VietNamNet Bridge – Users of free wifi in large cities may have their private information such as account numbers, passwords and credit card information stolen, experts from Bkav Security, a subsidiary of Bkav, a large technology group, have warned.



{keywords}



The warning was given after Bkav Security conducted a survey from August to November 2014 in large cities where wifi is provided for free, such as Da Nang, Hai Phong, Hoi An and Ha Long.

The experts pointed out that there could be three forms of attacks, including Man in the Middle (cyber attacks where a malicious actor goes between two parties & gains access to private information), Phishing (when internet fraudsters impersonate a business to trick users into giving out their personal information) and SSID Spoofing (criminals use spoofed service set identifiers (SSIDs) to lure wireless users).

Explaining this, Ngo Tran Vu, managing director of NTS Security, said in Thanh Nien newspaper that hackers just need to connect any public wifi network and check all the computers in the same networks. They can easily find computers which have data kept in “share” mode, and steal the data without any difficulties.

Hackers can also use tools to watch over the users’ operations on the websites with low encoding, or exploit vulnerabilities existing in old versions of Windows operating systems.

And most dangerously, hackers can create a counterfeit wifi network to cheat users. The wifi network would have no password to attract users to access to it. Then hackers only need to set up a “filter” between users and internet, so that when users access websites, they will be driven to counterfeit websites. And if users declare their private information, the information will “fall into the hands” of the hackers.

Do Dac Khanh, head of the survey team, said free wifi is exposed to higher safety risks because of limited security measures.

Therefore, Khanh said, users, while on free wifi, should not use services which require them to expose important private information, such as logging in emails, social networks and making online banking transactions.

In case users really need to use important services, they would be better to use VPN (virtual private network, which extends a private network across a public network, such as the internet) in order to create a safer information exchange channel.

Experts have recommended users equip their mobile devices with anti-virus software and always turn on a firewall for complete protection.

Vu of NTS Security has suggesting using Kaspersky internet security 2015 version which has been integrated with a new feature which will give alerts about attacks when users are on public wifi systems.

Mai Chi