Hackers are no longer intercepting travellers` wireless connections just to intercept e-mails…
Hackers are no longer intercepting travellers` wireless connections just to intercept e-mails. They are also exploiting the technology`s weakness to steal passwords, identities and financial details.
Many business travellers now know that wireless devices are a mixed blessing. The good news is that sending e-mails and surfing the Internet without hooking up to a telephone line makes staying connected much easier.
The bad news? It also makes users vulnerable targets for industrial espionage, fraud and other crimes. It is much easier to eavesdrop on a wireless connection than a land line, says TQ3 Vice President IT Operations EMEA Sven Schiller. It can be done from as far as 1.5km away. If you are sitting in an airport lounge, it is relatively simple for someone a few seats farther along to record what you are doing if there are no protective measures in place.
Most media attention has focused on how hackers can intercept messages or monitor Web pages as they are browsed by their victims. What is less well-known is that they can also use the wireless system as a gateway to enter the victim`s hardware. Computer `geeks` might do this to send malicious viruses. However, evidence of a more professional criminal application is emerging too. Called access point phishing, it can potentially cause a lot more damage than simply losing a computer.
Phishing is the practice of obtaining a computer user`s identity, passwords and useful data, such as personal financial information. Until now, this has usually been carried out through deceptions such as luring users to log on to bogus bank websites, where they are asked to enter their password details.
Access point phishing is a new twist. Here, the hacker sets up a bogus log-in screen for a legitimate wireless hotspot. The victim tunes in to it to start communicating but the hacker sends out viruses that bring back the personal information they are looking for.
Even without this nasty development, Schiller says it is essential for travellers to be aware of wireless security and seek professional help. Speak to your IT department, he says. Each user`s needs are different.
However, there are some general precautions that will help most travellers to improve wireless security. These include the following:
- Firewall
Consider installing a personal firewall to protect yourself from attacks originating on the Internet. A firewall will filter unexpected incoming network traffic, such as automated scanners looking for weaknesses in the laptop`s configuration. MS Windows XP includes a personal firewall as standard. Other possible products are Outpost from Agnitum or ZoneAlarm from Zone Labs. - Encryption
It is always good practice to encrypt your wireless links. Speak to your IT department about this, but examples include:
- SSL (Secure Socket Layer)
As a minimum, check whether the website you are entering has SSL encryption, identifiable by the display of a key in the bottom right corner. If it does not have this, do not enter any passwords. - WPA (Wi-Fi Protected Access)
This is the new encryption protocol that is used on wireless networks. Make sure it is enabled on all your devices. Older devices carry an earlier protocol called Wired Equivalency Privacy. It can easily be broken into by a determined hacker but it may be enough to persuade them to pick on someone else first.
- SSL (Secure Socket Layer)
- Wireless card
Switch off or remove your wireless card when not using a hot spot - Risk management
- Minimise your use of hotspots where you cannot be certain who else has access to them
- Avoid using them for e-mails. Access the Internet only
- Minimise the amount of personal and confidential information you carry on your laptop
Theodore is the Co-Founder and Managing Editor of TravelDailyNews Media Network; his responsibilities include business development and planning for TravelDailyNews long-term opportunities.
