Hacking Wireless for Identity Theft

Sunday, January 02, 2011

Robert Siciliano

37d5f81e2277051bc17116221040d51c

The ability to connect wirelessly has a lot to do with the indispensability of the Internet in our daily lives.

Wireless Internet is available in our homes, offices, cafes, restaurants, parks, hotels, airports, cars, and even airplanes.

The mobility factor allows us to work anytime, anywhere, on numerous devices. “Being connected” is at an all-time high.

Wireless Internet is amazing. But is it safe?

The short answer is: no. Wi-Fi was born to be convenient, not secure. Unsecured, unprotected wireless is everywhere. When a device connects to unprotected Wi-Fi, all the data stored on that device is available to a hacker with the proper sniffing tools.

The longer answer is: it depends on what kind of wireless we’re talking about. I’m going to speak in generalizations, since most of this is debatable and at this point, there are no absolutes when it comes to wireless security. So here we go.

Free, unsecured Wi-Fi is the least secure. Any Wi-Fi connection, whether in public, at home, or in the office, that is shared with anyone with any wireless device, lacks encryption of the data packets streaming from the connected devices.

A simple Firefox add-on called Firesheep can allow anyone with a Firefox browser to sniff out other devices using the same Internet connection, and to spy on their browser activity. Even if the victim’s login is encrypted, once they visit an unencrypted site, their data becomes vulnerable.

Home or office Wi-Fi with a WEP encryption is slightly more secure. Wired Equivalent Privacy was introduced in 1997 and is the original version of wireless network security. But WEP has been cracked, hacked, and decimated.

Home or office Wi-Fi with a WPA encryption is better. Wi-Fi Protected Access is a certification program that was created in response to several serious weaknesses researchers found in WEP, the previous system. WPA and WPA2 are tougher to crack, but not impossible.

Mobile Broadband has a degree of encryption that has been cracked, but the necessary hardware isn’t widely deployed by criminals. Researchers have demonstrated how the system can be hacked, but it’s still more secure than other options.

For the most security, use WPA2 wireless Internet from a home or office environment that isn’t internally shared. If you must go online while traveling, use your carrier’s mobile broadband and forgo the hotel or café’s free wireless.

Identity theft can happen to anyone, regardless of how they connect to the Internet.

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures).

 

Possibly Related Articles:
13675
General
Wireless Identity Theft Hacking firesheep WiFi
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.