Your Wi-Fi Is Not
Safe
hey
guys this is Austin Wi-Fi is
basically
everywhere and odds are you're
using
one of these devices over Wi-Fi
pretty
much every day however it just
got
a lot less secure two Belgian
researchers
were able to find a flaw and
the
WPA to Wi-Fi protocol all this nerd
talk
aside means is that a secured
network
is no longer as secure as you
think
so to take a closer look at this
we
have our resident hacking expert West
and
you've actually spent a couple days
trying
to figure out exactly how all of
this
stuff works so there are two types
of
Wi-Fi secure it and open they've
probably
connect it to an open network
it's
something like a coffee shop or an
airport
well it's great to have free
Wi-Fi
the
downside of being open is that it
really
is truly open nearly anything you
do
on an open Wi-Fi network can be spied
on
by other people so the idea here is
that
if I decide to jump on Wi-Fi you
can
intercept that and see what I'm
doing
yeah my laptop is essentially now
sitting
in between your phone and
whatever
whatever websites you're trying
to
access a so if I say go to Google
comrade
now as you load up so I am on
the
Google homepage no problem but on
your
end and what you can actually see
here
is that is showing me that you are
going
to a Google service it's not going
to
work for every website this is
something
this is an attack that has
been
known about for a while and is
pretty
competitive in most websites a
lot
of people have the security features
built
in to combat this what I'm seeing
now
after I started kind of diving into
is
there are actually some pretty major
websites
that are not fully protected
yet
so for my name this looks totally
normal
I
see HTTPS it's secure and generally
speaking
if you do see HTTPS with a
little
green lock on your browser you
are
secure because even this will get
between
me and my Wi-Fi it won't get
between
me and the encryption and the
Wi-Fi
you can't crack that step just yet
exactly
what this is trying to do is it
is
trying to target that HTTPS but most
big
websites at this point have the
technology
in place to basically tell my
laptop
to get out of here so give me a
website
let's try it let's go to spirit
comm
okay it's loading it looks fine on
my
end I see it's not HTTPS but I mean
it
looks like a lot of standard generic
web
sites and that's that's kind of
creepy
okay and looking in right there I
can
see though it's like
instant
and what's creepy as it actually
parses
the data to so I can see the type
was
a check-in I see the last name and
the
record locator yeah that is really
scary
but to be fair that's going on
open
Wi-Fi however if you're at home
yeah
well if you're at home let's say
that
you're checking something personal
like
like if you wanted to check banking
information
sure though I know some
people
are fan of Amex so go to American
Express
is a website Oh interesting so
now
I see www M Erica Express which is
another
tactic that this kind of attack
use
yeah I can't just strip it off it'll
try
and do other little tricks to
essentially
allow you through so at this
point
if you see something like this
bail
like this is not right like yeah
it's
one thing to not see HTTPS and you
should
really look for that
anytime
you're logging into anything
sensitive
if you see a bunch of extra
double
use that should be a big red so I
know
that something's up so yeah go
ahead
and press the login button that
has
a little luck next to it looks such
a
bad idea and yeah go ahead and check
your
account feel free to easier your
correct
credentials I could do that at
all
all right logging in and boom I can
see
that your user ID is test and
password
is wes is hacking right there
seconds
so you're basically able to
capture
all that now that's not a real
account
as you guys might be able to
imagine
so just bounce me out but
normally
speaking if that was my actual
account
I would been logged right in
checking
all my credit card information
the
whole deal yeah you would have no
idea
and I would not only have the
information
but I would have it laid out
for
me in color-coded fashion so the
concerning
part about all this is the
people
that have actually discovered the
wpa2
craft they have said that at a
security
conference that's coming up
they're
going to release the code it's
gonna
be in the wild it's gonna be in
the
wild so they've essentially put a
shot
clock on every company to say hey
if
your device supports Wi-Fi which is
everything
a couple devices you you have
to
update soon otherwise it's okay until
things
get patched everywhere you really
should
treat all Wi-Fi as if it's an
open
and unsecured Network now there are
ways
around this for example if you're
plugged
in via ethernet then you're
going
to be able to avoid all of this
however
something you should always be
doing
regardless of how you connect to
the
internet is looking out for that
HTTPS
in your browser bar that means
that
whatever you're sending whether
it's
bank information login info credit
cards
whatever it's going to
secure
at least way more secure than
otherwise
my VPN is also a good idea so
it's
not perfect your computer can send
some
information between when you get on
Wi-Fi
and when you connect to the VPN
but
generally speaking encrypting web
traffic
is going to get around a lot of
these
issues and as long as using and
actually
trustworthy VPN that is going
to
protect your data you should be
pretty
safe because this is so new there
actually
aren't a lot of patches that
are
available for you to download just
yet
so Google is working on an Android
patch
which will be coming soon however
that's
going to be going to pixel
devices
and actually may take a while
before
it hits the rest of Android
phones
now Microsoft did update Windows
10
already for this however even though
Windows
is patched some Wi-Fi drivers
may
also need to be updated you can
definitely
expect other companies to
follow
suit quickly with updates for
their
products so you consider that
pretty
much everything in the world that
connects
to Wi-Fi is vulnerable to this
it's
going to take a while and if you
have
an order device you might just not
be
able to get an update at all
thankfully
this can be fixed with
software
updates but for now make sure
you're
using HTTPS and if you're really
worried
you can consider using a VPN so
if
you guys are interested in more info
on
hacking actually recently did an
entire
video all about it so be sure to
go
check that out and I will catch you
guys
in the next one
Posts
No comments:
Post a Comment