Because I'm in control of the wireless access point, and you're connected to my device, I rule that thing," said Singer.
Once a mobile device is connected to a hacker's Wi-Fi network, a phony software update can be sent to the phone, giving the hacker access to text messages, photos, and other private information, according to Singer.
So how can mobile device users protect their data?
“I don't want people feeling hopeless,” said Singer. “With a little bit of awareness they can surf safely online and they can transmit information they consider sensitive, as long as they know what to look for.”
He recommends avoiding free public Wi-Fi that does not require a password. By requiring a password to access the internet, the Wi-Fi provider has also likely enabled encryption on the network, making it more difficult for hackers to view the data being shared.
Big-name companies that provide free Wi-Fi without passwords, such as Starbucks and McDonalds, probably have additional security features in place to protect its customers, according to Singer.
“They're going to invest in the hardware to prevent these kinds of attacks,” he said.
When transmitting sensitive data on a mobile device, Singer makes sure the website uses encryption, usually noted by a padlock icon and green text in the address bar.
“Everybody in the social media game these days has enabled encryption,” said Singer, suggesting sites like Facebook and Instagram have additional security measures in place.
And Singer urges mobile device users to be selective about their online activity while connected to a public Wi-Fi network.
And Singer urges mobile device users to be selective about their online activity while connected to a public Wi-Fi network.
“If its sensitive information, such as banking, personal notes, even medical information, that's generally something you don't want to share in public,” said Singer. “You wouldn't have that conversation in public, so you wouldn't transmit it in public either.”
AAP’s ‘free Wi-Fi Delhi': Here is a reality check
Delhi is filled with hope, and expectation, as it waits for the Aam Aadmi Party to take charge. One of the things on top of the AAP government’s agenda is its promise to make Delhi a Wi-Fi city. A good chunk of Delhi’s youth also seem to be waiting to see this promise become a reality.
However, the idea seems to have trickled down to the Delhi janta in a distorted form. As AAP ideologue Yogendra Yadav says, in a democracy there is a gap between “what you say and what people hear”.
 |
| There is no mention of free where the AAP manifesto mentions Wi-Fi. But it says Wi-Fi will be freely available. |
Here is a reality check:
1. Will the Wi-Fi be free?
Yes and no. Yes, if you are trying to access government websites and other public services. No if you are trying to download a movie or watch a YouTube video. Like most free public Wi-fi services there will be free service for a limited period, most probably 15 or 30 minutes. There will most probably be an option to get a paid package to use the Wi-Fi beyond this time period. So don’t think of getting rid of your Internet connection for AAP’s free Wi-Fi.
 |
| Before Delhi Elections, this was spotted at Pragati Maidan Metro Station. (Source: Debashis Sarkar) |
2. Will the entire city be covered?
Yes. But that does not mean you will be able to connect to the network on the go. Delhi the Wi-Fi city will essentially be a city with lots of Wi-Fi hotspots. A good example is Taipei, which has one of the best public Wi-Fi systems in the world. The capital of Taiwan has over 4,000 hotspots. So essentially, the Wi-Fi in Delhi will be limited to public zones.
3. What will it cost the city?
Wi-Fi is not an expensive technology to acquire or execute. AAP MLA Adarsh Shastri says the project will cost around Rs 250 crore as they have envisaged it. The manifesto says the party has already done a feasibility study on consultation with Internet companies.
4. How long will it take?
Shastri says it will take six months from the time the contract is awarded.
5. What does AAP hope to achieve from free Wi-Fi?
The AAP manifesto says a citywide Wi-Fi can “help hugely in bridging the digital divide”. The party thinks it will also provide an “impetus to education, entrepreneurship, business, employment and also tie in with women’s safety initiatives”.
6. Can it really help women’s safety?
While the manifesto says ready access to Wi-Fi will allow the victim of an assault to reach out for help, we are not sure this will be possible unless you have coverage in all places. A lot of such attacks happen in desolate areas, which are beyond even mobile networks.
Note: All information on Group Of Oceninfo is for educational purposes only.
COMMENTS