14 DAY TRIAL // Security researchers point out the dangers of using a mobile device to connect to the Internet through unknown networks and the risk of charging them from untrusted places.
Digital perils are even greater in Brazil, in the context of the 2014 World Cup championship, as cybercriminals spare no chance to lure in as many victims as possible.
According to a study conducted in May in Sao Paolo by Kaspersky, security experts discovered more than 5,000 Wi-Fi access points while visiting various tourist attractions.
Out of these, 5% had default SSID configuration, thus providing a potential attacker with extra information that could lead to finding a vulnerability and exploiting it to gain administrator access and control the data going through the network.
Also, it is recommended to avoid connecting to ad-hoc networks because all the traffic is managed by a host that can be used to extract sensitive information.
The study shows that a total of 26% of the networks analyzed by the research team were lacking any security measures. When using them, all the traffic is in plain text and even if the user accesses secure pages, not all websites have full SSL encryption, the risk of plain text information being still present.
Attackers on the same network can intercept data and access it unrestrictedly. Man-in-the-middle (MitM) attacks are also possible, and cybercriminals can control the communication and impersonate the endpoint the victim tries to access. Researchers advise users to read the messages claiming that SSL certificates are out of date and to deny the connection.
In order to maintain the safety of the data, users are recommended to rely on a VPN connection, which creates a tunnel between the local device and a secure server that routes the traffic to the intended destination. The traffic to the server is encrypted and safe from snooping.
Another danger are the charging points. These can be tampered with and can leak information out of the phone during the battery charge through an USB port.
Alternatively, the devices can be implanted with malware components with location tracking or information stealing capabilities; call records, messages, notes, pictures, contacts and documents can be extracted any time the device connects to the Internet.
In this case, the recommendation goes for trying “to optimize battery life by shutting down unnecessary processes and entering flight safe mode when a cellphone network is not available. You can also disable sounds, vibrate tones and other resource-hungry features, like animated wallpapers etc.”