![\"How-hackers-nab-your-data-on-Wi-Fi-networks\"](\"http:\/\/businesstech.co.za\/news\/wp-content\/uploads\/2015\/06\/How-hackers-nab-your-data-on-Wi-Fi-networks.jpg\")
<\/a><\/p>\nHow Wi-Fi attacks work<\/h3>\n
Open Wi-Fi networks<\/strong> such as those run by Internet service providers (AlwaysOn, Telkom Mobile Guest) do not encrypt any packets.<\/p>\n \u201cThis makes it possible to just watch the packets to see what people are doing,\u201d said White.<\/p>\n As the adoption of universal encryption increases, this kind of \u201csniffing\u201d is increasingly less useful, but it can still yield a lot of data about someone.<\/p>\n This information can then be employed in a more active interception to get the \u201cjuicy stuff\u201d.<\/p>\n Hotspots that require you to log in after<\/em> you\u2019ve connected<\/strong> via a captive portal web page are not any more secure than an open Wi-Fi network, warned White.<\/p>\n \u201cThis is all about the provider trying to charge or identify you, and nothing to do with security.\u201d<\/p>\n In fact, since the network is unencrypted an attacker could just sniff your authentication information and impersonate you to log into the network.<\/p>\n Secured hotspots<\/strong> encrypt the traffic sent over them, but in the case of WPA\/2 networks with shared passwords (like those at coffee shops or restaurants), attackers can sniff traffic in almost the same way as on an open network.<\/p>\n \u201cIt does require that they see the device connected to the network to get enough of the cryptographic input to decrypt the packets.\u201d<\/p>\n Forcing a disconnect (and reconnect) is easily achieved via \u201cdeauth frames\u201d with no noticeable impact to the user, he said.<\/p>\n Wi-Fi networks that require a username and password<\/strong> (802.1x EAP) are more secure than those with a shared password, but are still vulnerable to attacks.<\/p>\n \u201cMostly users don\u2019t validate the certificate from the network (because it is difficult), which means it\u2019s possible to man in the middle an EAP authentication and crack the challenge response sent over it,\u201d said White.<\/p>\n For clients who\u00a0validate the certificate, 802.1x with a decent Extensible Authentication Protocol (EAP) is about as good as it gets these days.<\/p>\n White said home Wi-Fi networks are\u00a0no safer than others, especially since it is less likely to use 802.1x with proper EAP, and pre-shared keys are handed out to everyone who\u00a0visits.<\/p>\n \u201cThat said, home Wi-Fi is much less likely to be attacked to go after users than say, a coffee shop frequented by hackers,\u201d he said.<\/p>\n \u201cPersonally, my home network regularly changes ESSID, BSSID, and 64 character WPA2 key.\u00a0It\u2019s not perfect, and people get angry at a key that long, but it gets the job done.\u201d<\/p>\n SensePost recently released an updated version of its MANA Toolkit<\/a><\/strong>, an evilAP toolkit for rogue access point attacks.<\/em><\/p>\n City of Joburg wants to roll out 1,000 free Wi-Fi hotspots<\/a><\/strong><\/p>\n Cape Town scraps Wi-Fi-to-the-home plans<\/a><\/strong><\/p>\n High-speed Wi-Fi heading to rural Eastern Cape<\/a><\/strong><\/p>\nIs my home Wi-Fi safe at least?<\/h3>\n
More on Wi-Fi in SA<\/h3>\n