Business

Stop hacking in its tracks!

It’s surprising – and shocking – just how easy it is for your smartphone or laptop to be hacked. Being aware of the risks is the first line of defence

Peterborough Cathedral’s second networking breakfast for Peterborough 900 Corporate Partners proved popular, with businesses from the region filling The Becket Chapel for a morning hosted by the Dean of Peterborough, Charles Taylor. Advanced Security Consulting Ltd. (JustASC) were the morning’s sponsors, which saw a ‘live hack’ demonstrated by founder and managing director Jay Abbott. After a short introduction it was on with the demonstration of a very common and surprisingly easy-to-execute hacking technique. The hack exploited the weaknesses within wireless communications through a ‘man in the middle attack’ – a fake wireless network that looks real and functions just like a bona fide network but that poses a threat by intercepting personal data such as usernames and passwords. ‘The fake network provided internet access but was routed through my laptop. This meant that traffic could be decrypted,’ explains Jay. ‘Your mobile device would happily connect to it and then I’d be free, in theory, to get my hands on all of your personal data!’

When you are away from home, for example staying at a hotel, avoid any network with a name such as ‘free Wifi’ – this is the default name of a particular attack

The second part of the demonstration saw the next step in the hack. With a mobile device such as a smartphone or laptop intercepted, the device can then be accessed whenever it is within range of the bogus wireless network, at any point in the future. ‘The presumption is that the user has to connect to it – that they have to physically opt into that connection,’ says Jay. ‘But it doesn’t work like that. Because wireless remembers every connection you’ve ever made, these devices will carry on broadcasting for these networks – they’ll continue to ‘beam’, or search, for them. When they do this their information’s being pushed into the airwaves.’ During the demonstration Jay listened in to the attendees’ smartphone beaming requests, forming a list of every network that every phone has ever connected to. ‘I could then have set the name of my fake wireless network to a name that your phone would recognise. It would have automatically connected to it and while it was still in your pocket I’d be free to tap into your personal details.’

The easiest way to defend against interception and attack is to use a virtual private network (VPN). Most businesses should have VPNs to get them from home back to the office without risking their data

The live hack was both fascinating and scary, as Phil Hayes, Managing Director of 2direct Ltd. remarks: ‘The live hack demonstrated to an audience of senior business executives just how exposed we are to technology crime. The most alarming realisation for me was how leaving my Wifi switched on within my mobile allowed Jay to access information that I would have thought was secure.’

You can also buy personal VPNs to secure your mobile device. VPNs work by encrypting traffic through the connection you are using – think of it as an extra layer of security on top of what’s already in place

Andy Barham, Marketing and Promotions Manager at Peterborough Greyhound Stadium, was also in attendance: ‘It highlighted how anyone with a modicum of IT skill can gain extraordinary access to personal data. At Peterborough Greyhound Stadium we are in the process of introducing free Wifi for our customers. We have taken account of the issues raised by the demonstration and will be incorporating the recommended safeguards.’

Anti-virus software is important but it isn’t enough because it is historical in nature. Anti-virus software can only protect against what it already knows about, and new viruses are constantly being created

The threat of a security breach, then, isn’t limited to larger companies; small businesses and individuals are very much at risk. And our constant need for connectivity and data consumption puts us increasingly in the firing line of such attacks. ‘The problem is we have an implicit trust relationship with what we’re connecting to. But it’s often an unknown entity,’ adds Jay. The good news is you don’t have to open the wallet too far to protect yourself. ‘Many things can be had for free or very cheaply. But if you don’t know what to get, you’re not going to be able to secure yourself. Different situations require different solutions and it’s all too easy to over complicate things. We can help with that!’

Security doesn’t have to be expensive!

The live hack demonstration is just one of a number of sessions planned for a series of networking breakfasts at the cathedral. Peterborough 900 Corporate Manager James Dyer explains: ‘At our quarterly Peterborough 900 Corporate Networking Breakfasts it is fantastic to be able to provide a platform for our corporate partners to show off their products and services to other like-minded local organisations.’

Jay Abbott and the team at Advanced Security Consulting Ltd. (JustASC) are happy to be contacted for more advice on computer security and business risk assessments. Give them a call on 0845 6437406 or visit www.justasc.net

Find out about becoming a corporate partner at the Peterborough 900 website www.peterborough900.org.uk

 

Leave a Reply

Comments are closed.

Register an Account