Open Wi-Fi users beware:: Sidejacking is rampant - WSFA.com Montgomery Alabama news.

Open Wi-Fi users beware: Sidejacking is rampant

Reported by Colin Hackman – bio |email

WILMINGTON, NC (WECT) - A few minutes ago both Steve Kavcak and Mackenzie Cope were at coffee shops.   Enjoying some fresh brew, and the use of the free wireless internet.  That is - until I walked in.

To understand how a reporter armed with nothing more than an iPhone can shake an adult to the core, you have to understand something about people.  People like to feel safe.  They don't much like surprises.   So when I first met Mackenzie Cope, and surprised her by taking away her illusion of safety- well – she was shocked to say the least.

[Tips to protect yourself from sidejacking (PDF)]

"When I came in and showed you your email address on my cell phone how did that make you feel?" I asked.
"I was stunned. I was stunned," said Cope, a recent graduate from UNCW.
"What went through your mind?"
"How does this guy know me?  That's scary - really scary."

A recent New York Times article had the first mention of a word I have never heard before: Sidejacking.  Unlike traditional hacking where someone would have to gain access to your computer - sidejacking software allows people to steal your information out of thin air, directly off of open wifi networks.   The article explained how airports, coffee shops, libraries - any place where you can logon without a password is a breeding ground for stealing personal passwords and logons.  The most recent twist of this application actually shows you the pages people are logging on to in a wifi environment in real time.  This allows someone with limited computer knowledge the ability to logon to peoples emails, Facebook accounts, Twitter pages and anything else that isn't encrypted.



"From a crooks perspective how easy is this?"  I asked Brian Tucker, an expert in internet security.
"Very easy," he said, "With some of the tools we used I didn't necessarily realize how easy it was until we actually went and used them."

Tucker is the President of Impact Media, a computer company that provides security and web solutions for customers.  Until six months ago he had never heard the term sidejacking - now more than a million people have downloaded one of the most popular sidejacking tools.  That means that hackers are no longer an anonymous crooks in a far away place.  They could be sitting right next to you - sipping coffee.  Or sitting just outside.  Such was the case in an experiment we set up with Tucker and the New Hanover County Sheriff's Office. 

I wanted to find out why millions have downloaded this software, and what kind of information we could find - the sheriff's office there to make sure we didn't inadvertently break any laws.  It's a misdemeanor if you access a password protected page without permission and a felony if you do more than $1000 in damage.

On several trips to area wifi hotspots we were able to easily logon and within minutes begin to start capturing sensitive information.

"If we were to ignore it, it doesn't stop it from happening," said Steven Schnitzler - the CEO of Port City Java, "Any steps that we can take to help folks be safe when they are surfing the web in public and using our servers is a step in the right direction."

Port City Java owns of one of the hot spots we visited.  He was happy to let us see what we could find, even logging on to his own Facebook page on their public wifi.

"This can be a step towards doing this in a safer way," He commented,  "As people get more sophisticated, as hackers get more sophisticated, criminals do, people need to take as many steps as they can to protect themselves and their information at home, out on a public wifi, anywhere. Be careful with your information because there are folks all over the place will take advantage of having that access."

While we didn't access his account  - we found plenty of others.  Once we discovered the folks online, I asked them to come outside so with their permission, we could show them what we found.

"Let's see what ya dig up," said an anxious Kavack who was using the wifi network at a local coffee shop.
"That's interesting," he said as we logged in to his Facebook account, using his password.
"It's interesting?" I asked.
"It's more than interesting. You got into my Facebook account, being a stranger."
"We are logged on as you, right now."
"That's wild."
"How does this make you feel?"
"I don't like it. I thought passwords were secure."

That's the illusion.   Programs like Facebook and web based email accounts ask for a password once, but then store that password as a cookie.  That way after you have logged in the first time you don't have to keep logging in to navigate around.  Your stored password is how you are exposed to sidejacking.

 The software allows crooks to use your stored password and log into your account as you.

 "The front door was locked but the windows were left wide open," says Tucker, "Ignorance is bliss.  Most people have no idea the perils of what lies before them on the in Internet. You surf at your own risk."

"Very surprising," said Kavack.
"We're logged on as you," I reminded him, "What could we do?"
"You could create all kinds of havoc in my name."

Indeed we could.  We could post pictures, write emails, even ask relatives for money.  The possibilities are endless.  But it isn't just email and social networks.  We saw blogs, twitter accounts and web page editors too.  It was a creepers paradise.

So how does one protect themselves?

"When you are sending things wirelessly out from your smart phone or your computer you are essentially broadcasting that information," said Schnitzler.

That means when on an open wifi DO NOT broadcast anything that you wouldn't want the rest of the world to know.  Like your email or Facebook login.

"Would you go on an open wifi network, just to check your Facebook page?" I asked Brian Tucker.
"Doubtful," he replied.

Tucker says the only way to be sure you aren't getting jacked is to not use an open wifi, But if you must - use a VPN, or Virtual Private Network - which creates a crook proof tunnel where information can be transmitted that crooks can't see.

"I think people will be amazed how easy people get in there," remarked Kavack

 Copyright 2011 WECT.  All rights reserved.

 

 

 

  • NewsMore>>

  • New Mexico passenger bus crash kills 3, sends 22 to hospital

    New Mexico passenger bus crash kills 3, sends 22 to hospital

    Sunday, July 15 2018 12:40 PM EDT2018-07-15 16:40:07 GMT
    Sunday, July 15 2018 2:52 PM EDT2018-07-15 18:52:36 GMT
    Authorities say a crash involving a passenger bus and three other vehicles on a highway in New Mexico has killed three people and sent 22 others to the hospital. (Source: CNN)Authorities say a crash involving a passenger bus and three other vehicles on a highway in New Mexico has killed three people and sent 22 others to the hospital. (Source: CNN)

    Authorities say a crash involving a passenger bus and three other vehicles on a highway in New Mexico has killed three people and sent 22 others to the hospital.

    More >>

    Authorities say a crash involving a passenger bus and three other vehicles on a highway in New Mexico has killed three people and sent 22 others to the hospital.

    More >>
  • Deadly fire shuts down key route to Yosemite National Park

    Deadly fire shuts down key route to Yosemite National Park

    Sunday, July 15 2018 2:04 PM EDT2018-07-15 18:04:23 GMT
    Sunday, July 15 2018 2:52 PM EDT2018-07-15 18:52:21 GMT
    (Andrew Kuhn /The Merced Sun-Star via AP). Crews battle the Ferguson Fire along steep terrain behind the Redbud Lodge along Highway 140 near El Portal in Mariposa County, Calif., on Saturday, July 14, 2018.(Andrew Kuhn /The Merced Sun-Star via AP). Crews battle the Ferguson Fire along steep terrain behind the Redbud Lodge along Highway 140 near El Portal in Mariposa County, Calif., on Saturday, July 14, 2018.

    A wildfire that killed a California firefighter has grown quickly and forced the closure of a key route into Yosemite National Park.

    More >>

    A wildfire that killed a California firefighter has grown quickly and forced the closure of a key route into Yosemite National Park.

    More >>
  • France wins 2nd World Cup title, beats Croatia 4-2

    France wins 2nd World Cup title, beats Croatia 4-2

    Sunday, July 15 2018 1:03 PM EDT2018-07-15 17:03:26 GMT
    Sunday, July 15 2018 2:51 PM EDT2018-07-15 18:51:43 GMT
    (AP Photo/Martin Meissner). France's Kylian Mbappe, front, celebrates after scoring his side's fourth goal during the final match between France and Croatia at the 2018 soccer World Cup in the Luzhniki Stadium in Moscow, Russia, Sunday, July 15, 2018.(AP Photo/Martin Meissner). France's Kylian Mbappe, front, celebrates after scoring his side's fourth goal during the final match between France and Croatia at the 2018 soccer World Cup in the Luzhniki Stadium in Moscow, Russia, Sunday, July 15, 2018.
    France won its second World Cup title by beating Croatia 4-2 in a match briefly interrupted by an on-field protest that Russian punk band Pussy Riot later took credit for.More >>
    France won its second World Cup title by beating Croatia 4-2 in a match briefly interrupted by an on-field protest that Russian punk band Pussy Riot later took credit for.More >>
Powered by Frankly