Tag Archive for: Mobile Security

Gladys Kravitz is Sniffing FREE WiFi Hotspots for Your Secrets

The free WiFi hotspot ritual is habitual. You head to your favorite café to get some work done “away from the office”. Justifying your $4 cup of 50 cent coffee with a Starbucks-approved rationalization (“I work so much more efficiently at my 3rd spot!”), you flip open your laptop, link to the free WiFi and get down to business. The caffeine primes your creativity, the  bustling noise provides a canvass backdrop for your artful work and the hyper-convenient Internet access makes it easy for someone else (think organized criminal) to intercept everything you send through the air.

At the table next to you, drinking a free glass of water (these guys are too smart to pay that price for a cuppa joe), sits a hacker running a piece of software that sniffs the data you send over the free (unprotected) WiFi. They watch your private data like Gladys Kravitz stalking the very bewitching and often nose-wriggling Samantha. When you log in to your webmail account, they record your username (usually your email address) and password. Since you use the same password for many different websites, they run an automated computer program that attempts to log into every bank in the world using that username and password. When it fails, the program automatically increments your email password in every way possible until it eventually cracks your banking code.

By the time you head for a latte refill, you can no longer afford it. (This is one effective way to break the Starbucks habit). Most of us have been well trained to unthinkingly connect to the FREE WiFi hotspot at cafés, airports and hotels. Wireless technology is both useful and powerful, but operating it without protection is like skydiving with a parachute that you never deploy (it’s a fun ride while it lasts…). If you connect to any WiFi hotspot without first having to log in with a unique username and password, there is nothing that masks your data as it travels through the air. (Watch the 9News Investigation Video with Jeremy Jojola for a sample).

How to use a free WiFi hotspot without crash landing

Like our previously mentioned skydiver, you want not only to put on your parachute before you jump, but to pull the cord before you taste dirt. Here are some simple steps you can take, along with a “How To” video, before you jump on your next free WiFi hotspot:

  1. HTTPS Surfing. If you absolutely must use the free WiFi hotspot, only exchange information over websites with encrypted connections. What’s an encrypted connection and how can you tell? Watch this short video to learn how to tell if you are on a safe, https internet connection. If you are, all of the data that goes between your device and the WiFi hotspot (and eventually onto the Internet), is scrambled and protected by a passcode (the encryption part) that makes it much harder to intercept. Banks (see video), Gmail and even Facebook (see video) offer HTTPS connections. Sometimes all you have to do on a website is to change your security defaults! If your connection is regular old http (no “s” at the end), just know that your data can be free for all to see (if they have the right tools).
  2. Tethering. Also known as a personal WiFi hotspot, tethering is the act of using your smartphone’s encrypted cellular connection to the Internet to surf securely from your mobile device. Tethering works for laptops, tablets and iPods and is relatively simple and inexpensive to use. To tether your computing device to your smartphone, simply contact your mobile provider (Verizon, AT&T, Sprint, T-Mobile, etc.) and let them know that you want to be able to connect your computing device to your smartphone (you want to tether). They will let you know that it costs about $15 per month (well worth the protection), will turn it on and will walk you through setting up both your smartphone and device so that they communicate with the Internet in a well-protected manner. Note: Many tablets, like the iPad, now come with cellular data access built into the device. So, for example, if you have an iPad with Wireless + Cellular capability, you can almost always connect via your cellular connection (just like your phone connects) and never even have to utilize free WiFi (though it’s still safe to use the secure Wifi in your home and office). You can do the same thing by accessing the Internet via your smartphone that is NOT connected to WiFi. Cellular surfing can be a bit slower, but it is considerably more private.
  3. VPN Software. Using a VPN (or virtual private network software), is a safer way to surf on free WiFi. Think of it like this: it takes the same protections you get when using an https connection and applies them to all of the URLs you visit. VPNs are standard gear for business users, but individuals need them just as much as corporations. One of the more popular VPNs for consumer use is Hotspot Shield VPN (this is not an educated endorsement of the product, just an example). The good part about a VPN is that it protects your data transmissions over the internet at all times, not just when using free WiFi.

Better yet, utilize all three solutions and find yourself 100% safer than the Frappuccino lover over at the next table. Mobile computing will increase your productivity, your connectivity and your flexibility. But to do it without a bit of security preparation is to court digital suicide.

John Sileo not only uses free WiFi hotspots (wisely), he is an internationally recognized keynote speaker on how to keep your employees from making poor data security decisions regarding identity, privacy and reputation protection. His happy clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.  Tyler Tobin, the CEO and Chief Hacker for Tobin & Associates LLC, is a world renowned Professional White Hat Hacker. His firm specializes in performing compliance, GLBA and full-blown security assessments. His customer base is both regional and global. Assessments include social engineering, external and internal vulnerability and penetration testing and compliance examinations (SEC, SOX, SSAE and GLBA).

4 Critical Steps to Mobile Security (iPhones, iPads, Laptops)

Is your favorite gadget burning your bottom line?

No, I’m not referring to the unproductive hours you spend on Angry Birds. I’m talking about mobile security.

Why is Mobile Security So Vital?

Think about the most indispensable gadget you use for work – the one without which you cannot survive. I’m taking a calculated guess here, but I bet your list doesn’t include a photocopier, fax or even a desktop computer. Business people have become highly dependent on digital devices that keep them connected, efficient, flexible and independent no matter where they are. In other words, we are addicted to our mobile gadgets: iPhones, Droids, BlackBerrys, iPads, tablets, laptops and the corresponding Wi-Fi connections that link us to the business world.

To stay nimble and ahead of the game, we must be able to respond to any request (a call, email, social media post, text message), research anything (a client’s background, solutions to a problem) and stay current on what’s happening in our field of influence (breaking news, tweets) even when we are out of the office.

But the same gadgets that give us a distinct competitive advantage, if left unprotected, can give data thieves and unethical competitors a huge and unfair criminal advantage. The net result of organizational data theft can be devastating to your job security, your bottom line, and your long-term reputation. The solution, of course, is to proactively protect your mobile office, whether it’s digital, physical or both. Mobile security is not optional.

Data Thieves Target Mobile Offices

What is a mobile office? If you own any of the gadgets listed above and use them even in minor ways for work (checking email, surfing, social media), you have a mobile office. Smartphones and tablets are more powerful than the desktops of just three years ago. Laptops are the bull’s eye for data thieves, though their attention is quickly moving to smaller, easier-to-steal gadgets. If you work out of your car, travel for your company or have a home office in addition to your regular workplace, you are a mobile worker.

Ignoring the call to protect these devices is no different than operating your office computer without virus protection, passwords, security patches or even the most basic physical protection.  If you do nothing about the risk, you will get stung, and in the process, may lose your job, your profits and potentially even your company. The threat isn’t idle – I lost my business because I refused to acknowledge the power of information and the importance of protecting it like gold.

To protect yourself and your company from becoming victims of mobile data theft, start with the 4 Critical Steps to Defend Your Mobile Gadgets:

  1. Make sure that employees aren’t installing data hijacking apps (like the Chess app that was pulled from the Android Marketplace because it was siphoning bank account logins off of users’ smartphones) on their smartphones and tablets thinking that they are harmless games.
  2. Implement basic mobile security on all mobile devices, including: secure passwords, remote tracking and wiping, auto-lock, auto-wipe and call-in account protection.
  3. Only utilize protected Wi-Fi connections to access the web. Free hotspots are constantly monitored by data sniffers looking to piggyback into your corporate website.
  4. Don’t ignore non-digital data theft risks like client files left in cars, hotel rooms and off-site offices. The tendency to over-focus on digital threats leaves your physical flank (documents, files, paper trash, etc.) exposed.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

iPhone and Droid Want to Be Your Big Brother

Remember the iconic 1984 Super Bowl ad with Apple shattering Big Brother? How times have changed! Now they are Big Brother.

According to recent Wall Street Journal findings, Apple Inc.’s iPhones and Google Inc.’s Android smartphones regularly transmit your locations back to Apple and Google, respectively. This new information only intensifies the privacy concerns that many people already have regarding smartphones. Essentially, they know where you are anytime your phone is on, and can sell that to advertisers in your area (or will be selling it soon enough).

The actual answer here is for the public to put enough pressure on Apple and Google that they stop the practice of tracking our location-based data and no longer collect, store or transmit it in any way without our consent.

You may ask, “don’t all cell phone carriers know where you are due to cell tower usage?” Yes, but Google and Apple are not cell phone carriers, they are software and hardware designers and should have no real reason (other than information control) to be tracking your every move without your knowledge. Google and Apple are not AT&T or Verizon, therefore they should not be recording, synching and transmitting your location like it appears they are.

Both companies are trying to build huge databases that allow them to pinpoint your exact location. So how are they doing it? By recording the cell phone towers and WiFi hotspots that you pass and that your phone utilizes. This data will ultimately be used to help them market location based services to their audience, which is a market that is expected to rise $6 billion in the next 3 years.

The Wall Street Journal found through research by security analyst Samy Kamkar, the HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It transmitted the name, location and signal strength of any nearby WiFi networks, as well as a unique phone identifier. This was not as personal of information like what the Street-View cars collected that Google had to shut down some time ago.

So what do we do now? According to the Wall Street Journal, neither Apple or Google commented when contacted about these findings, so it is hard to know the extent of how they are using the data collected. Right now, there really isn’t much you can do to stop GPS tracing of your location without your consent. Of course you could power down your phone, but we are all way too additcted to these handy little digital Swiss Army Knives to do that. You can turn of GPS services, but again, that makes it impossible to use maps and other location-based apps.

The actual answer here is for the public to put enough pressure on Apple and Google that they stop the practice of tracking our location-based data and no longer collect, store or transmit it in any way without our consent.

While this may be the future of privacy, it is better that we are aware of what may come rather than remain in the dark about the possibilities of technology.

John Sileo is the President of The Sileo Group and the award winning author of four books, including his latest workbook, The Smartphone Survival Guide. He speaks around the world on identity theft, online reputation and influence. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.