South African business executives and consumers who make use of hotspots in public areas, also known as open access points, to connect to the Internet, are putting themselves and their companies at significant risk.
They assume that these easy and convenient points of Internet connectivity are safe. What they don't realise is that it is exceptionally easy to set up a rogue access point that masquerades as a secure, trusted Internet connection. These rogue access points allow nefarious individuals to gain access to all the unassuming user's personal and sensitive information required to log into e-mail, business databases and applications, as well as online banking sites.
"When business people travel, there are many hotspots and other access points in coffee shops, hotels, conference venues and so forth that they use to easily stay in touch with the office and their families," says Hedley Hurwitz, MD of Magix Security. "Unfortunately, we are often too trusting when it comes to connecting to and transacting over open access points."
Rogue networks can seamlessly masquerade as legitimate access points while they soak up all the Internet traffic from your mobile device, including sensitive data and passwords. These bogus access points, also known as Man in the Middle attacks, deceive users into thinking they are connecting via a legitimate router belonging to the hotel or coffee shop, unaware that a fraudster has placed his equipment in the middle of the transaction. All your data now belongs to the crook.
Additionally, our mobile devices generally have many access points saved from previous connections and when we are out of range of a connection, they poll the environment to see if one of their known connections is available.
In this polling, a rogue access point can easily learn which network you are looking for and 'pretend' to be it. In this way, your device will automatically connect to a router with the correct name, but will be at the mercy of whomever is running the imposter router. All your communications will be sent over this bogus network, exposing the user to malware, identity theft and other problems.
The first step in solving these mobile risks is to switch off the ability of your mobile device to automatically connect to known access points, as well as to prevent it from remembering access points. This is inconvenient, but it is a simple and quick way to enhance your security.
Secondly, never conduct sensitive activities such as Internet banking over open networks, no matter how secure you think you are. The simple fact of being open to the public means these access points are not secure and are easy prey for criminals and even teenagers having fun with some software they found online. Personal mobile network devices, where a 3G connection must be established directly between you and the service provider, are therefore much better suited to confidential online transacting when you are out of your secure environment.
"Naturally, this is not all you need to secure your mobile activity, but it's a start and will decrease your risk," adds Hurwitz. "Once you've done the simple things, you can look at technology for an additional security boost."
Share