Security Affairs has published nine methods by which cyber attacks exploit public Wi-Fi wireless networks LANs (free Wi-Fi) . Following are ...

9 POSSIBLE WAYS HACKERS CAN USE PUBLIC WI-FI TO STEAL YOUR SENSITIVE DATA

Tuesday, February 20, 2024 0 Comments


Security Affairs has published nine methods by which cyber attacks exploit public Wi-Fi wireless networks LANs (free Wi-Fi).


Following are the 9 possible types of cyber attacks and its countermeasures. (☆ For detailed information on the attack methods, please refer to the reference link below)


1. Man-in-the-middle attack (MITM): An attack method that intercepts and alters communications between two parties in the middle. In public wireless LANs, transmitted data may not be encrypted, making it easy for threat actors to gain unauthorized access.


Countermeasures: Use https connections. Do not enter data if the browser displays a warning about the site's authenticity.


2. Fake Wi-Fi connection: A public wireless LAN environment that is nearly identical to the real one installed by the attacker. Users may unknowingly connect to the fake environment and all communications maybe intercepted.


Countermeasures: Be aware if two or more Wi-Fi access points with similar names are displayed, all but one or all may be malicious connections. If you cannot identify a secure connection, it is recommended that you ask the staff members who manages the public wireless LAN.


3. packet sniffing: A method of illegally capturing communication data packets passing through a public wireless LAN. The communication data can be saved and analyzed later. This method is not necessarily illegal in some countries or regions.


Countermeasures: Use a trusted VPN (Virtual PrivateNetwork) to encrypt all communications and ensure the websites you use have SSL/TLS (Secure Sockets Layer/ Transport Layer Security) Certificates.


4. Sidejacking (Session hijacking): Connection Hijacking using illegally obtained session information. Although authentication information such as passwords is not directly compromised, it is possible to perform various operations by pretending to be someone else.


Countermeasures: Always sign out (log out) after using online sites. Avoid leaving any active sessions, and forcibly close any sessions that you do not remember.


5. Shoulder Surfing: Sometimes, the simplest scams are most effective. Shoulder surfing involves someone watching over your shoulder as you type in passwords or other personal information.


Countermeasures: Be aware of your surroundings and who might be watching you. If you're unsure avoid entering sensitive information or use a privacy screen to block prying eyes.


6. DNS spoofing: DNS (Domain Name System) is the internet's phone book, translating domain names into IP addresses. Hackers can manipulate DNS settings to redirect your internet traffic to malicious websites, even if you entered the correct web address.


Countermeasures: Use a trusted service that provides DNS encryption or use a trusted VPN service.


7. Wi-Fi phishing: Similar to phishing scams, users are directed to a malicious Wi-Fi environment. This attack may include the fake Wi-Fi connection described as email phishing scams.


Countermeasures: Do not use public wireless LANs that require users to enter personal information.

Always verify the authenticity of Wi-Fi networks before connecting, especially in public places.


8. Rouge Access Points: Hackers can set up their own wireless access points in public spaces, posing as a legitimate hotspots. Once connected, they can monitor and capture user's data or launch attacks on their devices.


Countermeasures: Use trusted VPN service.


9. Keylogger: Keylogger are malicious software or hardware devices that record keystrokes on a computer or mobile devices. If a hacker manage to install a Keylogger on a public computer or compromised devices, they capture username, passwords, and other sensitive information entered by users.


Countermeasures: Avoid using public computers for sensitive activities like online banking or shopping or entering passwords. If you must use a public computer, consider using virtual keyboard or typeing sensitive information in a secure document and then copy/paste it into the intended fields.


Always be aware of these attacks, as attackers will use any means to steal authentication information.


Conclusion: While public Wi-Fi offers convenience and connectivity, it also presents numerous security risks. When you change your virtual location on an iPhone, computer, or any endpoints devices and hide your real IP addresses, you can protect yourself from potential security threats. However if you have no choice but to use free Wi-Fi, you can use it relatively safely by taking the above measures. You will never know when and in what form a cyber attack may occur. Therefore, we must be on high alert for attacks and take protective security measures.


It is crucial to remain vigilant and take proactive steps to protect oneself in a increasingly interconnected digital world.


Reference: Security Affairs "9 Possible ways hackers can use public Wi-Fi to steal your sensitive data."

https://securityaffairs.com/159003/security/public-wi-fi-attacks.html





0 Comments:

● Unofficial Study Notes of 20 Modules That Help You Master the Foundations of Ethical Hacking and Prepare to Take the C|EH Certification Ex...

Certified Ethical Hacker C|EHv12 Self-study Notes

Saturday, February 03, 2024 0 Comments


● Unofficial Study Notes of 20 Modules That Help You Master the Foundations of Ethical Hacking and Prepare to Take the C|EH Certification Exam


All 20 Modules in a single file:


Module01 Introduction to Ethical Hacking

https://www.ukmandal.com.np/p/module01-introduction-to-ethical-hacking.html


Module02 Footprinting and Reconnaissance

https://www.ukmandal.com.np/p/module02-footprinting-and-reconnaissance.html


Module03 Scanning Networks

https://www.ukmandal.com.np/p/module03-scanning-networks.html


Module04 Enumeration

https://www.ukmandal.com.np/p/module04-enumeration.html


Module05 Vulnerability Analysis

https://www.ukmandal.com.np/p/module05-vulnerability-analysis.html


Module06 System Hacking

https://www.ukmandal.com.np/p/module06-system-hacking.html


Module07 Malware Threats

https://www.ukmandal.com.np/p/module07-malware-threats.html


Module08 Sniffing

https://www.ukmandal.com.np/p/module08-sniffing.html


Module09 Social Engineering

https://www.ukmandal.com.np/p/module09-social-engineering.html


Module10 Denial-of-Service

https://www.ukmandal.com.np/p/module10-denial-of-service.html


Module11 Session Hijacking

https://www.ukmandal.com.np/p/module11-session-hijacking.html


Module12 Evading IDS, Firewalls, and Honeypots

https://www.ukmandal.com.np/p/module12-evading-ids-firewalls-and.html


Module13 Hacking Web Servers

https://www.ukmandal.com.np/p/module13-hacking-web-servers.html


Module14 Hacking Web Applications

https://www.ukmandal.com.np/p/module14-hacking-web-applications.html


Module15 SQL Injection

https://www.ukmandal.com.np/p/module15-sql-injection.html


Module16 Hacking Wireless Networks

https://www.ukmandal.com.np/p/module16-hacking-wireless-networks.html


Module17 Hacking Mobile Platforms

https://www.ukmandal.com.np/p/module17-hacking-mobile-platforms.html


Module18 IoT and OT Hacking

https://www.ukmandal.com.np/p/module18-iot-and-ot-hacking.html


Module19 Cloud Computing

https://www.ukmandal.com.np/p/module19-cloud-computing.html


Module20 Cryptography

https://www.ukmandal.com.np/p/module20-cryptography.html


0 Comments: