Hacker: Stay switched on when you wi-fi

Ex­pert warns of dan­gers of us­ing pub­lic con­nec­tion

7 Days in Dubai - - FRONT PAGE - By Shoshana Ke­dem @B_Shosh

It takes just sec­onds to log on to a free wi-fi con­nec­tion, but that’s all the time a cy­ber crim­i­nal needs to steal all your data.

A for­mer hacker yes­ter­day gained ac­cess to eight mo­bile phones in a mat­ter of sec­onds as part of a test to show how vul­ner­a­ble in­ter­net users are when us­ing pub­lic wi-fi.

Ja­son Hart hacked into jour­nal­ists’ de­vices in a Dubai cafe and said he would have been able to steal pass­words and on­line bank­ing pin num­bers with ease.

“For a bad guy nowa­days it’s very, very easy for them to get data - and that’s what they want, data,” he told 7DAYS.

“In to­day’s world we have data ev­ery­where in the clouds, vir­tu­ally and in phones etc. From a bad guy’s point of view, data is the new oil.”

A for­mer ‘eth­i­cal hacker’, Hart is now a se­cu­rity con­sul­tant who ad­vises com­pa­nies and in­di­vid­u­als on how to keep them­selves safe. He also showed how a tiny USB in­serted into a lap­top that had a se­cured con­nec­tion, or was not on­line, could give a hacker un­re­stricted ac­cess.

In Fe­bru­ary, the Mid­dle East Fraud Con­fer­ence was told that 2 mil­lion UAE res­i­dents were af­fected by on­line crime in 2015, los­ing a to­tal of $1.3 bil­lion.

The UAE’s high in­ter­net pen­e­tra­tion and grow­ing trend of on­line ser­vices made it the 19th most tar­geted coun­try glob­ally in 2015, in­ter­net se­cu­rity firm Kasper­sky Lab found, and the fifth most at-risk for mo­bile threats, ac­cord­ing to KPMG.

A few sec­onds spent on wi-fi in a Me­dia City cafe was all it took for Ja­son Hart to steal my iden­tity, and prob­a­bly gain ac­cess to my bank ac­count.

The for­mer hacker sets his lap­top down on a ta­ble and con­nects a gad­get that looks like a wi-fi router, with two small an­ten­nae (he asks we not name it as it’s 100 per cent le­gal to buy).

As soon I click on the wi-fi, Hart can see me and my col­leagues. Our names and phone mod­els pop up and with a sin­gle click he is soon shad­ow­ing our sys­tems.

Like an IT man­ager re­motely fix­ing your com­puter at work, he can see what you browse within a win­dow on his com­puter.

If you en­ter an email ad­dress or pass­word he can see, and key strokes are not starred out.

“So now I’ve got full con­trol of you. I can see ev­ery­thing you’re do­ing on the in­ter­net and be in­vis­i­ble,” he says. Hart can ei­ther wait for a user to log into a bank ac­count or pay a bill or try to prompt you.

“I can ex­tract your sen­si­tive in­for­ma­tion, send mes­sages to your com­puter, in­ject con­tent into your browser, all with­out you know­ing,” he says.

“In a pop-up screen, I can of­fer you free wi-fi, if you en­ter your credit card data.

“Or if you’ve been out with your de­vice, they may have cap­tured your (on­line bank­ing) pass­word al­ready from your home log-in.”

Hart, who is Chief Tech­nol­ogy Of­fi­cer at se­cu­rity firm Ge­malto, says the danger doesn’t end there. Once you log out of the pub­lic net­work and re­con­nect to a home or busi­ness wi-fi, your lap­top or phone are tricked into think­ing they are con­nect­ing to a trusted net­work, but re­ally they’re con­nected to him.

With new tech­nol­ogy such a data clouds that use one pass­word to ac­cess mul­ti­ple de­vices, it’s never been so easy for hack­ers, Hart says.

“For a bad guy nowa­days its very, very easy for them to get data, and that’s what they want, data. In to­day’s world we have data ev­ery­where in the clouds, vir­tu­ally and in phones etc.

“From a bad guys point of view, data is the new oil.”

A cy­ber crim­i­nal may not get to your bank ac­count the first time around, but they may have enough data to trace you.

Hart says they could at­tack your or­gan­i­sa­tion or busi­ness by us­ing per­sonal in­for­ma­tion or cor­po­rate data.

Hart says he ex­pects to see an up­surge of what he calls “in­tegrity at­tacks on any-sized busi­nesses in the cor­po­rate world”.

He says: “In to­day’s world, busi­nesses rely on data. They use that data to make a busi­ness de­ci­sion.

“What the bad guys will start do­ing is al­ter­ing the in­tegrity of the data.

“The busi­ness won’t know un­til years later that the data they’ve used was in­cor­rect to make a wrong busi­ness de­ci­sion.” In his cur­rent po­si­tion at Ge­malto, Hart raises aware­ness of cy­ber threats.

“If we start do­ing the ba­sics: au­then­ti­ca­tion, en­cryp­tion, and key man­age­ment this prob­lem can be solved. That is what ev­ery or­gan­i­sa­tion in the UAE should be do­ing right now.”

CAUGHT ON CAM­ERA: Hart hacks Shoshana’s com­puter and turns on Face­time, with­out her knowl­edge

Newspapers in English

Newspapers from UAE

© PressReader. All rights reserved.