Tag Archives: Hacking

Avast

Avast study exposes global Wi-Fi browsing activity

The use of open, unprotected Wi-Fi networks has become increasingly popular across the globe. Whether you’re traveling around a new city and rely on public Wi-Fi networks to get around or you’re at your favorite coffee shop and connect to its Wi-Fi, you’re left in a vulnerable situation when it comes to protecting your data. Just as you lock the door of your house when you leave, you should also use a security app if using public Wi-Fi.

Couple taking selfie

Using unsecured Wi-Fi can easily expose photos and other personal information to hackers.

 

Avast’s hack experiment examines browsing habits of people across the globe

The Avast team recently undertook a global hacking experiment, where our mobile security experts traveled to cities in the United States, Europe, and Asia to observe the public Wi-Fi activity in nine major metropolitan areas. Our experiment revealed that most mobile users aren’t taking adequate steps to protect their data and privacy from cybercriminals. In the U.S., the Avast mobile experts visited Chicago, New York, and San Francisco; in Europe, they visited Barcelona, Berlin, and London; and in Asia, they traveled to Hong Kong, Seoul, and Taipei. Each of our experts was equipped with a laptop and a Wi-Fi adapter with the ability to monitor the Wi-Fi traffic in the area. For this purpose, we developed a proprietary app, monitoring the wireless traffic at 2.4 GHz frequency. It’s important to mention that there are commercial Wi-Fi monitoring apps like this available in the market that are easy-to-use, and available for free.

wifi experiment Bundestag

In front of the German Bundestag, Berlin: On public Wi-Fi, log in details can easily be monitored.

The study revealed that users in Asia are the most prone to attacks. Users in San Francisco and Barcelona were most likely to take steps to protect their browsing, and users in Europe were also conscious about using secure connections. While mobile users in Asia were most likely to join open networks, Europeans and Americans were slightly less so; in Seoul, 99 out of 100 users joined unsecured networks, compared with just 80 out of 100 in Barcelona.

1)      Seoul: 99 out of 100

2)      Hong Kong: 98 out of 100

3)      Taipei: 97 out of 100

4)      Chicago: 96 out of 100

5)      New York: 91 out of 100

6)      Berlin: 88 out of 100

7)      London: 83 out of 100

8)      Barcelona: 80 out of 100

9)      San Francisco: 80 out of 100

Our experiment shed light on the fact that a significant portion of mobile users browse primarily on unsecured HTTP sites.  Ninety-seven percent of users in Asia connect to open, unprotected Wi-Fi networks. Seven out of ten password-protected routers use weak encryption methods, making it simple for them to be hacked. Nearly one half of the web traffic in Asia takes place on unprotected HTTP sites, compared with one third U.S. traffic and roughly one quarter of European traffic. This can most likely be attributed to the fact that there are more websites in Europe and the U.S. that use the HTTPS protocol than in Asia.

So, how much of your browsing activity can actually be monitored?

Because HTTP traffic is unprotected, our team was able to view all of the users’ browsing activity, including domain and page history, searches, personal log in information, videos, emails, and comments. Before the start of any communication, there is always a communication with the domain name server (DNS). This communication is not encrypted in most cases, so on open Wi-Fi it is possible for anybody to see which domains a user visits. This means, for example, that somebody who browses products on eBay or Amazon and is not logged in can be followed around. Also, it is visible if people read articles on nytimes.com or CNN.com, and users who perform searches on Bing.com, or who visit certain adult video streaming sites can be monitored.

Beware of weak encryption

The majority of Wi-Fi hotspots were protected, but we found that often their encryption methods were weak and could be easily hacked. Using WEP encryption can be nearly as risky as forgoing password-protection altogether, as users tend to feel safer entering their personal information, but their data can still be accessed.

San Francisco and Berlin had the lowest percentage of weakly encrypted hotspots, while more than half of password-protected hotspots in London and New York and nearly three quarter of the Asian hotspots were vulnerable to attack.

1)      Seoul: 70.1%

2)      Taipei: 70.0%

3)      Hong Kong: 68.5%

4)      London: 54.5%

5)      New York: 54.4%

6)      Chicago: 45.9%

7)      Barcelona: 39.5%

8)      Berlin: 35.1%

9)      San Francisco: 30.1%

Our goal is not to discourage you from visiting HTTP sites, but instead, encourage you to protect yourself on public Wi-Fi. If you install protection that allows a secure Internet connection while accessing public networks, public Wi-Fi is harmless. But when you go unprotected, hackers can follow your way around the Internet. Even if the user accesses a HTTPS site, the domain visited is still visible to hackers.

 

 

AVG

Anthem ‘Medical’ Hack – What should you do?

Anthem Blue Cross Blue Shield, a medical insurance provider in the US, was subject to serious data breach that included personal information of its members past and present.

The data stolen includes names, birthdays, medical IDs/social security numbers, street address, email addresses and employment information including income data.

The type of data that has been reported to have been stolen means that this breach is potentially much more serious than most of the large data breaches we saw last year. These hacks were primarily of credit card and transaction data.

Generally, when credit card account details are taken, victims can limit the damage by stopping their card and changing their password. Credit card companies will also cover most of the liability.

The difference with this theft though is that stolen data is a lot more difficult to track than a simple financial transaction. Social security and insurance information can be used for anything from a false insurance claim to collecting prescription drugs.

If you think that this data breach may affect you then you should carefully check your next health insurance bill. Be sure to check that all the claims are indeed yours and dispute things that seem strange.

It’s important to catch the misuse of your insurance quickly before medical debt notices are issued because of unpaid bills. That could lead to credit rating issues or in the worst case, you could be refused insurance due to a condition that you don’t actually suffer from.

As a precaution here some other actions you should take, not forgetting the above one of checking medical statements:

  1. Ensure your online accounts are not using the same email password combination that you may have had stored with Anthem; change any that are the same as your Anthem details.
  2. Keep a close watch on your credit reports. This will help you identify if someone is using your identity to take a line of credit in your name. Most credit scoring agencies allow you to run a report for free at least once.
  3. Spammers may send emails that look like they are coming from Anthem. Make sure to carefully scrutinize these emails – don’t click on links that look suspicious – and if in doubt contact Anthem to ensure it’s an official communication.
  4. Moving forward, avoid using the same email address or identity across multiple online accounts. For example, have a primarily email address used for recovery of forgotten passwords and account information. Have a secondary email address for offline and online retail transactions. Have a third for financial accounts and sensitive information.

Follow me on twitter @tonyatavg