Just two days after an investigation revealed how much personal information public Wi-Fi networks can ‘suck’ from phones, a child has shown how easy the hotspots are to hack.
A seven-year-old broke into a Wi-Fi hotspot in just 10 minutes and 54 seconds after watching an online video tutorial.
The ethical hacking demo was carried out under the supervision of an online security expert to highlight just how vulnerable the networks are.
Scroll down for video
This made it possible for thieves to access phones, hack email accounts, steal login details, track people’s movements and access online bank accounts.
To put these dangers into perspective, virtual private network (VPN) provider Hidemyass.com (HMA) recruited a child to attack a public network.
Betsy Davies from Dulwich in South London hacked a willing participant’s laptop while they were connected to an open Wi-Fi network.
A WI-FI HACKER’S GLOSSARY
Sniffing/eavesdropping: The method of passively listening to data on the network without the users knowledge by tricking the network into passing all data through the hacker’s computer first.
Man in the middle attack: A method used to intercept traffic between a user’s device and the destination system, such as the café offering the Wi-Fi, making a victim’s machine think the hacker’s machine is the access point to the Internet.
DNS cache poisoning: A method of attack whereby ‘updated’ data is used to enable the hacker to divert the traffic to the hacker’s destination of choice.
Rogue Access Points/Rogue APs: Wireless access points installed on a company’s network without the company’s knowledge. These access points override the legitimate network thereby allowing the hacker to perform a man in the middle attack and intercept data.
Unsecured Wi-Fi network: An unsecured Wi-Fi network is a wireless network that doesn’t request the user to log into it via the use of a username and password. These are usually displayed as OPEN networks.
WEP – Wired Equivalent Privacy: The first wireless security scheme developed, it was designed to provide security that was essentially equivalent to the privacy that was enjoyed in a wired environment. This is the least secure type of wireless network available.
WPA – Used Temporal Key Integrity Protocol (TKIP): This protocol further improves the security of WEP without the need to buy new hardware. It still uses WEP for encryption, but it makes the attacks used to crack WEP a bit more difficult and time-consuming.
WPA2-PSK: This is the next level up from WPA and was designed for the home and small businesses . As the name implies, the new version uses a pre-shared key (PSK). This has become standard that is now used by most households today.
WPA2-AES: This is a version of WPA2 used by businesses. It uses the Advanced Encryption Standard, or AES, to encrypt data and is the most secure. It’s often coupled with a RADIUS server that is dedicated for authentication.
RADIUS – Remote Authentication Dial In User Service (RADIUS): A networking protocol that provides centralised Authentication, Authorisation, and Accounting management for users who connect and use a network service within a business. These users are authenticated against the company systems for added protection.
Channels: Wireless networks use Channels which are separated out so that various communication streams don’t interfere with each other. The 802.11 wireless standard allows for channels ranging from 1 thru 14.
Brute-force attack: A method in which a hacker will try and break the password by continuously attempting to log in with different credentials until they find one that works. It could take hours, days or months depending upon the complexity of the password being used.
Dictionary attack: A method used to ry and break the password of a user or wireless device by going through all the words in a dictionary, trying each one in turn until it finds a password which works.
Virtual private network (VPN): A VPN is a way of using the public internet like a secure private network. It encrypts data and routes it through remote servers, keeping the activity and location private and secure.