June 10, 2014
Because data roaming charges are generally very expensive, many fans around the world and travelers to Brazil for the 2014 World Cup will likely choose to use free Wi-Fi hotspots to watch the games or share their experience. with family and friends on social media without giving much thought to security issues. However, this is very risky because all data sent or received over open Wi-Fi networks can be intercepted. Passwords, PIN numbers and other confidential data could also fall into the hands of cybercriminals if public charging stations are used – both in Brazil and in any other country in the world – since they can be malicious.
Insecure Wi-Fi networks
Anticipating the influx of fans descending in Brazil this week, Kaspersky Lab security experts conducted an investigation into Wi-Fi access in São Paulo, one of the host cities of the World Cup. They traveled 100 km through the city and tested more than 5,000 different hotspots popular with tourists – parks, shopping malls, airports and other places of interest. As a result of this study, it was found that 26% of the 5,000 open Wi-Fi networks in the city of São Paulo do not use any type of encryption.
With this in mind, the company’s experts prepared a list of recommendations so that fans are not affected:
- Always enter any Wi-Fi network through a VPN connection. If you don’t have one, please get it and install it on all your devices – smartphones, tablets, laptops, etc.
- If a Wi-Fi network blocks your VPN connection, avoid using that network. If you have no other choice, it is better to use the Internet connection through the TOR browser together with your own DNSCrypt settings directly on your device.
- If you have your own Access Point, please check that the firmware is the latest version. Otherwise, update it.
- Do not leave your Access Point with the factory default settings; change them and also set new strong passwords.
- Check the encryption that your Access Point now has. If it is WPA or WEP, change it to WPA2 with AES settings. Disable the SSID Broadcast function and make sure the network password is secure.
- In case there is no really secure network where you are, don’t worry about posting your photos right now, wait until you find a safe place to work.
Fake USB charging points
Cybercriminals know that with the use of mobile devices and the exchange of information, the battery of these devices does not last long and they have set their sights on public chargers, turning them into a new vector of attacks. A malicious AC / DC charger is going to recharge your battery, but at the same time it can silently steal your smartphone information. Interception will occur over a USB connection, as most connectors use this type of connection. In some cases, these bogus loaders can also install malware capable of tracking your location, stealing notes, contacts, photos, messages, as well as call logs, saved passwords, and even browser cookies.
- Never use unknown chargers; instead look for trusted places to recharge your devices.
- Use the battery responsibly and try to carry a spare, that way you can use it in case the main battery dies.
- IOS devices have covers with an additional charging battery, which can also be a good solution.
- Try to optimize battery life by disabling unnecessary processes and activating airplane mode when a cell phone network is not available. You can also disable sounds, vibrations, tones, and other resource-consuming features such as live wallpapers, etc.
Dmitry Bestuzhev, Director of the Research and Analysis Team for Latin America at Kaspersky Lab, commented: “Malicious AC / DC charging points are a problem for those attending large events or traveling to new destinations. Cybercriminals know that when people are away from home and need their smartphones to view maps, routes and all kinds of information, they tend to use any charger, even if it is only for a few minutes. You must remember that you could be a victim and lose confidential personal data. The same is true for Wi-Fi, especially if you are looking for open hotspots, when you want to post pictures, check in places, and send messages. Think twice and take appropriate security measures.
[+] Videos de nuestro canal de YouTube