Many professionals work outside the office when they go on business trips and meet customers. Sometimes they need to connect to the internet to send an urgent email or check an important document. Public and free Wi-Fi access points are now widespread. One can freely connect to the Internet in a shopping mall, airport, hotel, or restaurant.
This wide use of public networks gives cybercriminals a good chance to violate personal data and privacy. Without proper protection, risks deriving from Wi-Fi connections are not negligible. There are multiple hacking techniques base on the Man-in-the-Middle (MITM) approach.
Let us try to understand more about these techniques and how to mitigate data theft risks.
Spoofing is a technique that allows an attacker to create a Wi-Fi network with an SSID identical to that of the existing public network. All he needs to do is to activate the fake network, let’s say, in a shopping mall, and wait for someone to mistakenly connect to it instead of the authentic network. Once the victim gets into the trap, his data traffic will pass through the attacker’s device in a completely transparent way.
Sniffing is the natural evolution of a spoofing attack. It allows an attacker to control the whole victim’s traffic, connected to his device. In this way the attacker can discover browsing habits, personal information, session cookies, access credentials to online services, with all the related risks.
In such a scenario, attackers can easily make victims download malware onto their devices. Once the employee is back to the office, the malware can open a backdoor for the attacker to enter the corporate network.
These types of attacks do not require deep technical skills or big investments. For example, Wi-Fi Pineapple, that was born as a tool to perform penetration tests on Wi-Fi networks, costs just $150 and includes multiple features.
You should not underestimate the security risks associated with free Wi-Fi networks, as mobile devices can automatically connect to those you open. Fortunately, there are ways to avoid the traps and defend confidential personal and corporate data:
Sababa Awareness platform upskills non-IT professionals in cyber security and trains them to learn, recognize and withstand cyber-attacks.
Image by redcharlie
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_150416163_1||1 minute||Set by Google to distinguish users.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|pardot||past||The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.|
|visitor_id909942-hash||10 years||No description|
|lpv909942||30 minutes||No description|
|visitor_id909942||10 years||No description|