Glenn Miller Archive Glenn Miller Army Air Force Orchestra ...
The Impact of Rapid Development of New Smart Technology and the Lack of Accompanying Security...
-
Upload
elvin-lewis -
Category
Documents
-
view
216 -
download
0
Transcript of The Impact of Rapid Development of New Smart Technology and the Lack of Accompanying Security...
Glenn Nor 2
The Impact of Rapid Development of New Smart Technology and the Lack of Accompanying Security KnowledgePresented by Glenn Nor
15/05/2015
Glenn Nor 3
Project StatementsCurrent public understanding of Wi-Fi technology and its security is flawed at best
Public Wi-Fi hotspots are vulnerable to being hijacked and compromised without the average end-user ever noticing the difference
Sensitive information can be captured with little effort
15/05/2015
Glenn Nor 4
Ignorance is not bliss
15/05/2015
Research Paper: TAINTED LOVE: HOW WI-FI BETRAYS US
Terms and Conditions:
“…in return for free Wi-Fi access the recipient agrees to assign their first born child to us for the duration of eternity”
introduction
Glenn Nor 5
Security VS Convenience
15/05/2015
Research Paper: Changing People’s Behaviour towards Unsecure WiFi Hotspots
Two Wi-Fi hotspots
Warning page appears on connect 50 % of the time
Placed in a public area with open security
No actual internet on either of the Wi-Fi hotspots
40 % connected to the second Wi-Fi after realising there were no internet at the first
43 % connected to the second Wi-Fi after being shown the warning on the first
introduction
Glenn Nor 6
Don’t mess with me, I’m a pro!
15/05/2015
Experiment done by: hidemyass.com
“The image of cyber criminals hiding in a dark room in some far-flung part of the world is
antiquated - they are just as likely to be sitting next to you in a coffee shop or public library…”
introduction
Glenn Nor 7
Project Methodology
This project was divided into three sections:
1. Determine how vulnerable public Wi-Fi hotspots were in central Oslo
2. Determine user behaviour concerning public Wi-Fi hotspots
3. Using the information from sections (1) and (2), determine user’s risks
15/05/2015
Glenn Nor 9
Section 1: Hotspot Vulnerability
Three Wi-Fi Security Methods found to be vulnerable:
- Open Network- Captive Portal- WPA2-PSK*
*WPA2-PSK is vulnerable because all parties use the same password (SILES, 2012)
15/05/2015
Any public hotspot found in the search area using any of these security methods
would be deemed vulnerable to Wi-Fi attacks
Research hotspots
Glenn Nor 1015/05/2015
Section 1: Hotspot Vulnerability
Android app called «Wi-Fi Map»
Search area of 20 km2
Total of 400 public Wi-Fi hotspots
checked
Research hotspots
Glenn Nor 1415/05/2015
Section 1: Hotspot Vulnerability
Vulnerability Scale
All 400 checked Wi-Fi’s were vulnerable
Research hotspots
Glenn Nor 1715/05/2015
Section 2: Wi-Fi User Behavior
Wi-Fi User Behavior Survey
The Survey was divided into four main sections:AccountsPasswordsThe CloudPublic Wi-Fi
Research Behavior
Glenn Nor 1815/05/2015
Section 2: Wi-Fi User Behavior
Result Highlights
25%
75%
Use of Browser Passwords
noyes
7%
93%
Do you use Public Wi-Fi's?
NoYes
Research Behavior
Glenn Nor 1915/05/2015
Section 2: Wi-Fi User Behavior
Result Highlights
1 2 3 4 5 6 7 8 9 100
2
4
6
8
10
12
0
12
65 5
01
0 01
How many different Passwords?
Number of passwords
Num
ber o
f peo
ple
Research Behavior
Glenn Nor 2015/05/2015
Section 2: Wi-Fi User Behavior
Result Highlights
30%
30%
40%
Is it safe to use Public Wi-Fi with no password requirements?
NoYesI don't know
17%
50%
33%
Is it safe to use Public Wi-Fi with password requirements?
NoYesI don't know
Research Behavior
17%
43%
40%
Is it safe to use Public Wi-Fi with Captive Portal Requirements?
NoYesI don't know
Glenn Nor 2315/05/2015
Section 3: Public Wi-Fi Risks
Wi-Fi Attack ExperimentsAirport ScenarioShopping Mall ScenarioCoffee Shop E-mail interceptCompany Wi-Fi Attack
Shopping Mall Scenario
Glenn Nor 2515/05/2015
Section 3: Public Wi-Fi RisksShopping Mall Scenario
DNS2Proxy SSLSTRIP2
By Leonardo Nve
Glenn Nor 3115/05/2015
Section 3: Public Wi-Fi RisksShopping Mall Scenario
DNS Manipulation
www.amazon.co.uk → wwww.amazon.co.uk
New domain does not exist → 172.16.42.42
Glenn Nor 3315/05/2015
Section 3: Public Wi-Fi RisksShopping Mall Scenario
eBay on tablet eBay on smartphone
Websigning.ebay.co.uk Webm.ebay.co.uk
Glenn Nor 3415/05/2015
Section 3: Public Wi-Fi RisksShopping Mall Scenario
Other Captured Credentials
Glenn Nor 3515/05/2015
Understanding the dataconclusion
The pineapple Wi-Fi and the hackers laptop has no user interaction during the actual attack, in fact the hacker can place the systems in a wrapped Christmas present and
sit comfortably sipping a nice warm cup of tea, reading the newspaper for 15-30 minutes, while every hotspot in the vicinity is actively being attacked and harvested
for user credentials.
Glenn Nor 3615/05/2015
Thank you for listening!
SourcesImage from slide 1: depositphotos.com
F-SECURE, SYSS AND CYBER SECURITY RESEARCH INSTITUTE. (2014). TAINTED LOVE: HOW WI-FI BETRAYS US. F-SECURE. [Internet]
NOORT, W., BEUKEMA, W.J.B., DE VRIES, S.H.S. (2015). CHANGING PEOPLE’S BEHAVIOUR TOWARDS UNSECURED WI-FI HOTSPOTS. UNIVERSITY OF TWENTE.
YORKSHIREPOST. (2015). EVEN A 7 YEAR-OLD CAN HACK INTO A PUBLIC WIFI. YORKSHIREPOST.CO.UK. [Internet]
IMAGE FROM SLIDE 8: KASPERSKY.COM
SILES, R. (2012). PROS AND CONS OF "SECURE" WI-FI ACCESS. INTERNET STORM CENTER. ISC-SANS
FUTURAMA IMAGE: GROUPTHINK.JEZEBEL.COM
SourcesDESPICABLE ME 2 – SLIDE 16: DESPICABLE ME.WIKIA.COM
Image from slide 22: cartertoons.com
Image from slide 36: momsicle.files.wordpress.com
Final Image: iStockphoto.com – with license to use