It’s Easy to Get Hacked: Just Connect to Fraudulent Wireless Hotspots

By Cornelius Rahn and | March 3, 2015

If anyone attending the Mobile World Congress in Barcelona this week doubts how easy it is to hack smartphones and tablets, Filip Chytry and his team plan to set them straight. By hacking into their devices.

Chytry’s company, Prague’s Avast Software s.r.o., is setting up a faux-fraudulent wireless hotspot at its booth that will let the company’s staff and onlookers track the online activity of any device that connects.

The site will let Avast capture passwords, messages and other information people type on the websites, and Chytry can even create dead ringers for Gmail or Facebook sign-in screens — down to the little green padlock icon that indicates a secure connection — that lull people into a sense of safety. While the data will not be stored, Chytry said, the experiment demonstrates how vulnerable mobile devices are to cyber crooks.

“People can see what can happen if they use free networks in pubs, restaurants or elsewhere,” said Chytry, a security researcher at Avast who helped design the exhibit. “It will show them that this is a real problem.”

Mobile devices have long overtaken personal computers as the main gateway to the Internet, but few consumers or even companies have given much thought to securing them. They’re always on, constantly used, and weakly protected, inviting hackers to find ways of exploiting their vulnerabilities.

Sensitive Data

Adoption of defense measures for mobile devices has suffered from the tendency of users to value convenience over security. And as the machines become more central in people’s lives, they handle ever more sensitive data, from calendars to bank information to social network feeds.

Almost a quarter of mobile devices are exposed to at least one security threat after 30 days online, according to SkyCure Ltd., an Israeli wireless security company. That rises to more than two-fifths after four months. Some 7 percent of U.S. Android users were hit by malware last year, up from 4 percent in 2013, according to a study by Lookout Inc.

“There is growing awareness and concern about the vulnerability of mobile devices,” said Yaron Blachman, director of cyber and technology consulting in Israel at consultancy PwC. “We see it at every company we work with.”

Mobile World Congress, the world’s biggest wireless show, is particularly risky. Trade shows offer criminals ideal conditions for scooping up information about what attending executives say, write and do behind closed doors, according to people paid to expose security gaps. As attendees scramble to pitch their products or transfer data to facilitate a deal, they may be tempted to work around their company’s protective umbrella.

‘Darkhotel’ Scheme

Russian security firm Kaspersky Lab in November uncovered a scheme it called “Darkhotel.” Over at least two years, criminals fooled guests at Asian luxury hostelries into believing they were connecting to the venue’s official network. The crooks used that access to upload malware, disguised as benign updates, which let them steal passwords and other private information.

It’s almost certain that this kind of attack will be used in Barcelona, said Jayson Street, a security tester for Pwnie Express, a Boston company that sells devices to detect illicit network equipment. Street said attackers often set up their equipment before a conference opens, targeting the show floor as well as after-work locations such as bars and clubs.

Celebrity Nudes

“The attacker doesn’t have to be in the same room, or even the same building,” said Street, who has snuck into offices and hotels from Lebanon to Las Vegas to place cyber bugs, to show what gaps need to be plugged. With a tiny antenna “I’ll be able to attack from a mile away. Police can go through the hotel looking for the bad guy, but I’m somewhere across the street or even further away.”

Defcon, a hacker conference where Street frequently speaks, features a “Wall of Sheep” that points out attendees who have inadvertently exposed their data. And Israeli startup Coronet Security says it’s likely that celebrity nude photos shared via the Web last year were stolen when the victims connected to a wireless network at the Emmy Awards.

The threat goes beyond Wi-Fi. Gemalto NV, a Dutch maker of mobile SIM cards, last week said Britain’s Government Communications Headquarters and the U.S. National Security Agency probably broke into its network in 2010 and 2011 to steal encryption keys that would let them listen in on phone calls.

2G Protection

Because of the huge amount of wireless traffic generated by the 80,000-plus people crowding the Barcelona fair, some of that will be handed over to older 2G networks, which feature voice and messaging encryption that’s almost 30 years old and can be cracked within seconds, said Karsten Nohl, founder of SR Security Research Labs GmbH in Berlin.

Even 3G or 4G networks, which feature tougher security locks, can be risky. For instance, when people roam abroad, the host carrier asks the user’s home provider for the encryption key associated with an account to complete the communication. But such requests can be sent from any network provider, and most carriers don’t verify whether they are legitimate, sometimes providing them to criminals, according to Nohl.

“Mobile security is treated like security in the early days of the car,” said Nohl. “Nobody thought about seatbelts or airbags as long as every generation of cars was faster and cooler than the last one.”

Was this article valuable?

Here are more articles you may enjoy.