Wi-Fi investigate

On the road? My seven tips for keeping hackers at bay

Hackers aren't always miles away. They can be sitting next to you waiting for the chance to get into your device and onto your network.

In a coffee shop or airport lounge, your wi-fi and Bluetooth panels can reveal how exposed we all are. Photo: Shutterstock

Written in Pentagon City, Virginia, and sent to TechRepublic from a train to London via wi-fi.

Hacking may have started with loners on a computer in a bedroom but it quickly migrated to team efforts with distributed and colocated groups doing their worst to create mayhem.

The apps and tools they developed soon appeared on websites as early examples of shared software. At first hackers concentrated on real-time access to machines and networks, but then rapidly progressed to viruses and worms, and all the forms of malware that are now so familiar.

Their next move was to go mobile with a laptop to conduct close-up operations. Illegal access via wi-fi and Bluetooth were the most popular routes into LANs, PCs, laptops and cell phones. Again, the apps and tools the hackers developed became openly available to anyone inclined to joined the dark side.

Just how exposed we all are can be quickly gauged by looking at our own wi-fi and Bluetooth panels when in a coffee shop or an airport lounge. It seems that an awful lot of people travel with their shields down, leaving their devices easily addressable.

In the latest phase we now see mobile devices - such as tablets and smartphones - used to carry out attacks on individuals and local networks. Device vulnerability has never been so high and LANs so prone.

Wi-fi linked printers, Bluetooth controllers, lax, disgruntled or frustrated IT staff who install open wi-fi hubs, and those who unknowingly, or unthinking, walk about with devices in an open-access mode are all vulnerable - and all pose significant threats.

But on top of all these weak spots, we also present low-tech opportunities to the hacker. These include: shoulder-surfing; medium-range screen capture using a camera; listening into verbal conversations; directly observing keystrokes; leaving machines and devices unattended while we visit the facilities or buy a coffee; using local wi-fi linked printers; and connecting our various devices by wi-fi.

So what can we do?

  • Keep wi-fi and Bluetooth switched off when not in use.
  • Use our devices in invisible, private or undiscoverable mode.
  • Use good security software.
  • Keep all software up to date - that includes the operating system, apps, and utilities.
  • Monitor for all connection attempts.
  • Be watchful - who is next to us and who may be watching?
  • Monitor for the latest security info and updates.

Of course, we shouldn't get paranoid about all these threats because they are manageable. But we all have to recognise the risk and we all need to improve our awareness and our IT habits to confound the enemy.

About

Peter Cochrane is an engineer, scientist, entrepreneur, futurist and consultant. He is the former CTO and head of research at BT, with a career in telecoms and IT spanning more than 40 years.

11 comments
Symantec Executive
Symantec Executive

Peter ??? great post; I enjoyed reading it and appreciate your insight. We at Symantec completely agree with your recommendation of implementing security software and ensuring that software is updated. Organizations cannot expect to maintain their security posture with old or outdated security products, particularly in this era of constantly-evolving cybercrime. Security vendors do not release new versions of technology just to generate revenue; they do so in order to provide companies with the tools needed to effectively arm themselves against cybercriminals ??? this effectiveness is significantly hindered when old technologies are used. Staying ahead of the curve in terms of technology updates is not just smart, it???s a crucial defense strategy in the current threat landscape. In addition to your list of recommendations, we would also like to highlight the importance of creating a security-aware culture within an organization. We recently conducted a poll with CSO Magazine and found that 71% of CISOs agree that people/employees are their ???weakest links??? in defending against targeted attacks -- which is why it is critical that organizations adopt a defense-in-depth strategy in addition to building a security-aware culture across all levels and departments. This approach is the only way to ensure organizations are truly mitigating the risk of a cyberattack ??? be it in the office or on the road. --- Jason Nadeau, CISSP Sr. Director, Endpoint Security & Suites Product Management Endpoint & Mobility Group, Symantec Corporation

peter
peter

Gisabun = I certainly see plenty of those - mostly other people error...but still to be avoided that's for sure. Automated wifi/3G connection software can be a bummer in this regard! Peter

Gisabun
Gisabun

Also forgot to mention WHERE you connect if you do use Wi-Fi. Watch out for those ad-hoc networks.

Michael Kassner
Michael Kassner

That arguably the most important piece of advice -- to use a security proxy service or VPN -- was not mentioned.

peter
peter

Jason = Thanks for this input - most useful! I guess we all try not to be insecure but it is in our nature to be lax. But automating things only gets us part the way there. The Cloud should help a lot! Peter

wdewey@cityofsalem.net
wdewey@cityofsalem.net

There are people who will duplicate the SSID for a known network and rebroadcast it. Then if people connect, they can sniff packets and man-in-the-middle traffic very easily. Just another thing to worry about. Bill

wdewey@cityofsalem.net
wdewey@cityofsalem.net

Using a VPN or proxy server really requires connecting to a corporate network and usually entales working. For average use I think these are a good start. Bill

peter
peter

Michael Kassner = Arguably - but I don't know of any scientific studies that give a 'pecking order' to all these threats...Peter

peter
peter

Bill = Problem is not many people understand that level of detail...and even if you warn them it seldom has any long lasting impact on their behaviours...

Michael Kassner
Michael Kassner

There are plenty of services out there that work just fine for consumers. I use one -- privatevpn -- myself.

Michael Kassner
Michael Kassner

Not sure what pecking order has to do with the fact that a VPN/Proxy server is the only true way to be secure while traveling.