Notice What Option is Missing?

It’s a screenshot of my iPhone settings I took while in the USA last week.

Answer – Personal Hotspot

Canada telecoms allow us to connect our laptops via our phones, to Hotspot.

The States isn’t into them. Instead, they use MiFis – a stand-alone device that looks like this – 2nd last photo.

Remember: you are legally responsible for anyone who uses your HotSpot.

 

 

The ‘Rule of Thumb’ for WiFi Range

An average router’s signal will travel:

– 150 ft inside a structure (eg. your home)
– 300 ft outside

Even if you’re living in the centre of a barren, 1,000 foot field (why are you doing that?), still password protect your WiFi (your SSID) using WPA2.

A good password looks like this:
^NKglYA%]tckcM?wG7?r6nFp!

And change your router password, because when was the last time you did.

 

 

Why I Don’t Like Airport WiFi

For years from airports, I’ve tweeted as much:

During a recent trip, I had to send a file out, so was forced to connect.

This is what happened in Chicago O’Hare (ORD):

1 – Boingo is a recognized hotspot provider, okay, I’ll connect to that.

Nope, it’s not working. Oh no, this file needs to go… I have to connect to…

2_Free_ORD_Wi-fi  Based on the shady name of this network, I bet I’m about to be MITM’d

3 – Yes I was

***

The Attack

It’s called a Man-in-the-Middle (MITM) attack.

The WiFi network I connected to is likely not affiliated or provided by the airport. Instead, it’s probably an antennae poking out of someone’s backpack.

Using a clever WiFi name, the attacker poses as a legitimate network > I connect to it > now all my traffic is run through the attacker’s computer first, before going out to the internet >as it goes by, the attacker grabs passwords, reads stuff, etc.

(I’ll better explain a MITM attack in the near future)

The Defence

Don’t go online at the airport.  It’s one of the most hostile network in the world.  This environment provides nefarious characters anonymous access to sharpen their skills.

If you must go online, avoid entering passwords, accessing sensitive data, and certainly no online banking.

Okay? Okay.

NOTE – this could be because I was already connected to Google+ , then I automatically attempted to reconnect and I was associated to the captive portal yet, although I was getting a suspicious certificate error, it’s because I was being redirected to the captive portal for login first, and that new IP didn’t resolve to “plus.google.com” that is my browser saying woah. Possibly.

 

 

Why Airport WiFi is the Most Hostile Network

I’ve harped on you for years via social media, “stay off airport WiFi, it’s dangerous and even the best guys don’t connect to it”.

When I travelled to Arizona two weeks ago, sitting at the terminal I was like, “okay fine, I have to wipe my phone soon anyway, and should demonstrate why I keep harping”.

I connect to the terminal’s free network.

Using an app on my phone, I scan the network.

1 – there are 573 devices connected to the network

2 – the brand of each device is displayed

3 – I can choose to see what each device is doing

4 – I can pick one device and track it! I assign it the name, “Test”

1 – listed are the IP (like an address) and MAC address (like a serial number) of all connected devices

2 – let’s see what’s happening with THYSSENKRUP-PC

3 – that’s his IP and MAC address, of his Intel PC

4 – the numbers on the left are his ports, and what traffic is going in/out on each  

* – this traveller has his business card taped to his laptop.

The Attack

A business traveller has connected both his phone and laptop, he’s working away. The attacker notes his brand of device, the device’s name, MAC and IP address, and what is happening on which ports.  Added bonus is the business card taped to the laptop.

The attacker does some social media mining, then a week later, the traveller gets a phone call.

“Jimmy hi! Karl from IT here. Look, there’s a bit of a meltdown happening at HQ, sorry but this is urgent, you were at Pearson airport last Tuesday, right?

You’re on a Blackberry, MAC address 00:1F:3B:Bo:D2:D3, and were connected to our Microsoft Exchange server, right?  Yup, look, we have a compromise here, and I’m going to need your access to your laptop…”

***

An elaborate example, because really, someone skilled now has enough information to breach Jimmy’s system, with neither the laptop lid business card, or a phone call.

The Defence

Use your phone (via USB, not Bluetooth) to connect to the internet.  Reduce the attack surface.

The Better Defence

Just don’t.

If you must, avoid entering any passwords, and certainly no banking or credit card numbers.

(see also: Protecting your Phone in an Uncertain Environment)

 

WiFi Hotspots are Coming to Cars

This year, our cars will be constantly connected to the internet.  It’s going to be HUGE.

By 2021, the auto industry will have have the highest revenue that’s connectivity-related.

It arrived last year via Audi, and Chevy is a front-runner, with 10 of their models to be offered with 4G and LTE connections by this 2014 summer.

Read it online at Autonet.ca

Favourite line:

It will be interesting to see how the data will be priced, because using the rule of thumb that at YouTube video is 1MB per minute, we’d all be driving down the road just hemorrhaging money. 

Remember my column about War Driving? I wonder how this will affect things like that. I also wonder about the security aspect of an always-connected car.  Remember, you are responsible for hotspot users. 

***

Back to ‘Keri on Driving’ – Index