Aujas Networks Private Limited
Blog Home |Careers | Contact | Sitemap
 
   
   
 
Download
 
Aujas in the news
Aujas launches Phishing Diagnostic Services
Launches its first solution targeted towards addressing People Risk. Read More >>
  
 
Know More
Call us at +91 80-40528257 Request more  information
Call us at +91 80-40528257 Call us at +91-80-40528527
Aujas Blog Blog
Aujas Security Newsletter Security Newsletter
Aujas RSS Feeds RSS Feed
News & Events
Press
News
Events
Videos
 
Home > News & Events > News

News
Ctrl + S
31 August 2008:Youve fixed the latest anti-burglar alarm system at home, but how safe are you on the www.world? Is it that simple for a hacker to enter your virtual world through the backspace and shift the control key of your cyber identity? Manjula Sridhar shows you how to save the day.

A version of a very popular story set in Medieval times goes like this. A letter pronouncing the verdict of a criminal case was sent to the jailor ordering the release of an inmate. The scheming opponents intercepted the official and authenticated papyrus which read “Hang him not, let him go” and moved the comma one place to read “Hang him, not let him go”. Needless to say an innocent person was executed. Cut to the 21st century, the possibilities are not much different and in fact have deteriorated further due to ease of exploiting technology and lack of user awareness.

sh3At home
This (see Fig. A) can easily be done because technology doesn’t recognise humans like the treasure cave in Alibaba and 40 thieves’ story. Just as the cave allows anyone uttering ‘Khul Ja Sim Sim’ (the key), most software and networks allow access to people typing the right user name and password. Moreover, the rise of wireless means criminals can undertake all the activities from a safe distance. The modem which is your gateway to the Internet is provided by all the ISPs (Internet Service Providers like BSNL, MTNL, Airtel) comes pre-configured with Wi-Fi facility.

sh2Wi-Fi is a wireless technology very similar in intent to cordless phones and is a great boon as it allows you to use your laptop/computer in any nook and corner of the home. However, it also means that the Wi-Fi signal reaches beyond the walls of your home. Wi-Fi has a range of 300 meters and if there is no control for accessing this signal, anyone within the 300 meters range can access this.

The signal is identified by a unique ID called SSID similar to user name and an ASCII text which both acts as a password and an encryption key. SSID is broadcast and one can choose which signal to connect to. The Wi-Fi modem itself has an IP address which uniquely identifies the router to the ISP and the ISP links your home address to the router and thus providing a physical address of the router.

sh1Now here are some scenarios if the Wi-Fi modem is not secured by a strong key (imagine the cave in Alibaba’s story having the pass phrase “Is anyone there?”).

# A criminal drives (called war driving in hacking world) by your house or apartment complex, sits in the parking lot and connects to your Wi-Fi modem and uses the connection to conduct illegal activities. All Internet activities leave a trail and if law enforcement traces the activity it will lead them to the IP address of the Wi-Fi modem which is the modem in your bedroom. Naturally, you will have a nightmarish time explaining this to the police.

# A criminal connects to your modem and if you are connected at the same time can read all the messages, data transmitted and the Internet activity that you are doing. He could possibly get your email id and password, your social networking ids and worst still your bank account id and password. This is possible even if he/she is not able to connect to your modem, but simply listens to the signal and breaks the code.

# Even if there is no serious crime involved, people can use your modem for the Internet access and download huge files and you get charged for it.

# A further possibility which requires a bit more technology is taking control of the Wi-Fi router by changing the admin password and cutting you off from Internet.

Worst aspect of this is that the criminal or the person who wants to have fun at your cost need not be knowledgeable in a technology sense at all. All he/she needs is a laptop and some software to break the key and listen to the transmission. Worst still, most of the hackings tools are free and don’t need an Einstein to operate.

Here is what you should do
* Use a strong key for your Wi-Fi modem. Modems usually have three options — No Key, WEP Key and WPA key, with increasing security of the technology. Always go for WPA with a strong key. Do not choose 12345, abcde, dictionary words etc which could be easily tried by some key cracker software.

* Turn off the SSID (signal ID) broadcast which stops people from accidentally discovering the Wi-Fi signal availability. Also change the SSID if possible. Each ISP has a default SSID (Ex BSNL has WA1003A).

* Turn off the Wi-Fi modem if you are not using it. Or make sure the password and login to the modem is strong and secure.

* Make sure you live in a house with a compound extending beyond 300 meters in all directions.

There is almost no reason why one should not be following the above. These measures cost nothing and there is absolutely no tradeoff from home use perspective.

Public places
Remember your grandma’s saying “All that glitters is not gold”. Very true in Wi-Fi. (See Fig B) Be wary of using unknown Wi-Fi hot spots in public places like malls, airports and hotels. Even with valid or branded Wi-Fi hot spots make sure that they are using the right security measures. You can check this by looking at the visual depiction of the signal in your laptop with a picture of Lock and word secured displayed.

So whether it is a rouge modem or compromised modem, or a person with a laptop piggybacking on your laptop, a criminal can read the data that you are sending and accessing. Potentially depending on the activities that you are doing, a criminal can get hold of your email, bank and other login and password details, redirect you to fake sites and implant viruses in your laptop.

At the mercy of the hacker you might actually end up in one of the following situations:
  • Smaller issues such as your email being used as spam source, contracting viruses
  • Financial losses if the bank account details are lost
  • Legal mess if your online identity such as email id and password, your IP address is used for illegal activity
Safeguards while using public WiFi

Always use a trusted Wi-Fi hotspot of known service providers. Make sure that Wi-Fi hot spot is security enabled. You can go to My Network Places View Network Connection, View Available Wireless Networks to check for the security of the signal. You will need to buy the access card in most of these cases.

Turn off or disable your Laptop’s Wi-Fi if you are not using it.

sh4Hacker’s way
There are hundreds of techniques that hackers and criminals use to gather your online identity (login name and password). Proximity as in Wi-Fi access is not always a necessity. A hacker sitting in Alaska could sniff out your information by playing psychological tricks on you. It is not very different from the tricks that petty thieves employ to distract and gain confidence of the victim. Once some information about you is out there, more information could be gathered and used for criminal activities like spamming, phishing information from your friends who trust your email id, and setting up of illegal websites and other illegal account creation.

While security is never hundred percent complete it is advisable to follow the best practices below to minimize the chances of becoming a victim.

sh6 Avoid using cyber café’s for critical activities like accessing bank accounts. There are tools called ‘Key loggers’ which can potentially catch all the typed letters and store and reveal to a hacker at a later stage. If you must use public Internet for sensitive transactions use encryption websites enabled with https:// and websites with Graphical keyboards for passwords.

Use strong login and password and avoid dictionary words for password. Use password which are combinations of words, numerics and special characters like #, @, % etc.

Change critical passwords at regular intervals. Do not have same password for all your activities. Do not use default login name and passwords. Do not write down your password in computer files or anywhere else. If you do, secure the contents of the files.

Avoid using insecure Wi-Fi networks in public. Do not click any link sent by unknown people and examine the links sent by seemingly genuine origin. For example a link sent by seemingly genuine email id was abcbank.support247.com, which actually goes to support247.com rather than abcbank.com. So always check the word before com. Also the visual link (for example www.abcbank.com) is different from actual link that it takes you to. So always check the URL in the browser before entering any data.

Turn off your laptops’ and mobiles’ Wi-Fi, Bluetooth if you are not using that. Do not download software, images and other files for unknown websites. Install personal firewall and antivirus software and keep them updated.

Secure your personal Internet connection by having strong access passwords.

If you follow all this you can sing Hakuna Matata.

(The author is the co-founder & CTO of Aujas, a digital security services company)

Source: Deccan Herald
   
 
 
© 2009 Aujas Networks Private Limited. All Rights Reserved.
Terms of Use | Privacy		 About Us | Services | Solutions | Industries | Clients | Partners | Insights | News & Events