Earlier this week I was involved in a conversation that questioned how hard it is to hack a public wifi.
The ‘security expert’ explained that, anyone with the right equipment, could easily sit in a public place and either offer a free wifi service packaged to look legitimate and steal the information that travelled across it, or just collect information from the devices in the location were offering in a bid to connect. Asked if a child could do it, he said yes, but hopefully they wouldn’t think to do it.
That was the take away for me – the difference between security and insecurity is imagination?
Believe you can …
It never fails to amaze me how creative criminals can be when looking at new and inventive ways to use technology to further their careers!
For example, today there is a campaign being run by NatWest to alert people to how fraudsters are duping them into handing over sensitive data and even credit and bank cards.
The crux of the scam is that the criminal is able to hold a phone line open, even when the victim hangs up, they then simply play a recording of a ‘dial tone’ and ‘ring tone’ so that the person believes they’re calling the number printed on the back of the card, legitimising the scam, and following what they believe are genuine instructions – including handing over the card to a ‘courier’.
Pure genius – and very frightening!
… and you’re halfway there
The fact is that, at any one time, there will be a chink in defences – for an organisation it could be a known weakness that’s waiting to be patched, or a zero-day vulnerability waiting to be discovered.
Criminals know this and use it to their advantage. While IT is focused on locking a door, the hacker is testing the windows, the walls and anything else that will make the door redundant. Similarly, what doesn’t work today may work perfectly tomorrow and a good hacker will lie in wait for the opportunity to present itself.
To be certain that the security controls employed are effective the obvious options must first be tried, and then all the alternatives exhausted.
Going back to hacking public wifi – you don’t need me to tell you it’s very simple indeed, some might even say ‘child’s play.’ The only reason more children aren’t arrested for cracking codes and stealing credit card details is they simply don’t think to do it – they’re too busy believing they’re going to grow up to be a super hero! But if they did.
Till next week, stay safe.