Photo: Lionel Bonaventure (Getty Images)

Among the sprawl of properties in the Facebook family, WhatsApps perhaps the only one thats preached preserving user privacy and actually followed through. But that hasnt stopped bad actors from finding new ways to spy and snoop without the platformsor any userssay-so.

As a new investigation from Business Insider details, apps promising to probe the platformand its usersfor sometimes sensitive intel have come cropping up across the Apple and Android ecosystems. And while this might not be a great look for a trio of companies that have spent the past year trying to one-up their promises to protect their users privacy, none of them appear too motivated to snuff out this new form of stalkerware.

Its worth clarifying here that these apps arent magic. WhatsApps spent the past six years staunchly setting end-to-end encryption as the default for all messages sent over its pipes. And save for the occasional oopsie, that encryption does its job, which means that no third party is going to decipher the messages or pictures being sent back and forth over the platform unless they can actually get their hands on your physical device and pump it full of malware.

Instead, these stalkerware services seem to rely on the one public-facing bit of user information that WhatsApp actually allows to be accessed: an innocuous widget that notifies users when someone is on the app or off. Its a ho-hum piece of data thats typically used to know, say, whether your uncle overseas is around for a call. But data, even tiny breadcrumbs like this, never exists in a vacuum, which is why its a disappointing inevitability that something so simple could be used for tracking something like when your ex-girlfriend is sleeping.

The way this sort of sorta-stalkerware operates is pretty simple. A person just downloads one of these apps and plugs in the phone number of the other person theyre looking to track, and then that phone is monitored round the clock for any online or offline signals. Over the next few days, weeks, or months, this builds up a pretty good picture of the targets typical schedulewhen theyre waking up, when theyre sleeping, and when theyre most likely to be hanging out in-app. Some of the apps Business Insider dug up bragged about the ability to track whether or not two contacts were likely to be talking to each other at any given time, based on how often theyre online simultaneously. Naturally, this all happens without that targets consent.

G/O Media may get a commission

The efficacy of these apps is questionable, given that this single bit of Whatsapp data is binary: either the app is open or not, theres not idle state. People who choose to leave Whatsapp open while not actively texting or calling are, in a way, foiling this script kiddie-level stalkerware by transmitting functionally incorrect data. Still, the fact that anyone would want to snoop on strangers this way and that a willing network of enablers would build the tools to let them, regardless of the validity of their findings isto use the technical termfucking gross.

Some of these apps sneak manage to slide by under the guise of being handy tools to monitor whether your kids are getting up to some funny business when theyre not supposed to be, while others are more upfront about exactly how slimy they are. One of the webpages for the programs that Gizmodo found pitches itself as a way for parents to get notifications about their kids whereabouts even if they block you, while elsewhere describing how the same could be done for your friends, lover, [or] wife. Another app found in the initial report is even more explicit about what its there to snoop on:

Something is up. Maybe your significant other keeps texting under the covers late at night or taking suspicious trips to the bathroom at all hours with their phone in their hand. Maybe one of your employees is acting strangely every time you catch them sending a Whatsapp message during work hours, and you want to know what it is theyre sending. Or perhaps its even your teenager, who has been refusing to tell you who theyve been sending messages to in the dead of night and why theyre staying out so late after school. Either way, something isnt right, and you know it.

WhatsApp reps told Business Insider that the platforms terms bar this sort of tampering outright, and that the company [requests] that app stores remove apps that abuse our brand and violate those terms in the process. They also confirmed that disabling the online notification for a given user is functionally impossiblemeaning that theyre offering little protection beyond this sort of verboten tampering beyond politely asking Apple and Google to knock it off.

Meanwhile, both app store companies are stuck in a game of whack-a-mole with these programs as they arise. Thus far, it looks like theyre each doing a fairly shitty job: while Google does take its policies prohibiting ads or promotions for spyware pretty seriously, those policies are lackluster at best, with the latest update explicitly allowing this sort of tech if it was marketed to parents, rather than jealous exes. Apples own policies touch on malware, but not spyware, which means these apps are also free to proliferate across that ecosystem.

In other words, it seems like all of these companies have regarded this gross invasion of privacy as something thats either entirely kosher, or just not their problem to solve. Were reached out to Whatsapp, Apple, and Google for comment and will update if we hear back.

Read the original here:
WhatsApp's Encryption Hasn't Kept It Safe From Stalkerware - Gizmodo

The big news this week is the huge flaw in Microsofts Active Directory, CVE-2020-1472 (whitepaper). Netlogon is a part of the Windows domain scheme, and is used to authenticate users without actually sending passwords over the network. Modern versions of Windows use AES-CFB8 as the cryptographic engine that powers Netlogon authentication. This peculiar mode of AES takes an initialization vector (IV) along with the key and plaintext. The weakness here is that the Microsoft implementation sets the IV to all zeros.

Its worth taking a moment to cover why IVs exist, and why they are important. The basic AES encryption process has two inputs: a 128 bit (16 byte) plaintext, and a 128, 192, or 256 bit key. The same plaintext and key will result in the same ciphertext output every time. Encrypting more that 128 bits of data with this naive approach will quickly reveal a problem Its possible to find patterns in the output. Even worse, a clever examination of the patterns could build a decoding book. Those 16 byte patterns that occur most often would be guessed first. It would be like a giant crossword puzzle, trying to fill in the gaps.

This problem predates AES by many years, and thankfully a good solution has been around for a long time, too. Cipher Block Chaining (CBC) takes the ciphertext output of each block and mixes it (XOR) with the plaintext input of the next block before encrypting. This technique ensures the output blocks dont correlate even when the plaintext is the same. The downside is that if one block is lost, the entire rest of the data cannot be decrypted Update: [dondarioyucatade] pointed out in the comments that its just the next block that is lost, not the entire stream. You may ask, what is mixed with the plaintext for the first block? There is no previous block to pull from, so what data is used to initialize the process? Yes, the name gives it away. This is an initialization vector: data used to build the initial state of a crypto scheme. Generally speaking, an IV is not secret, but it should be randomized. In the case of CBC, a non-random IV value like all zeros doesnt entirely break the encryption scheme, but could lead to weaknesses.

Netlogon, on the other hand, uses a Cipher FeedBack (CFB8) mode of AES. This mode takes a 16 byte IV, and prepends that value to the data to be encrypted. The basic AES operation is performed on the first 16 bytes of this message (just the IV). The first byte of the output is XORd with the 17th byte of the combined string, and then the 16 byte window slides one byte to the right. When the last byte of the plaintext message has been XORed, the IV is dropped and the process is finished. The peculiar construction of AES-CFB8 means that a random IV is much more important to strong encryption.

Remember the actual flaw? Microsofts implementation sets that IV value as all zeros. The encryption key is generated from the password, but the plaintext to be encrypted can be specified by the attacker. Its fairly simple to manipulate the situation such that the entire IV + Plaintext string consists of zeros. In this state, 1-in-256 keys will result in an all-zero ciphertext. Put another way, the 128-bit security of AES is reduced to 8-bit. Within just a handful of guesses, an attacker can use Netlogon to authenticate as any user.

Microsoft has patched the issue in their August security updates. While its true that exploiting this issue does require a toehold in a network, the exploitation is simple and proof of concept code is already available. This is definitely an issue to go patch right away.

Via Ars Technica

Few security truisms are as universal as Enable two factor authentication. There is a slight gotcha there. 2FA adds an extra attack surface. Palo Alto found this out the hard way with their PAN-OS systems. With 2FA or the captive portal enabled, its possible to exploit a buffer overflow and execute code as root. Because the interface to be exploited is often exposed to the public, this vulnerability scored a 9.8 critical rating.

Magento is an e-commerce platform, owned by Adobe since 2018. To put that more simply, its a shopping cart system for websites. In the last few days, it seems that nearly 2,000 Magento v1 instances were compromised, with a digital skimmer installed on those sites. The rapid exploitation would suggest that someone had a database of Magento powered sites, and acquired a zero-day exploit that could be automated.

Its been the fodder of pundits and politicians for years now, to talk about hacking elections, particularly by a particularly large country in northern Asia. Be it bravery or foolishness, were actually going to take a brief look at some real stories of political hacking.

First up, A trio of Dutch hackers managed to break into Donald Trumps twitter account back in 2016, just before the election. How? The same story were all familiar with: password re-use and a LinkedIn database dump. Fun fact, Donald Trumps favorite password was yourefired.

A successful break-in is often accompanied by a moment of terror. Did I do everything right, or am I going to jail for this? Its not an unfounded fear. Breaking into a corporation is one thing, but what happens to the guys that hacked the president of the US? The moment their long-shot attempts paid off, they went into defensive mode, and documented everything. Once they had their documentation safely secured, an email was sent off to USCERT (United States Computer Emergency Readiness Team) informing them of what was found. Our Dutch friends havent been arrested or disappeared, so it seems their responsible disclosure was well received.

In a similar story, a former Australian prime minister posted a picture online containing his boarding pass, and a resourceful researcher managed to use that information to recover his passport and telephone number. Did you know that a boarding pass is considered sensitive information? To authenticate with an airline, all that is needed is a last name and matching booking reference number. This gets you access to a very uninteresting page, but when you have access to 1337 hackor tools (like Google Chromes page inspector), the sky is the limit. Apparently the Qantas website backend was sending everything in the database about the given customer, and only a few bits of that information was being shown to the user. Far more information was just waiting to be sniffed out.

The whole story is a trip, and ends with a phone call with the politician in question. Go read it, you wont regret it.

[Dr. Neal Krawetz] runs a TOR hidden service, and found himself the victim of a DDoS attack over the TOR network. He called up a friend who did network security professionally, and asked for help. After reading out half of the public IP address where the hosting server lived, his friend told him the rest of the address. Lets think through that process. Hidden TOR service under attack, someone with access to a big enough Network Operations Center (NOC) can tell what the Public IP address of that service is. This is a fundamental break in TORs purpose.

In retrospect, its pretty obvious that if you can watch traffic on a large chunk of the internet, or enough of the TOR nodes, you can figure out what service is running where. The surprise is how small the percentage needs to be, and that there are already companies (and certainly three-letter agencies) that casually have the capability to make those connections. [Krawetz] calls these flaws 0-days, which is technically correct, because there are no real mitigations in place to protect against them. Really, it should serve as a reminder of the limitations of the TOR model.

Read the rest here:
This Week In Security: AD Has Fallen, Two Factor Flaws, And Hacking Politicians - Hackaday

Global Data Encryption Market is enduring an exacting period with its robust growth coming to an abrupt halt in light of the COVID-19 pandemic. MRFR report on Data Encryption Industry highlights the future prediction and the growth alternatives that can be created

The global data encryption market is expected to exhibit strong growth over the forecast period till 2023, according to the latest research report from Market Research Future (MRFR). The report presents a detailed overview of the global data encryption market by profiling the historical data about the market and providing detailed forecasts regarding the markets likely growth trajectory over the forecast period. Primary as well as secondary data about the market is presented in full detail in the report. Future forecasts for every aspect of the global data encryption market are presented in detail in the report. Leading players in the global data encryption market are also profiled in detail in the report. The report also profiles the impact of the global COVID-19 pandemic on the global data encryption market.

Leading Players in Global Data Encryption Market Include:

FireEye Inc., Vormetric Inc., Gemalto, Netapp Inc., Oracle Corporation, Intel Security, HP, Symantec Corporation, Microsoft Corporation, and IBM Corporation.

Covid19 Pandemic Crisis on Data Encryption Market with Complete Table of Content and Free Sample at:

https://www.marketresearchfuture.com/sample_request/1733

Data encryption is the process of converting data from a readable format to an encoded format which can only be deciphered with a decryption key. Data encryption protects the data in a fairly simple manner and provides data security for data transferred over networks. The growing threat of data breaches and cyber attacks in the modern world has been the major driver for the global data encryption market over the last few years. Thousands of organizations across various sectors have been attacked digitally over the last few years, with the complexity of cyber attacks increasing over time. With increasing refinement in cyber protection tools, cyber attackers have improved their sophistication, with increasingly sophisticated cyber attack tools being used to breach networks and gain confidential information. This has led to a growing demand for data encryption protocols over the last few years.

The BFSI sector has emerged as a major end user of data encryption tools over the last few years. The increasing adoption of online and mobile banking has led to a growing demand for data security tools in the BFSI sector. The convenience of online and mobile banking comes at the price of the online information being prone to attacks from cyber attacks. This has led to a growing demand for data encryption technology from the BFSI sector. The increasing complexity of online and mobile banking operations has made data encryption technology a must-have for BFSI entities. This is likely to remain a major driver for the global data encryption market over the forecast period. The defense sector has also been a major end user of data encryption technology over the last few years.

Segmentation:

The global data encryption market is segmented on the basis of method, deployment, organization size, end user, and region.

By method, the global data encryption market is segmented into symmetric and asymmetric. Symmetric data encryption uses the same key to encrypt and decrypt the data, whereas asymmetric data encryption uses a different key to decrypt the data. This makes asymmetric data encryption more secure than symmetric data encryption.

By deployment, the global data encryption market is segmented into cloud and on-premise. The demand for cloud data encryption technology is increasing due to the increasing usage of cloud architecture for data storage in the commercial sector.

By organization size, the global data encryption market is segmented into large organizations, and small and midsized organizations.

By end user, the global data encryption market is segmented into government, BFSI, healthcare, manufacturing, automotive, IT and telecom, aerospace and defense, and others.

Regional Analysis:

North America is likely to dominate the global data encryption market over the forecast period due to the presence of several leading players in the region. Awareness about data security protocols is also high in the region, leading to a growing demand for data encryption technology.

Asia Pacific is expected to exhibit the highest growth rate over the forecast period.

Table of Content:

1 Executive Summary

.

.

.

4 Market Landscape

4.1 Porters Five Forces Analysis

4.1.1 Threat Of New Entrants

4.1.2 Bargaining Power Of Buyers

4.1.3 Threat Of Substitutes

4.1.4 Rivalry

4.1.5 Bargaining Power Of Suppliers

4.2 Value Chain Of Global Data Encryption Market

5 Market Overview Of Global Data Encryption Market

5.1 Introduction

5.2 Growth Drivers

5.3 Impact Analysis

5.4 Market Challenges

6 Market Trends

6.1 Introduction

6.2 Growth Trends

6.3 Impact Analysis

Continued.

Browse More Details on Report at:

https://www.marketresearchfuture.com/reports/data-encryption-market-1733

About Market Research Future:

AtMarket Research Future (MRFR), we enable our customers to unravel the complexity of various industries through our Cooked Research Report (CRR), Half-Cooked Research Reports (HCRR), Raw Research Reports (3R), Continuous-Feed Research (CFR), and Market Research & Consulting Services.

MRFR team have supreme objective to provide the optimum quality market research and intelligence services to our clients.

Media ContactCompany Name: Market Research FutureContact Person: Abhishek SawantEmail: Send EmailPhone: +1 646 845 9312Address:Market Research Future Office No. 528, Amanora Chambers Magarpatta Road, HadapsarCity: PuneState: MaharashtraCountry: IndiaWebsite: https://www.marketresearchfuture.com/reports/data-encryption-market-1733

Read the rest here:
Data Encryption Market 2020| Opportunity Assessments, Covid-19 Analysis, Growth Opportunities, Business Trends, Key Players Overview, Industry Size,...

Unstoppable Domains co-founder Bradley Kam believes that neither the anti-encryption bills nor the technology giants present a real threat to the future of the Internet. In his opinion, both, the governments and the giant platforms are helping to usher the era of the decentralized web, he told Cointelegraph:

Technology platforms like Facebook and Twitter have been criticized simultaneously for censorship and not enough censorship. Kam said that the decentralized web will be able to solve both issues. In his opinion, in the future, there will be dozens of DApps like Facebook, which will compete with each other. One of the differentiation points between them will be the different ways they will be handling freedom of speech:

He thinks this may lead to chaos, but it is essential to securing the future of freedom of speech:

However, one thing to consider is that one of the reasons why Facebook, Twitter, Instagram, Google have become, in essence, monopolists network effect. The more people were joining those platforms, the more useful they were becoming. A new social network similar to Facebook with better technology cannot compete with the original because no matter what incredible features it would offer if no one is using it, it is useless. That is why decentralized clones like Steem have struggled mightily to escape the confines of the crypto ghetto. Thus, in order for those 40 Facebooks to dethrone the original, at the very least, they would have to be interoperable.

Recently, Unstoppable Domains has introduced a few new features like dChat and Unstoppable email.

See original here:
Unstoppable Domains co-founder had this to say about Facebook and the future of free speech - Cointelegraph

September16, 20206 min read

Opinions expressed by Entrepreneur contributors are their own.

In the past few months, amassive change in working dynamics has fueled an uptick in a kind of infection that's not constantly in the newsthe type that affects computers.Malware attacks, phishing attemptsand other types of cyber crime are reaching record heights in 2020. Unfortunately, these latest developments are only the tip of the iceberg, as the rapid expansion of digitalization has already radically increased the exposure to virtual threats in the past few years.

As a consequence, more than 70 percent of in-house cybersecurity managers plan to request a significant budget increase during the next year. Therefore, its about time to take a look at the driving forces behind the need for IT security solutions in the current decade.

Although working from home has helped stem the spread of the coronavirus, computer virus infections are now on the rise as opportunistic hackers and cyber criminals look to take advantage of the situation to fill their pockets. As a result, the number of malware and ransomware attacks spiked by 25 percent between Q4 2019 and Q1 2020 as a wave ofattacks hit a range of victims.

Related: Cyber Threats On the Rise Amid Outbreak

Criminals are increasingly incorporating coronavirus themes into their attacks, using lures about vaccine information, masksand short-supply items to help snare victims. According to KPMG, a large chunk of these attacks are financial scams that promise government assistance or payment but actually intend to scam the victim out of their personal information and/or money.

It isnt just ransomware attacks on the rise either. There has been a stark uptick in the number of phishing attacks in recent months, with criminals now posing as trustworthy sources of information, like the World Health Organization (WHO), to trick victims into handing over money usually by offering virus testing kits, critical informationor coronavirus-related investment schemes in return.

Based on data released by the UK tax authority HM Revenue and Customs (HMRC) and reported by ITProPortal, the number of coronavirus-related phishing attacks reached a peak in May more than double that seen the month prior. Phishing attacks also saw one of the worlds most popular social networks, Twitter, suffer a significant breach in July, as over 130 influential accounts were hacked after Twitter's internal systems were compromised.

Related: Top Five Sectors Prone To Cyber Threat Amid COVID-19 Lockdown

As a fallout from the Twitter breach and the general uptick in malware attacks, firms both small and large are now beginning to double-down on IT securityto keep both their employees and customers safe from attacks. Based on the latest forecasts by Gartner, the cloud security market is expected to grow by 33 percent during 2020, while the data security market will grow by 7.2 percent over the same period to become a $2.8 trillion industry.Much of this is owed to institutional security spending.

When GDPR came into force in 2018, it was supposed to be the dawn of a new era of privacy in the European Union and the European Economic Area at least. The recently enforceable piece of legislation severely restricts what data organizations are able to harvest about EU citizens while providing users with more control over their data.

Despite this, the number of data leaks has skyrocketed in 2020, and several massive data breaches have already occurred this year. Back in March, the hotel chain Marriott announced that the private information of over fivemillion of its loyalty program users had been leaked. This is the second time in two years that the hotel chain has suffered from a devastating breach.

In addition, the popular video conferencing app Zoom also suffered from a breach that saw the login credentials and private information from half a million users exfiltrated and advertised for sale on the dark web.

Related: 4 Strategies Small Businesses Can Use To Avoid a Data Breach

Oleksandr Senyuk, who launched a smart yet cloud-free password manager with his company KeyReel, believes that recent trends in corporate culture, such as the use of private rather than corporate phones and use of home offices have dramatically increased security breaches in the business world. Remote access to internal systems from laptops and desktops located in insecure environments pose a serious threat to businesses, regardless of size," he says."The solution is to concentrate around the security of individuals rather than companies.

Senyukurges companies to invest in cybersecurity software solutions and, most importantly, in employee education and annual training. Surprisingly, even employees of large technology powerhouses seem to lack basic IT security skills. Senyuk recounts an embarrassing 2016 incident in which a DropBox employee used the same password for a corporate network account and his personal LinkedIn account, resulting in the theft of north of 60 million user credentials.

Related: How Social Media Jeopardizes Data Security

Overall, as per data from Security Boulevard, 2020 is already well on its way to setting a new record for data breaches, with around 16 billion records already leaked this year. Likewise, according to the 2020 Verizon Data Breach Investigations Report (DBIR), there were at least 3,950 data breaches in 2020 alone, with almost half of these being the result of a hack, while 86 percent were financially motivated.

It isnt just cyber criminals that are targeting peoples data either. With the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) act now weaving its way through Congress, it might not be long before anybody who uses encryption-based communication services could be eavesdropped on by the U.S. government, because companies would be forced to weaken their encryption and essentially provide the government with a backdoor to user data.

Related: 4 Ways Businesses and Consumers Can Take Back Their Data in 2019

"Many governments are working towards banning or weakening end-to-end encryption, like the U.S. EARN IT act," Senyuk says."This would allow governments to force any cloud provider to break the system and quietly acquire and monitor data. LavaBit and EncroChat are two examples of direct government involvement in the services of cloud service providers. While many users and companies don't have any major concerns regarding government intervention, security experts warn that weakening encryption would hurt the security of all individuals."

Understandably, the EARN IT act has received significant pushback from the cyber community, prompting an uptick in the use of encrypted messaging apps like status, crypto currencies like Bitcoin (BTC), and Ethereum (ETH), and security tools that prevent eavesdropping and theft.

With similar efforts to undermine encryption now underway in several countries, and the "Five Eyes" security alliance now looking to implement backdoors in popular apps, privacy is a bigger concern than ever before.

Read the original post:
Why IT Security Will be a Prime Concern for Businesses in the Next Decade - Entrepreneur

The Optical encryption Market Forecast Report provides details analysis of Optical encryption industry which will accelerate your business. Optical encryption market report covers the current state of business and the growth prospects of the worldwide Optical encryption Market. The Optical encryption market report lists the leading competitors and provides the Industry pitfall and challenges, Growth potential analysis of the key factors influencing the market.

Global Optical encryption industry profile provides top-line qualitative and quantifiable information including: Optical encryption market share, market size. The profile also contains descriptions of the foremost players including key financial metrics and analysis of competitive pressures within the Optical encryption market. Essential resource for top-line data and analysis covering the global Optical encryption market. Includes Optical encryption market size and segmentation data, textual and graphical analysis of Optical encryption market growth trends and leading companies.

Request Sample Copy of this Report @ https://www.theresearchprocess.com/request-sample/4478

Optical encryption Market forecasting derived from in-depth understanding attained from future market spending patterns provides enumerated insight to support your decision-making process. Our market forecasting is based on a market model derived from market connectivity, dynamics, and identified persuasive factors around which conventions about the market are made. These conventions are enlightened by fact-bases, put by primary and secondary research instruments, regressive analysis and an extensive connect with industry people.

Request Sample Copy of this Report @ https://www.theresearchprocess.com/request-sample/4478

The report also presents the market competition landscape and a corresponding detailed analysis of the major vendor/manufacturers in the market. The key manufacturers covered in this report:

Major Highlights from Table of contents are listed below for quick lookup into Optical encryption Market report

Chapter 1. Competitive Landscape

Chapter 2. Company Profiles

Chapter 3. Methodology & Scope

Chapter 4. Executive Summary

Chapter 5. Optical encryption industryInsights

Request Customization on This Report @ https://www.theresearchprocess.com/request-for-customization/4478

See the rest here:
Optical encryption Market Research Report, Growth Forecast 2026 - The Research Process

Wi-Fi networks are available almost anywhere we go these days. From coffee shops to public places, getting connected to the internet through Wi-Fi hotspots is always a click away. However, using public Wi-Fi services is not without its risks.

Not all Wi-Fi networks are secured properly. In public places, Wi-Fi networks are often left open for convenience; you dont have to use a username and password to start using the network. Most Wi-Fi networks are also not constantly maintained, which leaves them very vulnerable.

While you can remain protected when using public Wi-Fi services, there are several things you need to know about todays available networks and the risks you face when using them.

Mobile connectivity and broadband services are becoming more affordable, but that doesnt mean free Wi-Fi services in public places are less appealing. According to recent studies, over 50% of internet users use public Wi-Fi networks at least once a day, and you may be part of that group too.

Free Wi-Fi in todays super-connected world is indeed a convenience. When you have to download a large work document or you need to stream multimedia content, being able to use free Wi-Fi services allows you to save on your mobile data cap.

Nevertheless, free wireless networks that arent maintained properly attract potential attackers. When network security is not a priority, the network itself is vulnerable to attacks. Based on recent attack history, a lot of public access points were turned into botnets or used for other malicious purposes.

Free Wi-Fi hotspots are also prone to DNS spoofing. Since the access points arent sufficiently secured, attackers can alter the DNS servers used by the access point and reroute your internet requests to bad servers. You may end up on a phishing website when trying to access a legitimate one.

Attackers can steal data packets in transit by exploiting public Wi-Fi networks with man-in-the-middle attacks. Since you are routing your requests through a public access point or gateway, the risk of your data being stolen in transit is significantly higher than when you are in a private network.

Of course, these risks are easy to mitigate. You can still use public Wi-Fi networks and remain protected as long as you know how to secure yourself properly. Before we get to that, however, there are additional risks you need to understand first.

Cyberattacks arent the only risks to mitigate when you are using a public Wi-Fi network. You also have to consider how the network is managed and how it can remain free. Most free public networks are advertising-funded, which means you will be shown ads while browsing the World Wide Web.

Other networks are used to collect consumer data through legitimate means. Coffee shops, for instance, may record your spending habits or other details based on your use of the free Wi-Fi service. Even the London Underground is now using free Wi-Fi to track consumer devices.

The latter is not a new way of collecting consumer data through free Wi-Fi. London Underground did tests in 2016 to see if the free Wi-Fi network could be used for marketing analytics and scraping information. This years rollout is a continuation of that trial.

Some public networks even go as far as helping advertising networks gather data about your online activities. Yes, they do require your consent, but that request for permission is usually embedded deep in the Terms and Conditions you agree to when you start using the free service.

Fortunately, there is a lot you can do to stay protected while using public (and free) Wi-Fi networks. For starters, you can take the time to read the user agreement and privacy policy of the network before you start using the free service. You can understand a lot about how the network is operated when you read these documents thoroughly.

You can also take steps to protect your devices. Adding an anti-virus, a suitable firewall, and additional tools such as anti-malware are highly recommended. At the very least, you will not have to worry about harmful scripts exploiting the security holes of your devices. Dont forget to keep your devices up to date too.

Another thing you can do is utilize a VPN or a proxy when connecting through public Wi-Fi networks. The leading providers (such as Smartproxy) offer a wide range of services. Rather than relying on the network gateway, you tunnel through the network to a secure server a server that acts as a middleware and route your requests safely. The leading services VPN and proxy services will even encrypt your data packets.

Encryption is definitely a must. There is no shortage of encryption solutions that can be used to further protect your information. Accessing secure sites that use SSL/TLS encryption and incorporating in-device encryption are some of the things you can do to add layers of protection to your online life. Even when the data packets are stolen, it is impossible to read them when they are encrypted.

Speaking of information theft and tracking, you can also prevent public Wi-Fi networks from tracking your online activities by configuring your device security. Browsers can be set to withhold location information. You have the option to review your security settings and define permissions given to certain apps like browsers and messaging apps.

Last but not least, make sure you connect to public networks that are maintained properly. When the routers and access points are updated regularly and managed to a good standard, you can use free Wi-Fi services without having to worry about additional security risks like DNS spoofing. Use on-device scanners to test your connections beforehand.

Free and public Wi-Fi networks are very useful. Now that you know how to stay protected when using them, you have nothing to worry about and can fully utilize the free Wi-Fi services in public places around you.

See original here:
Why You Should Think Twice Before Using Free Wi-Fi - Phandroid - News for Android