Web surfers can fall prey to hackers by logging onto fake wireless networks, according to security specialists CRYPTOCARD.
At Infosecurity Europe, one of Europe’s largest information security forums, Jason Hart, ex-ethical hacker and EMEA managing director at CRYPTOCARD demonstrated how hackers could steal personal data and credentials through a rogue Wi-fi connection.
A fake wireless network named ‘Free Infosec Wifi’ was set up and despite the large number of security experts attending the conference, Hart revealed that a staggering 143 users of tablets, smartphones and laptops had connected to the ‘network’ in just a few hours.
“We’re at a security conference and everyone here should be taking security seriously,” Hart said. “This is a pretty astonishing result and the implications are huge.”
A live ‘wijacking’ experiment was then undertaken by changing the name of the fake wireless hotspot to ‘BT Openzone free’, which Apple iPhones automatically connect to as their default setting.
Hart revealed the ease of illegally harvesting details using Cain software, which can be downloaded for just £30.
Once the user had started surfing on secure sites needing log-in passwords, these and other secure information could be instantly downloaded by hackers.
“Every single piece of information that goes across the rogue wireless hotspot can be hacked into,” he said.
“All the user names, passwords, credit card details – everything is exposed.”
Hart told E&T that unsuspecting users logging onto insecure networks was a common problem and had earlier that day conducted an experiment at St Pancras railway station where 22 people had accessed his rogue wireless hotspot in just two minutes.
“There’s a huge demand for internet connectivity,” he told E&T. “Users cannot be disconnected from the internet, and when they see a free unsecure network they believe it’s the real thing and connect to it.”
It is impossible to tell the difference between a fake network and a real one, he added.
“Hackers are after a number of things, namely the user name and password. The solution is two factoral authentication where the system generates a one-time password.”
CRYPTOCARD’s solution is their new product BLACKSHIELD Cloud which they say is the world’s first “authentication-as-a-service” offering the same security as an on-site authentication server.
BLACKSHIELD Cloud provides users on networks, cloud and web applications, Windows and Unix logons, with secure access from a single point of control.
It is an upgrade and update of their previous BLACKSHIELD Server solution which allows authentication to be hosted in-house.
“The BLACKSHIELD suite is the technical fulfillment of our vision of making strong authentication a commodity, and represents a true paradigm shift for authentication,” said Neil Hollister, CEO of CRYPTOCARD.
“It’s no longer a question of whether strong authentication is needed – but rather what’s the best way of deploying it.
“The BLACKSHIELD suite takes strong authentication out of the niche and into the mainstream, allowing enterprises, channel, service providers and systems integrators to utilise cost-effective strong authentication across applications and clients.”