#hacking #security #wifi #iphone #android
Cellphones, a tool we all use, everyone and their mother has one in their pockets. The new iPhone, the new android, the new windows mobile, or hell maybe the new blackberry (they are making a come back believe it or not). With all technology we must ask a simple question "are we secure?" Everyone knows their laptop isn't, so we have anti-virus, we have firewalls; but what about our phones? Are we over looking something small?
Short story, yes. Even in terms of laptops and tablets many of us leave quite a wide gap open, doesn't matter if its a Macbook pro, or a Chromebook, we leave one single universally flawed opening. We use WiFi. But WiFi is good though right? What is the big deal? How is using it a problem?
The problem isn't that we use it, the problem is that when we aren't using it, doesn't mean its not being used. When you get home, your cellphone connects to your home WiFi; when you get to the office your laptop joins, or when you get to Starbucks it just automatically connects you, ever curious as to why this is? It sounds like all great things, but there is an inherent flaw in this system, what happens when your phone isn't connected to any WiFi?
The phone still tries to connect, even when there is no WiFi it knows, the phone, tablet, laptop, will try to continue to connect to WiFi it knows. It wants to connect to your home WiFi with the password that matches, that's the end of the authentication process. The mobile device has no additional means of authentication, just "does it match this name, and this password", which it broadcasts everywhere. You heard me right, it broadcasts that information.
Any mobile device out in the wild will constantly shout the SSID and password trying to find one that matches, as previously stated there are no means of authentication. There is an obvious flaw with this, that being... its so damn easy to hack mobile devices. As the device screams what network to connect to at any and all times, an individual with the proper hardware can pick up on that and recreate an SSID that is known by the device.
Starbucks? ATT? McDonald's? All have WiFi that many of us connect to, same password across all of them, all a person like myself would need is a WiFi access point in a backpack connected to a real WiFi, or 4G Tower. That mobile device sees Starbucks, connects to Starbucks, and goes to town; all the data that goes through that connection gets vetted by a computer connected to the false WiFi connection, and there goes your personal identity, your credit card numbers, your Facebook account, all gone just because the mobile device wanted to connect to a WiFi it knew.
WiFi is dangerous, public and open WiFi even more dangerous, whenever you aren't at home, try to remember to turn off your WiFi and decrease the chance of your personal information going missing.
TL;DR mobile devices are dumb and will connect to any network that has an SSID and password it remembers, but doesn't require any additional authentication, which can result in all personal information being compromised, if someone makes a fake SSID and password based off of information your phone transmits.
Blogger Comment
Facebook Comment