How do they steal passwords, data and information within a public and open wi-fi network and how to protect themselves
Public Wi-Fi networks are very convenient for surfing for free in shopping centres, hotels, airports and other public places, using both your smartphone and laptop.Unfortunately surfing on a Wi-Fi hotspot can become very dangerous: A hacker could remain hidden in the public Wi-Fi network to steal information, data and passwords from everyone who connects to that network, even stealing the online identities of these people.
In the following guide we will show you the techniques used by hackers to steal passwords and personal data what we can do to prevent data and password theftusing public Wi-Fi networks in complete safety.
READ ALSO -> App to find free Wi-Fi and free wireless networks on the map
1) Man-in-the-middle
The attack Man-in-the-middle (MITM) is the most used to be able to intercept data and steal user passwords; With this attack, a hacker hacks into the communication line between two parties and intercepts the transmitted data without being seen.
A typical example of Man in the Middle is the one that involves hijacking a user’s connection to show him, instead of the site he is trying to use (for example Facebook or the bank’s site), an identical one, but created specifically to deceive .
A very used and simple type of Man In The Middle attack is the DNS Spoofingthe one to change the names of websites, so that, for example, by opening google.it you end up on a completely different website instead.
Anyone using public Wi-Fi is particularly vulnerable to a MITM attack since the information transmitted is generally in the clear and easily captured.
Keep in mind that a hacker only needs to have access to your email inbox to be able to access your username, password, private messages, and any other private information.
If you want to do a test on MITM attacks, refer to the article on checks LAN / Wi-Fi network security by simulating hacker attacks.
2) Fake Wi-Fi network
This is a more subtle variant of a MITM attack, also known as a “Evil Twin“; the technique involves creating an access point that captures every data that is transmitted.
It is difficult to notice, if you are using a free public Wi-Fi network, if it intercepts every data in transit, however, just as it is easy to set up this trick, it is also easy to defend yourself. If the site being accessed is HTTPS, the data sent to it is encrypted and protected even for those who want to try to intercept it, as seen in the point above.
3) Packet Sniffing
This amusing name indicates the simplest method of stealing information that passes within a network. This technique can also be experimented at home, easily within any LAN network, even non-Wi-Fi, as shown in the article on how capture packets and spy on traffic on Wi-Fi networksusing free programs like Wireshark.
Furthermore, sniffing packets on the network is not even illegal for a Wi-Fi manager, who would only need to show a warning to users, before accessing, regarding the possibility of monitoring the network before accessing. Again, no information passing through HTTPS sites can be seen by Packet Sniffing in the clear.
4) Session/Cookie Hijacking
Sidejacking is based on the collection of information through packet sniffing; in this case, however, the hacker manages to memorize some active sessions on our browsercopying everything onto your computer and your browser: in fact you will be correctly connected to the site without even having to enter a password.
The attack is very advanced and requires at least one user interaction (an infected attachment, a message opened by mistake) to be able to copy the sessions present via Trojan or browser bug; currently it is one of the most effective and difficult to stop attacks, often used for hack Facebook accounts or any other site.
5) How to defend yourself from hacker attacks
The first defense barrier that we can raise involves the activation of the HTTPS mode on all siteshelps defend against MITM attacks and its variants.
If we surf on a public network it is convenient never use the browser we use at home or at workrelying on an alternative browser (such as Opera o Firefox) launched in anonymous mode (which does not provide for the saving of access cookies).
To improve personal safety it is always convenient activate a VPN when we are connected to a Wi-Fi hotspot; for the purpose we can use both free VPN services is servizi VPN premiumbased on the amount of data to be exchanged and the speed we want to achieve.
Conclusions
Hackers can covertly locate themselves on a public Wi-Fi network and easily steal login information, personal information and credit card information. To avoid this dangerous scenario we always use a VPN when we are away from home and we follow the other recommendations proposed to prevent any hacker from stealing into our computer.
To learn more we can read our guides on how to make android more secure, virus and hacker proof come on how to browse safely on public, free or unsecured Wi-Fi networks.