NEW HAVEN, Conn (WNTH)–Wi-Fi access is everywhere these days. Walk into an airport, coffee shop, or many other spots, and log on.
Some public or business spaces requires the prompting of information through a portal to be allowed access to an internet connection. For a hundred bucks, cyber thieves can buy devices that easily let them create their own hotspots.
The team at the University of New Haven cyber forensic lab is helping to expose the threat.
They bought a device to show us how it works.
“We can mimic a portal from McDonald’s, Yahoo, Starbucks. You think you are connecting to a legitimate hotpot,” said Matt Topor at the University of New Haven cyber forensic lab.
It looks just like the real portal, complete with a “terms of service” agreement. The fake hotspot has the same name as the real one. Those with nefarious intentions can label the hotspot anything they want.
“This is the fake hotspot we created and we called it coffee shop, its free – and I just log onto it. Essentially all you got to do is click connect,” said Topor.
The port mimics the exact look of others from coffee shops, airports, libraries and any other place Wi-Fi is offered. The victim unknowingly enters their information like email and password.
The information is collected and recorded onto the hacker’s computer.
Along with personal information, cyber criminals can watch the non-encrypted websites the victims are visiting in real time.
“I’m going to go to a website….the website loading…essentially I can see everything that’s loaded, included images,” said Topor.
Plenty of people are falling for it.
Inside the library at the University of New Haven, the cyber forensic team used the device to create a hotspot called “library” and waited to see who logged on.
“We have someone that’s been connected,” said Topor.
That user entered their email and password.
So did others using iPad, computers and phones.
Ibrahim (Abe) Baggili PhD is the Elder Family Endowed Chair, Assistant Dean, Associate Professor (Tenured), Co-Director & Founder of the Cyber Forensics Research and Education Group.
He says the trove of information collected could be a nightmare for the cyber victim.
“We can log on to your email, Facebook and now we can take over your identity online,” said Baggili.
When it comes to protecting yourself, there are a few apps that can check Wi-Fi security,
Baggil uses an app from AVG Anti-virus.
“I’m going to click on scan WI-FI and immediately says everything you do on this network could be intercepted,” said Baggil.
He also suggests using two factor authentication to protect passwords.
“We need to educate people that Wi-Fi is a great technology, but It’s also someway insecure and we need to be aware of those things,” said Baggil.