Something we were talking the other day in the office about was the different types of IT security concerns that are very hard to mitigate. One of those concerns was a little USB key device called a Rubber Ducky that when plugged in to a computer, can wreak all sorts of havoc. We’ve written an article and show a demo video of one of these in action. Check here to see.
.
Another common one though that’s confusing in day-to-day life is connecting to public Wi-Fi. I think most technology users in New Zealand generally have good 4G/5G connectivity through their mobile device and they would use this to tether their laptop or tablet when they travel inside NZ. When travelling overseas though where roaming costs can be expensive, we often look for a free Wi-Fi network to connect to.
.
Scenario:
You’re at a hotel overseas, or maybe an airport. You need to get on the internet at your location to check travel documents. Let’s say the provided Wi-fi network name is ACME Hotel.
You try and connect to the Wi-Fi, but it doesn’t work immediately.. I think we can all attest to trying to connect to hopeless Wi-Fi at overseas locations.
.
But,.. then you see ACME Hotel Guest or ACME Hotel Free WIFI or ACME Hotel 5G – makes sense, you try and connect to those.
.
The problem is thought, ACME Hotel Guest is not a Wi-Fi network provided by ACME Hotel. It’s a hacker sitting in the corner with their laptop advertising the ACME Hotel Guest network with the same provided password the hotel gave you. Once your device connects to this fake network, a hacker has an exclusive network connection to your device. This kind of security attack is called ‘The Evil Twin’ – An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.
.
Depending on how securely configured your device is and how up to date with regular patching is going to be a big part of what can happen next.
.
Sounds far-fetched, and you are probably not at huge risk here sitting in Starbucks on Queen Street in Auckland. Starbucks in Times Square, New York – a very different story.
.
Lucidity deploys policies across your computers and mobile devices that can reduce the risk of anything bad happening when you or your team connect their devices to a foreign network that may be trying to fool you. For more information, get in touch with our Cyber Security Consultants.