From session hijacking to session sidejacking, do you know all your vulnerable points in wifi hotspots?
If not, check out a new white paper from Cisco called “The Future of Hotspots: Making Wi-Fi as Secure and Easy to Use as Cellular.”
We have warned about these kinds of hotspot attacks for years, but it is significant that Cisco agrees with our analysis. After all, Cisco is the largest manufacturer of wifi equipment, having shipped 10 million wifi access points to customers.
If they are saying that wifi hotspots are inherently vulnerable to attacks, you can be sure that they know what they are talking about.
In this white paper, Cisco notes that around 200 million homes use wifi networks. Additionally, there are 750,000 wifi hotspots around the world that are used by over 700 million people. What’s more, 800 million new wifi devices are bought each year by consumers. Clearly, wifi is expanding at an enormous rate.
Cisco reports that most attacks occur because wifi hotspots use open associations, which do not offer any form of security. Users are then susceptible to the following kinds of attacks:
- Evil twin: This is a rogue WiFi access point that appears to be a legitimate one, but actually has been set up by a hacker to intercept wireless communications. An evil twin is the wireless version of the “phishing” scam: an attacker fools users by posing as a legitimate access point.
- Session hijacking: This occurs when an attacker mimics the access point a user is using which causes the user to disassociate from the wifi network.
- Session sidejacking: Sidejacking occurs when a hacker uses packet sniffing to steal a session cookie from a website you just visited. These cookies are generally sent back to browsers unencrypted, even if the original website log-in was protected via HTTPS. Anyone listening can steal these cookies and then use them access your authenticated web session.
- Eavesdropping: Eavesdropping is when an attacker hijacks unencrypted wifi communications, stealing a victim’s personal information such as passwords, credit card numbers, and email.
Using a personal VPN is the only way to protect yourself from these kinds of attacks in a wifi hotspot, whether you are simply emailing, using a credit card to make a financial transaction, or managing your online banking accounts.
Now more than ever, consumers need a personal VPN like PRIVATE WiFi to encrypt all the data moving to and from their laptop for an extra layer of security and invisibility.