WIFI-EAVEDROPPING

1. What is it and its negative impact to the users?

What is WiFi Eavesdropping?

WiFi Eavesdropping can involve a hacker stealing data while on a public, unsecured wifi
network. The unsecured transmission of data allows for the theft of anything that’s
unencrypted, from passwords to files to financial information (both personal and
business-related). WiFi Eavesdropping can also be a more direct process, with hackers
setting up a phony free network, made to look like that of an official business. Users who
log in to the spoofed network are subject to the same potential theft of data. Finally, it can
also occur if hackers are able to gain password access to a protected network.

(https://thevpn.guru/wifi-eavesdropping-hackers-use-unsecured-connection/)

Also known as an “evil twin” attack, hackers perform Wi-Fi eavesdropping is a

type of man-in-the-middle attack that tricks unsuspecting victims into
connecting to a malicious Wi-Fi network.

(https://doubleoctopus.com/security-wiki/threats-and-tools/wi-fi-eavesdropping/)

NEGATIVE IMPACT TO USERs

Intercepting Your Login Credentials

Even if the hotspot you’re using isn’t a spoof but is just simply unsecured, hackers nearby
can eavesdrop on your connection to gather useful information from your activities. Data
transmitted in an unencrypted form (i.e., as plain text) may be intercepted and read by
hackers with the correct knowledge and equipment. This includes data from any services
which require a login protocol.

With the 2016 survey suggesting that 58% of public Wi-Fi users typically log into a
personal email account, 56% access social media, and around 22% actually ignore all
conventional wisdom and visit banking or financial websites, that’s a lot of login
credentials, ripe for the picking. And cyber-criminals can use captured login information
directly, to gain access to your personal accounts, or indirectly (selling credentials on to
third parties, wider scale identity theft, etc.).

Interception of Data In General

Clear text transmission of data over unsecured Wi-Fi channels leaves other kinds of
information open to interception, modification, and theft. This would include corporate
data, intellectual property, images, media files, and the content of unencrypted email or
instant messages.
Spreading Infections
Having a captive audience of unprotected users linked to the same network enables
cyber-criminals to quite easily distribute malicious software such as malware and viruses.

It’s a great way for them to lay the groundwork for a botnet of devices prior to staging a
Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack on a targeted
website or network. Being able to relay a malicious package to several victims in one
sitting is also a fine opportunity for the distribution of ransomware.

Stealing Your Bandwidth

Users and administrators of unsecured corporate wireless networks may rest
complacently in the mistaken belief that they’re safe from the attentions of malicious
outsiders. But the truth of the matter is that anyone who gains knowledge of an
unsecured private/corporate Wi-Fi network’s existence (and is close enough to connect)
may “piggyback” on the hotspot for their own purposes.

At a basic level, this may just be for personal gain, with unwanted visitors capitalizing on
the free bandwidth. On a more sinister level, multiple sign-ons from unauthorized visitors
could potentially overload the system by exceeding bandwidth limitations or the
capabilities of network hardware, in a form of DoS attack.

Using Your Network for Illegal Purposes

By the same token, intruders gaining access to unsecured Wi-Fi may use the network’s
bandwidth and resources for transactions and processes that may not damage the
network of themselves but could have legal repercussions for the network hosts.

For example, the use of a network for the transmission of hate speech, illicit materials
such as child pornography, or the movement of stolen documents and intellectual
property could be going on without the knowledge or endorsement of the network
administrators – but if the practices come to light, it’s the Wi-Fi providers who could end
up paying the consequences.

Though clearly, the dangers of using unsecured Wi-Fi are many, there are some measures
that users can take to ensure their safety.

2. What is at risk?

Personal and sensitive information

WHAT’S AT STAKE?
Once a hacker gets into your device, they can steal all your data. From photos and videos to your
bank passwords and credit card numbers and much more, hackers can cause serious damage. The
following is a list of the most popular targets for hackers when accessing another person’s device:
 Emails
 Passwords
 Documents
 Browsing History
 Login details
 FTP login details
 FTP documents
 Chat history and conversations
 Audio and Video files
 Web addresses
 VNC Sessions
 Details of Encrypted Transactions
 All Transferred Files
 VoIP Details
 All Secure Internet Pages
(https://www.bestvpnanalysis.com/wifi-eavesdropping-how-hackers-are-using-your-unsecured-
connection/)

3. How does it take place/how do we acquire it (if possible)?

To perform Wi-Fi eavesdropping, a hacker sets up a Wi-Fi hotspot near a
location where people usually connect to a public Wi-Fi network. This can be a
hotel, a restaurant or your local Starbucks. The hacker then names the hotspot
after the actual public network that people use in that location (thus the name
“evil twin”).
Since people usually set their devices to remember and automatically reconnect
to known Wi-Fi networks, as soon as they come in the vicinity of the malicious
hotspot, they automatically connect to it. The user will then think they have
been connected to the legitimate network.
Since they are acting as the gatekeeper to the internet, the attackers can now
perform a number of man-in-the-middle techniques. For instance, they can
perform SSL stripping attacks to force users to go through the unencrypted
versions of their favorite websites, or they can stage DNS hijacking to redirect
users to bogus versions of the websites they’re trying to connect to.
(https://doubleoctopus.com/security-wiki/threats-and-tools/wi-fi-eavesdropping/)

4. How do we detect it? How to avoid it?

 How to Recognize This Threat: As a business operating a network, regular scans of available
wifi networks can reveal whether a spoofed network is operating in your area. Users of public
wifi can spot an unsecured network if there is no login required to have access.

How to Prevent This Threat: Users should confirm the validity of a network before connecting.
Once on wifi, users can ensure their data is encrypted and difficult to access by using a virtual
private network (VPN). Businesses can provide VPN access to their remote employees through a
firewall, such as a SonicWall TZ300. A firewall is also the solution for a business offering wifi
access, like one with built-in wifi, such as a FortiWiFi device.
(https://www.firewalls.com/blog/security-terms/wifi-eavesdropping/)

(https://thevpn.guru/wifi-eavesdropping-hackers-use-unsecured-connection/)

5. Safety tips and precaution to avoid it from happening to you.

Managed Privacy
Keeping in mind that identity theft is one of the prime movers for Wi-Fi hacking, take
steps to broadcast as little information about yourself and your resources, as possible.

Check the privacy settings on your device, and turn off any file sharing features that could
give cyber-criminals free access to your public folders. You should restrict the kinds of
information you keep in such folders, in any case.

Restricting Device Transmissions

Beyond turning off file sharing, you should make sure that any “Network Discovery” type
settings on your device are turned off. Typically used for identifying compatible printers
nearby, these settings also allow any devices (including those of snoops and hackers) on
the network to locate yours.

Using Secure Connections

Set your browsing preferences to access websites that use secure transmission protocols
like SSL (Secure Sockets Layer) and TLS (Transport Layer Security). These are the sites
that display an https:// prefix before the web address, and a locked padlock symbol on
your browser or app window.

There are options that may be set on a site by site basis (look out for Facebook, as sessions
may start with HTTPS but switch to open transmission unless you specify Secure
Browsing in your security options). There are also dedicated browser extensions (“HTTPS
Everywhere”, and the like) that attempt to force a secure web connection with every site,
even if this isn’t their default option.

Virtual Private Networks (VPNs)

A Virtual Private Network (VPN) service or app is the centerpiece of your defenses
against unsecured Wi-Fi. A VPN imposes strong encryption on all data moving to and from
your device during each session – so even if a hacker were to intercept your connection,
they’d be hard pressed to decrypt any data they find, and much more likely to discard it in
favor of easier pickings from unprotected users.

Security Barriers
Finally, the age-old wisdom of having a well-configured firewall (corporate or personal)
filtering transmissions to and from the network, and an up to date suite of security
software (anti-malware, anti-keylogger, etc.) still holds.

With free public Wi-Fi access now a common feature at a range of gathering places – and
Wi-Fi networks providing a boost to cellphone coverage in many problem areas –
the dangers of unsecured wireless connections will continue to be a concern. But knowing
the risks and the steps you can take to eliminate them will help you negotiate safe passage
through any hotspot.

(https://www.finjanmobile.com/the-dangers-of-using-unsecured-wi-fi/)

VIDEOS:

What Is A Man-in-the-Middle Attack? - https://www.youtube.com/watch?v=DgqID9k83oQ

Secure Wireless: Eavesdropping - https://youtu.be/w1t-k-iTUPI