CeBIT: Massive security vulnerability in hotel WLANs
An Android phone and a freely available web app, which is normally used to test security vulnerabilities in wireless networks is all it takes for someone to read your private emails and Facebook messages.
An employee from the Steganos server team drew the security app dSploit to our attention. The tool, which is still in the beta phase, is actually to be used by IT security experts to analyse networks to simulate attacks and to expose breaches in security. Supposedly anyone with a rooted Android smartphone could gain access to a WLAN. The app shows other smartphones, tablet computers or just those surfing the Internet through the network. And then you could supposedly read which passwords and user information would be shared.
Surfing in public WLANs is not safe and significant security risks existing with the hotspot providers, is nothing new. Years ago, the authorities and the press warned of encrypted networks and the use of secure routers. There is a general impression that this advice had been processed and any weaknesses touched up. Finally though, the operator of the WLAN, bears all the legal risk of abuse and crime.
At Steganos we have been working now for over a decade in the protection of privacy and security within the digital network. So we went to look after our colleagues and tested if a Wi-Fi could be hacked, even with something as simple as a mobile phone. Primarily: it was shockingly easy.
Equipped with a notebook and a commercial rooted Samsung Galaxy S II, onto which we had installed the app dSploit, we went on our way from the Steganos office in the Prenzlauer Berg district of Berlin, to Alexanderplatz. We decided to ask at the front desk of a hotel in the centre for a password to use the hotel’s wireless network. Although we were obviously not guests of the hotel, we got granted access by a hotel employee. We logged ourselves into the wireless network of the hotel on both our laptop and also on a well-prepared mobile phone.
In addition to the laptops and smartphones of the hotels guests, our laptop was listed, on which we had a webmail account open. Using this account we had direct access via the mobile phone. We could read the full inbox, compose and delete emails. On the computer itself this could not have been noticed until it would be too late. As you can imagine, sending joke emails to the boss, would be one of the more benign scenarios.
On the second tab, we had opened the Facebook account of a colleague. Again, taking over from our Android phone session. Again we were able to easily read and search through all their private messages. Whilst also being able to compose new messages and posts.
We could not have taken any SSL-protected session from each computer which at the same time was also on the hotel’s Wi-Fi.
You never know whether you are in danger
After having successfully conducted an experiment of Wi-Fi hacking in a café in Prenzlauer Berg, we failed the test on the WLAN of the Adlon Hotel, Starbucks and McDonald’s.
The reason that it was not possible for us to take over sessions in all wireless networks were the different routers.
The attack carried out using dSploit is called a “man-in-the-middle attack”. The software accesses data and passwords from between the computer and the routers. The router has integrated Stateful Packet Inspection, a method used to allocate transmitted date packets for each session, to which the attack is detected and blocked. Most current routers have this additional security of data transmission. Whether you are surfing as users of public WLANs over a secure or insecure router is not apparent for individuals. Also insurmountable to dSploit were pages with SSL encryption.
How do you protect yourself?
If you surf on a public wireless, you are putting your own data at risk. Our email accounts and our Facebook accounts are full of the most private information. Hackers steal our credit card details, so that they can shop at your expense. Criminals that reach sensitive information, can use us for blackmail, not to mention the disgusting feeling , when a stranger reads our secrets.
Our experiment has clearly shown that it is easy to get such information and that for the person concerned, and that whether he is currently in danger or not is unclear. The hacking of private accounts could be very damaging. Now, the CeBit hotels of Hannover will be filled with fair-goers. You should definitely think twice before you go onto a site using a wireless connection to the Internet, if you are unsure whether the connection might be at risk.
One way to protect yourself ready for CeBit: use Steganos Online Shield 365.
With just one click, the software encrypts the entire Internet connection, both wired and wirelessly – available 05.03.2013. Data transmission via a fast and secure external Steganos server in Germany, Britain, France, the U.S. and Switzerland. So you can always surf safely, even on unknown sites and possibly unsafe routers that do not have the necessary safeguards.