Despite low and mostly fixed data prices from mobile operators, there are still many people who, when given the opportunity, connect their laptop or tablet to unknown wireless networks. Better speed and being able to stay within the free amount of data that the mobile operators allow in the fine print in the terms of their subscriptions are two of the reasons. But connecting to someone else’s wireless network also carries great risks.
– The cafe with free wireless internet can give you unlimited internet access, but they can also log and try to influence the traffic, says Anders Nilsson who is a security expert at Eurosecure.
Picture: Anders Nilsson.
If you connect your phone or computer to a wireless network, the device also remembers the network, which means that it will try to connect to networks with the same name as soon as one appears. Then it is easy for someone else to take control of the traffic.
– If you are in town and someone has set up a network called “SJ”, for example, the device tries to connect to where you have connected before, even if you are not actively connecting to the network yourself.
According to Anders Nilsson, it is among the most important things to take a stand on
in terms of which wireless network you connect to check if the network is encrypted or unencrypted.
– If it is unencrypted, it means that basically anyone can see all traffic in the network, even if they are not connected to the network themselves.
– If, on the other hand, it is a password-protected network, then at least only those who are also connected to the network can see all traffic.
Risk of targeted attacks
When the traffic is intercepted, sensitive information such as password details, email content and of course browsing history can end up in the wrong hands. According to Anders Nilsson, however, targeted attacks in wireless networks are more common than pure eavesdropping. A form of targeted attack can be that the person who set up the network tries to influence the traffic in order to inject malicious code into the user in one way or another.
– The most common is to make some kind of targeted attack where you check what kind of browser the user connects with.
– If Internet Explorer is being used, you try an attack for that browser, if that doesn’t work, you try Java or Flash instead.
Avoid wireless networks if possible
Anders Nilsson’s tip to avoid the risks of wireless networks is, at least within Sweden, not to connect to them at all.
– If you can avoid it, you should do it. We have relatively cheap data traffic agreements in Sweden, so if you’re within Sweden’s borders, you’d rather use your mobile phone to connect. It is significantly safer with 3g and 4g than with wireless networks.
If, after all, you still need to connect to a wireless network, Anders Nilsson’s recommendation is to use a VPN service at the same time (see fact box on page 52).
– Either you can get your company to set up an ip tunnel so you can connect to your company’s network, or you buy a vpn service from one of the well-known and large providers of such.
– But then it’s the same thing there – you have to trust that the company that has the vpn service isn’t eavesdropping instead.l
5 dangers that threaten you who connect to unknown wifi networks
- If the network is open and unprotected, anyone, not just the person who set up the network, can intercept all traffic.
- You may be directed to fake versions of sites where, for example, password information ends up in the wrong hands.
- If you surf unencrypted sites where you log in with a username and password, this information can easily be intercepted.
- Email sent unencrypted can also be easily intercepted.
- You run a greater risk of exposing your computer to malicious code than otherwise because the person who set up the network may try to direct you to fake pages.
This is how you know if a network is unprotected
In Windows, unprotected networks are displayed with a small exclamation point next to the icon for the current wireless network. For Android phones, the network name in the list of wireless networks shows whether it is protected or not. In iOS, password-protected networks are provided with a small padlock in the list of nearby wireless networks.
Here we intercept the network traffic at Stockholms Central
At Stockholm Central Station, with over 200,000 travelers every day, we set up a wireless network where people could connect. We got an insight into what waiting people have in store…
With the aim of seeing what information we could glean from travelers’ browsing, we created a completely open and unprotected Wi-Fi hotspot using a portable wireless broadband router. To make sure that there were good reception conditions for the users of the station and the cafes, we placed ourselves on one of the benches in the middle of the large waiting hall. The power supply to the router was fixed using a large 12-volt battery. Using a laptop, connected to the wireless router with a network cable, we kept a watchful eye on devices connected to the router by monitoring the router’s web-based management system.
By simultaneously also connecting the computer wirelessly to the surf point and using the free program Wireshark, we also logged all wireless traffic in the network. It is worth noting that it is not legal to intercept traffic for the purpose of obtaining personal data or to eavesdrop on e-mails and Facebook conversations, for example.
– What applies in order for wiretapping to be permitted, if one excludes the police’s ability to wiretapping, is that regardless of whether it concerns data or telephone calls, the consent of one partner is required, says Mattias Lindberg, lawyer at IT-Advokaterna.
File sharer on the go
The Netgear router’s admin interface showed the ip addresses of the devices connected to it. At most, four users were connected at the same time during the test sessions during the two afternoons we had the network up and running.
Of the connected devices, all appeared to be laptops, judging by the fact that no connections to the mobile versions of Aftonbladet or other sites were registered on the test occasions. Based on that, we can conclude that most people who surf on their mobile phone or tablet prefer to do so via their own mobile subscription rather than using an unknown and unprotected wireless network. At Central Station in Stockholm, both mobile coverage and bandwidth capacity are good, so the need to connect to wireless networks is probably not that great for users of mobile phones and tablets.
Regarding the information we managed to extract from the logs, we found that the most visited sites were, not entirely unexpectedly, Google, SJ’s website, Facebook, Aftonbladet, Expressen and some other news sites. Streaming services such as YouTube and Netflix were also frequent. We also discovered that one of the users was engaged in file sharing via a peer to peer program, but then we abruptly cut off the connection for that user. This is because it was we who were responsible for the connection and could therefore be held accountable for any irregularities in terms of illegal digital distribution of copyright-protected material.
Checked the email
By filtering the log files for traffic through the smtp protocol, which is used to send e-mail, if we had tried, we probably could have extracted information about sent e-mails with the aim of spying on which addresses it was e-mailed to and from. Although we actually detected some smtp traffic through the router, the traffic was encrypted, which meant that even if we had tried, we would not have been able to filter out any other useful information from the traffic. l
Here is the equipment we used
A laptop with both wireless and wired network support.
Netgear MBRN3000 (wireless router).
Huawei E398 (4g modem with subscription from Tele2).
12 V battery connected to the wireless router.
Wireshark, free traffic eavesdropping software.
The router’s web-based administration interface.
10 sites the people at Centralen visited
The airport buses
The evening paper
Wireshark listens to the traffic
Wireshark is a free program that can be used to intercept network traffic. However, for the vast majority of wireless network cards, the Windows drivers are limited in such a way that it is not possible to access network packets addressed to devices other than the own device. In our wiretapping test, we therefore used the Linux variant of Wireshark.
Start the program and select which network device the program should listen to the traffic from. Enter the lines below in the filter line in the upper edge of the program window to extract specific information about the traffic you are logging.
smtp.req.parameter contains “FROM” – information about emails sent via the smtp protocol.
tcp contains facebook – filters traffic to Facebook.
http – shows information about traffic to websites.
bittorrent – shows information about bittorrent traffic.
You will find a detailed guide to the program’s many functions at wiki.wireshark.org.
This is how you protect yourself when you surf
In order to prevent someone from intercepting your internet traffic – regardless of the type of connection you use – an effective method is to set up a so-called vpn or ip tunnel between your computer and another computer, and then let all traffic go encrypted through this tunnel. The only sensible information that can be read from such a tunnel is which IP address the tunnel goes to from your computer. Cracking the encryption is theoretically possible, but in practice requires an extremely high amount of computing power.
The free Tor service not only encrypts your traffic through a tunnel – it also ensures that the traffic goes in several random steps between anonymous users who also use the service. The service is primarily intended to be used by journalists or political activists who do not want to be able to have their online activities tracked by malicious authorities or companies.
The disadvantage is that it is also very slow to surf with the service running. Each information packet that is sent can jump between dozens of servers. Also, Tor does not work with all types of data communication and each program must be configured individually to be used with the service.
Tor mobile app: Orbot: Tor on Android (Android) and Onion Browser (IOS).
Relakks is a Swedish-language vpn service that costs from SEK 38 a month to use. The service received a lot of attention in connection with the debate when the Ipred laws were introduced a few years ago. The change in law suddenly gave copyright holders the right to request information from internet operators about IP addresses and which internet subscribers these addresses belong to.
Set up your own tunnel
Perhaps the safest way to ensure that no unauthorized person or organization can take part in what your network traffic contains is to set up your own IP tunnel, for example to your computer at home or to a server on the company network. Windows 7 and Windows 8 both have built-in support for setting up a vpn server.
What is required is that you have a computer that is running when you need to connect to it and that the computer is equipped with
a constant and stable internet connection.
Protect your mobile
Both the phone and the laptop remember connections made to wireless networks and automatically try to connect to wireless networks with the same name even if you are somewhere completely different from where the original network was.
To avoid the mobile automatically connecting to various unknown wireless networks while it is in your pocket, a tip is to simply turn off the Wi-Fi connection options for it. If you need to connect to a wireless network, activate Wi-Fi again and then keep a watchful eye on which network you are actually connecting to.