Advisory

Kolkata police warns against unsecured WiFi networks

In view of the recent high alert issued regarding the probable terror strike in and around Kolkata by Indian Mujahedeen Group, Kolkata Police would like all its citizens to be alert on securing their wi-fi connection. There remains a big security risk if citizens do leave their wi-fi connection unsecured or use a free public wi-fi network. In fact this tendency on part of few netizens was very cleverly used by this particular group in sending mails to claim responsibility of terror attacks. Users must password protect their home wi-fi connection, otherwise these are likely to be used by criminals.

There is also risk in using "free" public wifi networks. What most users do not know is that systems like Windows Vista automatically prompt the user to accept or decline connections to available wireless networks. Naturally, most users will choose to connect to the 'Free WiFi' access point, which may unknowingly connect them to a hacker's computer--a computer-to-computer connection--rather than a direct connection to the airport's official wireless access hub. To make matters worse, the SSID's (network names) of wireless networks you've joined before are saved on your system. Your PC will automatically log on to any network with that saved name. So if a hacker offers a name familiar to you, he's just created a clear path to fraud.

Users who connect to these "free" networks are at great risk of experiencing a "channeling" attack. "Channeling" is a common practice used by hackers and identity thieves to conduct man-in-the-middle attacks, with the objective of stealing user names, passwords, and other sensitive data transmitted by the user. The practice is disturbingly simple to carry out: By setting up an unauthorized access point in an airport lounge, hackers can easily trap passwords and other information without the user's knowledge.

With a large number of Windows XP devices configured to connect automatically to ad-hoc networks, it is possible that a purpose-built 'WiFi worm' could be used by criminals to infect laptops as they pass through highly-trafficked WiFi hotspots, such as airports. This trend will undoubtedly raise concerns among security administrators, as it is highly likely, given the large percentage of non-updated computers, that these road warriors will bring these infections back to the office with them, or infect other wireless users in their travels.

What can you do? Here are some basic tips for protecting yourself in public WiFi environments:

• Before connecting to a network, look around and locate a sign that advertises the network you are connecting to and verify that the network name (SSID) you are connecting to is a legitimate service.
• Shut off your wireless card if you're not planning to connect to the Web or another machine. It will protect you from intrusion and save your battery life.
• Beware of the information you share in public locations. Even seemingly innocuous logins to Web-mail accounts could give hackers access to get into your more important data, since most people utilize the same password with a few variants for almost all online activities.
• Utilize a VPN whenever possible to encrypt your data, and stronger tools if you need to conduct secure transactions.
• Turn off shared folders. If you join a malicious network, a hacker could easily load a malicious spyware agent to follow you even after you leave the public location.
• Run a comprehensive security suite and keep it up to date to prevent spyware and viruses.