Hacker: Stay switched on when you wi-fi
Expert warns of dangers of using public connection
It takes just seconds to log on to a free wi-fi connection, but that’s all the time a cyber criminal needs to steal all your data.
A former hacker yesterday gained access to eight mobile phones in a matter of seconds as part of a test to show how vulnerable internet users are when using public wi-fi.
Jason Hart hacked into journalists’ devices in a Dubai cafe and said he would have been able to steal passwords and online banking pin numbers with ease.
“For a bad guy nowadays it’s very, very easy for them to get data - and that’s what they want, data,” he told 7DAYS.
“In today’s world we have data everywhere in the clouds, virtually and in phones etc. From a bad guy’s point of view, data is the new oil.”
A former ‘ethical hacker’, Hart is now a security consultant who advises companies and individuals on how to keep themselves safe. He also showed how a tiny USB inserted into a laptop that had a secured connection, or was not online, could give a hacker unrestricted access.
In February, the Middle East Fraud Conference was told that 2 million UAE residents were affected by online crime in 2015, losing a total of $1.3 billion.
The UAE’s high internet penetration and growing trend of online services made it the 19th most targeted country globally in 2015, internet security firm Kaspersky Lab found, and the fifth most at-risk for mobile threats, according to KPMG.
A few seconds spent on wi-fi in a Media City cafe was all it took for Jason Hart to steal my identity, and probably gain access to my bank account.
The former hacker sets his laptop down on a table and connects a gadget that looks like a wi-fi router, with two small antennae (he asks we not name it as it’s 100 per cent legal to buy).
As soon I click on the wi-fi, Hart can see me and my colleagues. Our names and phone models pop up and with a single click he is soon shadowing our systems.
Like an IT manager remotely fixing your computer at work, he can see what you browse within a window on his computer.
If you enter an email address or password he can see, and key strokes are not starred out.
“So now I’ve got full control of you. I can see everything you’re doing on the internet and be invisible,” he says. Hart can either wait for a user to log into a bank account or pay a bill or try to prompt you.
“I can extract your sensitive information, send messages to your computer, inject content into your browser, all without you knowing,” he says.
“In a pop-up screen, I can offer you free wi-fi, if you enter your credit card data.
“Or if you’ve been out with your device, they may have captured your (online banking) password already from your home log-in.”
Hart, who is Chief Technology Officer at security firm Gemalto, says the danger doesn’t end there. Once you log out of the public network and reconnect to a home or business wi-fi, your laptop or phone are tricked into thinking they are connecting to a trusted network, but really they’re connected to him.
With new technology such a data clouds that use one password to access multiple devices, it’s never been so easy for hackers, Hart says.
“For a bad guy nowadays its very, very easy for them to get data, and that’s what they want, data. In today’s world we have data everywhere in the clouds, virtually and in phones etc.
“From a bad guys point of view, data is the new oil.”
A cyber criminal may not get to your bank account the first time around, but they may have enough data to trace you.
Hart says they could attack your organisation or business by using personal information or corporate data.
Hart says he expects to see an upsurge of what he calls “integrity attacks on any-sized businesses in the corporate world”.
He says: “In today’s world, businesses rely on data. They use that data to make a business decision.
“What the bad guys will start doing is altering the integrity of the data.
“The business won’t know until years later that the data they’ve used was incorrect to make a wrong business decision.” In his current position at Gemalto, Hart raises awareness of cyber threats.
“If we start doing the basics: authentication, encryption, and key management this problem can be solved. That is what every organisation in the UAE should be doing right now.”
CAUGHT ON CAMERA: Hart hacks Shoshana’s computer and turns on Facetime, without her knowledge