{"id":13074,"date":"2016-09-26T09:00:15","date_gmt":"2016-09-26T13:00:15","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=13074"},"modified":"2019-11-15T06:53:13","modified_gmt":"2019-11-15T11:53:13","slug":"kaspersky-secure-connection","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/kaspersky-secure-connection\/13074\/","title":{"rendered":"How criminals steal data over the air"},"content":{"rendered":"<p>Danger often comes from an unexpected direction. For example, while you are alert to pickpockets, criminals may be approaching invisibly, over Wi-Fi.<\/p>\n<p>Here\u2019s a typical scenario: Let\u2019s say you meet up with friends at a caf\u00e9 and have a bite to eat while deciding what to do next. Maybe you decide to continue on to a movie. Or a play. Or a concert. That\u2019s when you connect to an available Wi-Fi hotspot and buy tickets online. Soon after, you find your credit card has been maxed out.<\/p>\n<p>Sounds terrible, doesn\u2019t it? Wouldn\u2019t it feel fair and just to find the culprits and take them to police? OK, let\u2019s try: Do you remember that while you were enjoying your meal with friends, two young people at the table next to you had just finished yet another cup of coffee? They looked ordinary, having a quiet conversation and occasionally peering at their laptop. But what you didn\u2019t see was the special equipment in their bag, something like this:<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/LIUaZ4MXs7g?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>These people came to the caf\u00e9 not for coffee and croissants but to steal data from visitors. They created an open Wi-Fi hotspot to attract victims and got access to all traffic sent and received by the devices of anyone who connected to their hotspot. Someone logged in to an online bank and the criminals got their credentials. The couple at the next table over logged in to Instagram to post a selfie and criminals owned access to their social network. Your friend checked her corporate e-mail and \u2014 well, you see where we\u2019re going with this.<\/p>\n<p>To accomplish this kind of thievery doesn\u2019t require high-level programming skills. YouTube has more than 300,000 videos that explain how to hack Wi-Fi. Moreover, the necessary equipment is cheap \u2014 less than $100. Having received your banking and personal data, cybercriminals can <a href=\"https:\/\/www.kaspersky.com\/blog\/ominous-targeted-hacks\/11771\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">continue the attack<\/a> and gain substantial profit.<\/p>\n<h3>How it works<\/h3>\n<p>There are several ways to gather data with the help of fake Wi-Fi.<\/p>\n<p>1. <b>Sniff network traffic<\/b><br>\nA method as old as time \u2014 eavesdropping \u2014 works with Wi-Fi as well. Common plugins and apps can turn your smartphone or laptop into a <em>sniffer<\/em> \u2014 an eavesdropper \u2014 and in addition, you can purchase specialized and powerful equipment online. Thus equipped, you\u2019ll be able to intercept data transferred over the air and fish out useful files such as cookies and passwords.<\/p>\n<p>Of course, you\u2019ll need an unencrypted or poorly protected network (for example, the secured with weak WEP protocol) to listen in on other people\u2019s business. The WPA and, especially, WPA2 protocols are considered more reliable. <a href=\"http:\/\/www.pcworld.com\/article\/2043095\/heres-what-an-eavesdropper-sees-when-you-use-an-unsecured-wi-fi-hotspot.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Here\u2019s a look<\/a> at what eavesdropping looks like on hacker\u2019s end.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">8 security rules for public Wi-Fi users \u2013 <a href=\"https:\/\/t.co\/MWPhQjUUZl\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/MWPhQjUUZl<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/besafe?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#besafe<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/ittips?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ittips<\/a> <a href=\"https:\/\/t.co\/lMdRQTLdSo\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/lMdRQTLdSo<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/673881099358089216?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">December 7, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>2. <b>Create a rogue (fake) hotspot<\/b><br>\nThis is what criminals did in our example. The thing is, people place a certain amount of trust in the places we visit: For example, we trust that the food in a caf\u00e9 will not make us sick, the staff will be polite, and the Wi-Fi will be secure.<\/p>\n<p>Cybercriminals take advantage of that trust. For example, you will often see several Wi-Fi networks in hotels. They are usually created in popular places whose many visitors create too high a load for one network to serve reliably. But there\u2019s nothing to stop criminals from making a Hotel Wi-Fi 3 network in addition to the Hotel Wi-Fi 1 and Hotel Wi-Fi 2 already set up.<\/p>\n<p>3. <b>Execute the \u201cevil twin\u201d attack<\/b><br>\nIn fact, this is a variation on the previous method. Computers and mobile devices usually remember the networks they\u2019ve connected to before so that they can do it again automatically. Sometimes criminals make copies of the names of popular networks (for example, free Wi-Fi connections in coffee shops and fast food chains) to fool your devices<\/p>\n<h3>What can you do?<\/h3>\n<p>We recommend reading our <a href=\"https:\/\/www.kaspersky.com\/blog\/dangerous-public-wi-fi\/10774\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">post<\/a> that explains in detail how to use public Wi-Fi securely, but just in case, here are four must-follow rules.<\/p>\n<p>a) Do not trust unprotected networks that don\u2019t ask you to enter a password.<\/p>\n<p>b) Turn off Wi-Fi when you don\u2019t need to use it.<\/p>\n<p>c) Trim your list of remembered networks from time to time.<\/p>\n<p>d) Do not use online banks and do not log in to important sites in caf\u00e9s, <a href=\"https:\/\/www.kaspersky.com\/blog\/free-inroom-tablets\/6529\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">hotels<\/a>, malls, and other unreliable places.<\/p>\n<p>The good news is, all users of <a href=\"https:\/\/softkey.kaspersky.ru\/?prodid=722567&amp;site=642&amp;from=4697668&amp;noreg=Y&amp;clear=Y&amp;campaign=kl-ru_ru-directlink_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;referer1=kl-ru_ru-directlink&amp;referer2=kl-ru_ru-directlink_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kaspersky Internet Security \u2014 Multi-Device<\/a> and <a href=\"https:\/\/store.kaspersky.com\/store\/kaspersk\/en_IE\/buy\/productID.320809200\/quantity.1\/Currency.USD?cid=gl_socmed_pro_ona_smm__onl_b2c_kasperskydaily_lnk____ktsmd___&amp;affiliate=gl_socmed_pro_ona_smm__onl_b2c_kasperskydaily_lnk____ktsmd___&amp;_ga=1.207871825.2111903088.1454935021\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Kaspersky Total Security \u2014 Multi-Device<\/a> can protect themselves with the help of our new Secure Connection component. If you turn it on, Secure Connection will encrypt your data every time you connect to public Wi-Fi and other unreliable networks.<\/p>\n<p>You can set up this component <a href=\"https:\/\/www.kaspersky.com\/blog\/tip-of-the-week-2017-secure-connection\/12922\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">flexibly<\/a>, programming it to turn on automatically when you:<\/p>\n<ul>\n<li>connect to unreliable Wi-Fi;<\/li>\n<li>access banking and payment systems;<\/li>\n<li>purchase something online;<\/li>\n<li>use your e-mail, social networks, messaging, and other Internet communication resources.<\/li>\n<\/ul>\n<p>In all of these cases our solutions will protect you and your data!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How criminals use fake Wi-Fi hotspots to steal data, and how you can use our solutions to protect yourself.<\/p>\n","protected":false},"author":522,"featured_media":13075,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1788,7],"tags":[1738,1161,180,909,43,522,1819,97,174],"class_list":{"0":"post-13074","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-privacy","9":"category-products","10":"tag-1738","11":"tag-finance","12":"tag-kaspersky-internet-security","13":"tag-kaspersky-total-security","14":"tag-privacy","15":"tag-products-2","16":"tag-secure-connection","17":"tag-security-2","18":"tag-wi-fi"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/kaspersky-secure-connection\/13074\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/kaspersky-secure-connection\/7695\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/kaspersky-secure-connection\/7705\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/kaspersky-secure-connection\/7738\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/kaspersky-secure-connection\/9160\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/kaspersky-secure-connection\/9025\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/kaspersky-secure-connection\/13119\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/kaspersky-secure-connection\/2515\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/kaspersky-secure-connection\/6092\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/kaspersky-secure-connection\/6587\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/kaspersky-secure-connection\/5442\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/kaspersky-secure-connection\/8785\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/kaspersky-secure-connection\/12703\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/kaspersky-secure-connection\/13119\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/kaspersky-secure-connection\/13074\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/kaspersky-secure-connection\/13074\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/security-2\/","name":"security"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13074","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=13074"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13074\/revisions"}],"predecessor-version":[{"id":30143,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13074\/revisions\/30143"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/13075"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=13074"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=13074"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=13074"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}