Free WiFi is a phishing decoy connection that can cause account information to leak
Not long ago, some media reported that a woman in front of McDonald's to raise a card protest, the use of public WiFi internet was cheated 2000 yuan, "even WiFi is easy to lose money more easily, and even careful." "The reason for the theft of the woman's online shopping is likely to be related to WiFi fishing," the expert analysis said.
On the program, the reporter and two jinshan poison PA safety engineer carried out such a "fishing" experiment. They simulate hackers, in Beijing railway station and Wangfujing business district set up a two free WiFi hotspots named Beijingfree and Wangfujingfree, do not set the password, as "bait" to lure nearby netizens to connect.
Because the WiFi does not require a password and strong signal, so soon dozens of netizens through the mobile phone, tablet computers, computers and other devices to access the two hot spots, and netizens on the network every move, and even its mobile phone model, open the application name and information, such as browsed the Web page, the main QQ number, micro-letter Friends Circle Photos , Taobao, Weibo account and other information, it was also intercepted by the WiFi creator.
The experiment found that in the fishing WiFi environment, if netizens log on to Weibo, hackers use the online presence of the session mechanism to easily hijack the Netizen's Weibo account, not only as the owner of the identity of the user to browse the DMS content and encrypted albums, but also to send micro-blog and delete micro-Bo and other operations. And if the Internet users access to the Internet after the network shopping, then hackers can go directly to their online purchase account, check the user purchase records and personal contact, home address and so on.
Jinshan Poison PA Safety Engineer Zhao said: "WiFi fishing hotspot is actually in the data transmission upstream set a valve, all customer data through this valve and the corresponding website transmission, hackers through a number of specific attack devices, the data can be recorded and crawled analysis. In this way, the information about the customer will be captured by hackers. ”
It is understood that hackers use the attack equipment in a large number of online sales, and the cost is very low, only need hundreds of yuan. Their learning costs are not high, read some instructions can be used, a computer level is not high people can become a hacker in a short time. The lower the cost of WiFi fishing, the greater the security risk that ordinary netizens face.
Home router easy to overcome experts: Remember to modify the factory password
Is there a risk of connecting to a public WiFi and is it safe to use a router in your own home? The program also demonstrates a router hijacking and network fraud process.
According to Zhao, hackers attack home routers generally have three steps: first, to crack the home of netizens Wi-fi password; second, after access to WiFi, and then cracked router management background of the account and password, access to the router management; Finally, in the router to embed backdoor procedures to steal Internet information, or tampering with router DNS settings, allowing netizens to visit phishing scams without their knowledge.
As the program tested, the attacked netizens open Taobao station, will always jump to a "Taobao 10 anniversary Dream Venture Fund activities," the official website. The website prompts netizens to enter Taobao account, real name, ID number, detailed address, and even a series of information such as bank card information. It is difficult to identify the so-called official website as a phishing website if the netizens don't pay attention to it. Once prompted to enter, then the user's privacy information will be hackers stolen, may threaten the fund security.
The entire attack takes only 10 minutes, and ordinary netizens may not feel the exception at all. More worryingly, these attacks have long been a hot search on the web. Search on the Internet "WiFi password crack", you can find about 3 million results, some of them provide crack methods, some provide crack software, and even explain the video. These should not have the content of the common Internet users router to lose the key.
Jinshan Poison PA Safety Engineer Li Tiejun said that most netizens lack some relevant security awareness, router management background of the initial login account and password has never been modified, which also gave the opportunity to malicious attackers.
Five WiFi safe Use recommendations for safe Internet access
WiFi is a common netizen high-speed Internet access, save the flow rate of important ways, although faced with some security traps, but can not be unworthy. Jinshan Poison PA Safety Engineer provides five safety recommendations for use.
First, be cautious about using WiFi hotspots in public places. Wi-Fi, which is provided by an official agency and has a verification mechanism, can be used by a staff member for confirmation. Other public WiFi that can be directly connected without the need for authentication or password is at higher risk and may be a fishing trap that is not used as much as possible.
Second, the use of public WiFi hotspots, as far as possible not to do online shopping and online banking operations, to avoid important personal sensitive information was leaked, and even by the hacker bank transfer.
Third, develop a good WiFi use habits. Mobile phones will be used to record WiFi hotspots, if the WiFi switch is turned on, the phone will continue to search the perimeter, once encountered with the same name hot will automatically connect, there is the risk of fishing. So when we get into the public area, try not to turn on the WiFi switch, or turn the WiFi into a lock screen and no longer automatically connect, to avoid the connection of malicious wifi without knowing it.
Four, the home router management backstage login account, password, do not use the default admin, can be changed to the letter plus digital high intensity password; set WiFi password Select WPA2 Encryption authentication method, relatively complex password can greatly improve the difficulty of hackers to crack.
In the end, security software should be installed on both the phone and the computer. For hackers commonly used phishing sites and other attack techniques, security software can intercept the reminder in a timely manner. Jinshan Poison PA is in beta "Route Management master" function, but also can effectively prevent the home routers hijacked by attackers, to prevent Internet users to run naked.