20 15.05438+0. 19 from Zhihu daily on Monday.
Cstnet replied:
Network experts pointed out that hackers attacking free WiFi have low technical threshold and simple operation, which makes people feel cold. Consumers must be cautious about accessing the Internet for free.
With the increasing number of free WiFi in public places in China, surfing the Internet, transferring money and treasure hunting have become the habits of many netizens. However, due to the existence of router and network vulnerabilities in free WiFi, it has also become the target of hacker attacks, resulting in the disclosure of personal privacy of netizens and the theft of online banking.
Stealing personal information with simple technology
Mr. Qi from Beijing used his mobile phone to log in to an online bank through public ***WiFi. An hour later, his bank funds were transferred or withdrawn 17 times, with a loss of 34,000 yuan. When Mr. Chen stayed in a hotel in Nanjing, he played mobile games all night without password by connecting to WiFi. At dawn, he found that all the equipment in the game account was gone. ...
Recently, there have been cases of property losses of netizens in Shijiazhuang, Yangzhou and Dalian. Although the parties are different, and the Internet sites are different, the reasons for their property losses are similar, and they are all connected to free WiFi.
Network experts pointed out that free WiFi is vulnerable to hacker attacks, and personal privacy disclosure is a high probability event, but netizens know nothing about it. "This kind of case reflects that the parties have weak awareness of network security and lack of preventive skills." Zhang Yi, CEO of Ai Media Consulting, said that ordinary businesses such as restaurants, hotels and cafes are high-risk areas for WiFi. "Free WiFi consisting of a network cable and a wireless router often has a' back door' wide open and no security settings, which opens the door for hackers."
Chen Xiangling, an engineer in a company's mobile security laboratory, said that the security risks of accessing free WiFi in public places include hijacking and malicious use of users' social software accounts and passwords; Personal information such as files and photos in mobile phones or computers is leaked; Mobile payment funds such as user online banking and Alipay were stolen. According to the sampling survey of 80,000 public ***WiFi hotspots in China in 2014 years, 2 1% of the public * * * hotspots are risky, and the encryption methods of most WiFi hotspots are unsafe, so anyone including hackers can listen to the data communication in the local area network, such as accounts, passwords and personal information.
Public ***WiFi, hackers follow.
In a company's WiFi risk lab, Chen Xiangling demonstrated to reporters the three most common "dirty tricks" of hackers.
Domain name hijacking. In the laboratory, the reporter connected a password-free WiFi with his mobile phone and entered the correct ICBC website, but the webpage that popped up was a fake phishing website with high similarity.
Chen Xiangling said that in the current WiFi environment, she can enter the management background of wireless routers and modify the domain name system. The reporter entered the ICBC website, and the server directly jumped the IP to the ICBC phishing website she set up.
Fishing WiFi. Chen Xiangling said that hackers often choose to build an unencrypted WiFi in the bustling business district, and label WiFi with well-known popular names such as "China Mobile" and "KFC" to lure netizens to "take the bait".
It is worth noting that setting up a fake fishing WiFi is effortless. Internet experts say that hackers can release WiFi signals by plugging a 3G network card into a palm-sized portable mini wireless router. After setting up wireless routing and network sharing, hackers "can wait for them with coffee."
ARP (Address Resolution Protocol) spoofing. Chen Xiangling and the reporter connected to the same WiFi with their mobile phones. The reporter logged into his Sina Weibo and started browsing. Chen Xiangling opened a hacker software on her mobile phone. The reporter saw that the hacker software quickly entered the WEB management interface of the router and read the reporter's mobile phone information.
Chen Xiangling sent a Weibo test with her mobile phone. In less than 5 seconds, the reporter's mobile phone showed this "new Weibo". "This means that I can receive everything you do on your mobile phone. Such session hijacking software is easy to download online. " Chen Xiangling said.
Enhance risk awareness and prevent information leakage.
Zhang Yi, CEO of Ai Media Consulting, believes that at present, the access standards for free WiFi services are different, the market lacks standardization, and security risks are obvious. Some public ***WiFi hotspots do not need to go through any formalities, and there are no security measures. Government supervision is relatively lagging behind, which needs urgent attention. "The communication management department should establish a system of access and approval for public ***WiFi to ensure the safety of user information and funds," Zhang Yi said.
According to a survey conducted by Kingsoft Internet Security Center, more than half of netizens are not aware of the security risks of accessing free WiFi in public places. The reporter found in a random interview on the streets of Guangzhou that most netizens don't know how to identify phishing websites and prevent hacker attacks. Experts suggest that when users log in to public WiFi, first, don't blindly "network" to prevent false WiFi fishing; Second, don't conduct online shopping and online banking operations to avoid personal information disclosure. "Some users are used to setting the WiFi switch on, which will lead to the automatic connection of the mobile phone, which is very risky." Chen Xiangling said.
Zhang Yi said that when users find that their accounts have been hijacked, they should cancel their accounts at the first time and then cancel WiFi. If you log off the network directly without logging off your account first, the cached network data will not be emptied, which will lead to hackers continuing to manipulate users.
Experts pointed out that the rapid development of public ***WiFi requires a corresponding regulatory system and the joint efforts of communication management departments, network operators, Internet companies and businesses. "From the current point of view, public ***WiFi security incidents are mostly individual cases, but this does not mean that large-scale public * * * network incidents will not happen." Zhang Yi said.
(Author: Tian Jianchuan)