Pub. 6 2016-2017 Issue 4

16 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S IDENTITY SAFETY ON PUBLIC WI-FI T he number of public Wi-Fi hotspots has grown expo- nentially: over 50 million locations could be found internationally in 2015, with an expectation of one hotspot for every 20 people by the decade’s close. Public Wi- Fi can be found in airports, hotels, bookstores, coffee shops, parks, retail stores, concert venues, museums, and even along the arduous trek to the summit of Mt. Everest. While this has been a boon to internet addicts everywhere trying to send business emails or upload their selfies, public Wi-Fi has become a veritable Candyland for identity thieves attempting to steal personal data. Robert Graham, CEO of Errata Security said, “If you’re using Wi-Fi in a public place and you’re not getting hacked, it’s only because there’s nobody around bothering to do it.” ABC News reported that almost 95% of public Wi-Fi traffic is unencrypted – meaning that the security on the data being transmitted out of and into your device is unsecure and sus- ceptible to infiltration by snoopers. While this doesn’t mean that every time you connect at a Starbucks you’re likely to be a victim of identity theft, it does create a huge vulnerability – especially for business travelers (link to BLOG) and other groups who rely more frequently on the service. Sowhy is PublicWi-Fi so dicey compared to a home or work network? It’s all about authentication. Where private networks require a password or WPA key and has known users (such as your family or your co-workers), public Wi-Fi has little if any password protection and can host multiple, unknown users at one time. In this environment, hackers have a number of tactics they can use to collect personal data that can be used to steal your identity. HOW IT WORKS Wi-Fi Sniffing: Technically not illegal, Wi-Fi sniffing (or “packet sniffing”) is “listening in” on the data being passed from one source to another. Sniffing has several legitimate uses, including diagnosing network issues and filtering traffic. However, a simple, free, downloadable wireless network ana- lyzer can read all of the data moving within a network – and this means that in the wrong hands, all of the emails you’re sending or the login info you’re entering can be intercepted by a criminal. The Man-in-the-Middle Attack: This is one of the most common schemes orchestrated on public Wi-Fi because it’s relatively easy to set-up and can capture all of your data, even if you’re accessing an encrypted (https://) website. Once a Wi-Fi sniffer has identified the particulars of a network, at - tackers simply set up their own private network that intercepts data between your device and the router or computer you’re attempting to access. All information flows through the pirate’s computer and your data is free to peruse. Evil Twin: More nefarious still is this attempt to create a network that looks exactly like an available network. The network name and publicly-available password are the same as a legitimate network. Sometimes, the networks are simply labeled “Free Wi-Fi”. In some cases, the connection speed or signal strength may be better, all of which encourage unsus- pecting users to logon or switch from a legitimate network – allowing the criminal to eavesdrop on all of the data being transmitted. BY DAVID BROWN, GENERALI