Hackers steal your data during your morning commute.


Image © Decorrespondent.nl

I am not the kind of person that tries to hide every trace off the internet. I am not the kind of person that refuses to use cloud based services. But I am the kind of person that browses responsibly. In order to guarantee my data is safe from people snooping around I occasionally use a VPN, and I think you should too. In my recent post[1] I’ve touched upon a difficult dilemma in current society, privacy versus security. In this post I will further elaborate on the privacy aspect of online browsing, in particular when you are on an untrusted connection.

How?

With all the talk on online security, it is surprising to see how a lot of situations with security flaws are used without hesitation. I hear a lot of complaints of individuals who worry about remarketing, done by innocent cookies. But have you ever used Wi-Fi on a train? 2 years ago Roy Verploegen posted a blog on the recent introduction of Wi-Fi in the NS trains, describing the poor quality of service. But the quality of the connection is not even the worst part. Free public WiFi connections are increasingly proven to be a privacy hazard. Hackers are able to gain access to your browsing metadata, and hijack your surfing pages[7].

Using ‘sniffer software’ hackers can ‘sniff’ through the traffic traveling to and from a wireless router to a device. This metadata can reveal identity info, including the device info of the user and server the device is communicating with. Even more vulnerable are ‘rogue Wi-Fi’ hotspots, which hackers set up at a public location[8]. These hotspots are given generic names like ‘Free Wi-Fi’ or ‘Starbucks’, often saved in the devices of the users. These hotspots redirect the internet of the users and enables them to view and alter any unencrypted data sent and received by the user. Using ‘DNS spoofing’[9] hackers can let you believe you are accessing your bank, while in reality you are giving all your info to the hacker.


Image © Norton

VPN?

VPN is a Virtual Private Network, which enables you to virtually join a local network (LAN) where you are not physically present[2]. A VPN connection can be set up on your device and as you connect with the internet, you do so through a so called ‘tunnel’ to the LAN. VPN connections are often used by companies and universities to enable users to act as if they are on the private network. This is important to ensure sensitive data does not leave the company network or to enable users to access local files and applications. VPN connections are also used for watching country restricted content[3] and hiding illegal downloads[4].

A VPN connection secures your internet connection to guarantee your data is safe. It does so by encrypting the data you are sending through the ‘tunnel’ to the network you’re virtually connected to. It establishes a connection between the server and your own device by exchanging trusted keys after logging in with your credentials. This allows you to browse completely anonymous on any internet connection, if you thrust the server.

Unlike Tor[5], your connection is encrypted to the server (exit node). Both the server and your device have the key to unencrypt your data. This allows system administrators to access your data, while externally it is completely secured. In Tor, only your device has the encryption keys. In addition, your data passes at least three servers, all with new encryption keys, until it reaches the exit node (server that sends/receives data with the internet)[6].

So..

Next time, worry less about re-marketing and worry more about your (internet)connection. As a lot of readers of this blog are students, make use of the university VPN when you treat yourself to a latte macchiato. Or, if you want to go a little more professional check out this list of the best VPN providers.

-Jurgen


[1] https://informationstrategyrsm.wordpress.com/2015/10/07/your-phone-got-hacked-by-a-nosey-smurf/

[2] http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs

[3] http://www.howtogeek.com/210614/how-to-access-region-restricted-websites-from-anywhere-on-earth/

[4] http://lifehacker.com/how-to-completely-anonymize-your-bittorrent-traffic-wit-5863380

[5] https://www.torproject.org/

[6] http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn

[7] https://decorrespondent.nl/845/Dit-geef-je-allemaal-prijs-als-je-inlogt-op-een-openbaar-wifinetwerk/25988820-b2a600e1

[8] https://powermore.dell.com/technology/hackers-use-wi-fi-steal-passwords/

[9] http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part2.html

Advertisements

Tags: , , , , , ,

4 responses to “Hackers steal your data during your morning commute.”

  1. Kuni says :

    I’ve read the article about the NS trein and it made think about “who” should be responsible for the safeguarding of the data on our personal devices that are connected to the Wi-Fi. Jurgen, my question to you is: “do you think that the individuals with devices should be responsible?” (I feel like you’re going towards that direction). I personally think that multiple stakeholder can be involved here. e.g. NS can ensure that Wi-Fi that they provide are safe, the Dutch government may perceive that it is a public duty to provide a secure internet infrastructure.. it can be the manufacturers of the Wi-Fi router.. it can be the responsibility of ISP’s.. etc.

    I want to hear your thoughts about it!

  2. hgouiza says :

    Wow! I’d rather use my mobile internet instead! People should be careful connecting to wifi hotspots nowadays. As a dutch saying: nothing is free. Normally there is always a downside. Especially when privacy is at stake. I agree with Kuni about who is responsible for the security of public wifi’s.

    Have you also read the article about a drone who steals data. It is kind a similar way to hack your phone. When a drone comes nearby, and your phone is trying to get the fastest way data, the drone acts as a wifi hotspot which connects to your phone. Then it will grab your settings/data/history/etc and stores it. This data can be used by hackers to commit credit card fraude for instance.
    (http://www.computerworld.com/article/2476048/cybercrime-hacking/flying-spy–snoopy-drone-helps-hackers-steal-data-from-your-phone.html)

    People should be more aware about leaving there wifi connector on or whether they will connect to a “free wifi spot”.

  3. Trexia Icel says :

    We can simply use vpn and enjoy surfing using free wifi. I enjoy my time using free wifi with VPN from https://zoogtv.com. People nowadays are using VPN for data security.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: