Connect with us

Published

2 months ago

on

Over the years, travelers have repeatedly been warned to avoid public Wi-Fi in places like airports and coffee shops. Airport Wi-Fi, in particular, is known to be a hacker honeypot, due to what is typically relatively lax security. But even though many people know they should stay away from free Wi-Fi, it proves as irresistible to travelers as it is to hackers, who are now updating an old cybercrime tactic to take advantage.

An arrest in Australia over the summer set off alarm bells in the United States that cybercriminals are finding new ways to profit from what are called “evil twin” attacks. Also classified within a type of cybercrime called “Man in the Middle” attacks, evil twinning occurs when a hacker or hacking group sets up a fake Wi-Fi network, most often in public settings where many users can be expected to connect.

In this instance, an Australian man was charged with conducting a Wi-Fi attack on domestic flights and airports in Perth, Melbourne, and Adelaide. He allegedly set up a fake Wi-Fi network to steal email or social media credentials.

“As the general population becomes more accustomed to free Wi-Fi everywhere, you can expect evil twinning attacks to become more common,” said Matt Radolec, vice president of incident response and cloud operations at data security firm Varonis, adding that no one reads the terms and conditions or checks the URLs on free Wi-Fi.

“It’s almost a game to see how fast you can click “accept” and then ‘sign in’ or ‘connect.’ This is the ploy, especially when visiting a new location; a user might not even know what a legitimate site should look like when presented with a fake site,” Radolec said.

Today’s ‘evil twins’ can more easily hide

One of the dangers of today’s twinning attacks is that the technology is much easier to disguise. An evil twin can be a tiny device and can be tucked behind a display in a coffee shop, and the small device can have a significant impact.

“A device like this can serve up a compelling copy of a valid login page, which could invite unwary device users to enter their username and password, which would then be collected for future exploitation,” said Cincinnati-based IT consultant Brian Alcorn. 

The site doesn’t even have to actually log you in. “Once you’ve entered your information, the deed is done,” Alcorn said, adding that a harried, weary traveler probably would just think the airport Wi-Fi is having issues and not give it another thought.  

People who are not careful with passwords, such as use of pet’s names or favorite sports teams as their password for everything, are even more vulnerable to an evil twin attack. Alcorn says for individuals who reuse username and password combinations online, once the credentials are obtained they can be fed into AI, where its power can quickly give cybercriminals the key.

“You are susceptible to exploitation by someone with less than $500 in equipment and less skill than you might imagine,” Alcorn said. “The attacker just has to be motivated with basic IT skills.”

How to avoid becoming a victim of this cybercrime

When in public places, experts say it’s best to use alternatives to public WiFi networks.

“My favorite way to avoid evil twin attacks is to use your phone’s mobile hotspot if possible,” said Brian Callahan, Director of the Rensselaer Cybersecurity Collaboratory at Rensselaer Polytechnic Institute.

Users would be able to spot an attack if through a phone relying on its mobile data and sharing it via a mobile hotspot.

“You will know the name of that network since you made it, and you can put a strong password that only you know on it to connect,” Callahan said.

If a hotspot isn’t an option, a VPN can also provide some protection, Callahan said, as traffic should be encrypted to and from the VPN.

“So even if someone else can see the data, they can’t do anything about it,” he said.

Airport, airline internet security issues

At many airports, the responsibility for WiFi is outsourced and the airport itself has little if any involvement in safeguarding it. At Dallas Fort Worth International Airport, for example, Boingo is the Wi-Fi provider.

“The airport’s IT team does not have access to their systems, nor can we see usage and dashboards,” For said an airport spokesman. “The network is isolated from DAL’s systems as it is a separate standalone system with no direct connection to any of the City of Dallas’ networks or systems internally.” 

A spokeswoman for Boingo, which provides service to approximately 60 airports in North America, said it can identify rogue Wi-Fi access points through its network management. “The best way passengers can be protected is by using Passpoint, which uses encryption to automatically connect users to authenticated Wi-Fi for a safe online experience,” she said, adding that Boingo has offered Passpoint since 2012 to enhance Wi-Fi security and eliminate the risk of connecting to malicious hotspots.

Alcorn says evil twin attacks are “definitely” occurring with regularity in the United States, it’s just rare for someone to get caught because they are such stealth attacks.  And sometimes hackers use these attacks as a learning model. “Many evil twin attacks may be experimental by individuals with novice-to-intermediate skills just to see if they can do it and get away with it, even if they don’t use the collected information right away,” he said.

The surprise in Australia wasn’t the evil twinning attack itself, but the arrest.

“This incident isn’t unique, but it is unusual that the suspect was arrested,” said Aaron Walton, threat analyst at Expel, a managed services security company. “Generally, airlines are not equipped and prepared to handle or mediate hacking accusations. The typical lack of arrests and punitive action should motivate travelers to exercise caution with their own data, knowing what a tempting and usually unguarded -target it is — especially at the airport.”

In the Australian case, according to Australian Federal Police, dozens of people had their credentials stolen.

According to a press release from the AFP, “When people tried to connect their devices to the free WiFi networks, they were taken to a fake webpage requiring them to sign in using their email or social media logins. Those details were then allegedly saved to the man’s devices.”  

Once those credentials were harvested, they could be used to extract more information from the victims, including bank account information.

For hackers to be successful, they don’t have to dupe everyone. If they can persuade only a handful of people – statistically easy to do when thousands of harried and hurried people are milling around an airport – they will succeed.

“We expect WI-Fi to be everywhere. When you go to a hotel, or an airport, or a coffee shop, or even just out and about, we expect there to be Wi-Fi and often freely available WI-FI,” Callahan said. “After all, what’s yet another network name in the long list when you’re at an airport? An attacker doesn’t need everyone to connect to their evil twin, only some people who go on to put credentials into websites that can be stolen.”

The next time you’re at the airport, the only way to be 100% sure you’re safe is to bring your own Wi-Fi.

Related Topics:
Continue Reading

Technology

Indonesia wants Apple to sweeten its $100 million proposal as tech giant lobbies for iPhone 16 sales

Published

3 hours ago

on

November 22, 2024

By

Indonesia wants Apple to sweeten its 0 million proposal as tech giant lobbies for iPhone 16 sales

An iPhone 16 signage is seen on the window at the Fifth Avenue Apple Store on new products launch day on September 20, 2024 in New York City. 

Michael M. Santiago | Getty Images News | Getty Images

The Indonesian government expects Apple to increase its proposed $100 million investment into the country, according to state media, as the iPhone maker seeks clearance from Jakarta to sell its latest phones.

The American tech giant’s latest smartphone model doesn’t meet Indonesia’s 40% domestic content requirements for smartphones and tablets and hasn’t been granted clearance to be sold in the country. 

The purpose of the ban is to protect local industry and jobs, with officials asking Apple to increase its investments and commitments to the economy in order to gain greater access. 

According to a report from Indonesian state media, the country’s Ministry of Industry met with representatives from Apple on Thursday regarding its proposal to invest $100 million over two years. 

The funds would go toward a research and development center program and professional development academy in the country, as per the report.

The company also plans to produce accessory product components, specifically mesh for Apple’s AirPods Max, starting in July 2025, it added.

Apple didn’t immediately respond to a request for comment from CNBC.

While the new offer is 10 times larger than a proposal that was reported earlier, the government is still striving to sweeten the deal to get a “fair” commitment.

“From the government’s perspective, of course, we want this investment to be larger,” industry ministry spokesperson Febri Hendri Antoni Arif told state media on Thursday.

He said that a larger investment would help the development of Indonesia’s manufacturing sector, adding that its domestic industry was capable of supporting production of Apple devices such as chargers and accessories.

While Indonesia represents a small market for Apple, it also offers growth opportunities as it has the world’s fourth-largest population, according to Le Xuan Chiew, a Canalys analyst focusing on Apple strategy research.

“Its young, tech-savvy population with growing digital literacy aligns with Apple’s strategy to expand [global sales],” he said, noting that it also offers potential for manufacturing and assembly that supports Apple’s efforts to diversify its supply chain. 

Success in this market requires a long-term approach, and Apple’s investment offer demonstrates a commitment to complying with local regulations and paving the way for future growth, he added.

Continue Reading

Technology

Intuit shares drop as quarterly forecast misses estimates due to delayed revenue

Published

12 hours ago

on

November 21, 2024

By

Intuit shares drop as quarterly forecast misses estimates due to delayed revenue

Intuit CEO Sasan Goodarzi speaks at the opening night of the Intuit Dome in Los Angeles on Aug. 15, 2024.

Rodin Eckenroth | Filmmagic | Getty Images

Intuit shares fell 6% in extended trading Thursday after the finance software maker issued a revenue forecast for the current quarter that trailed analysts’ estimates due to some sales being delayed.

Here’s how the company performed in comparison with LSEG consensus:

  • Earnings per share: $2.50 adjusted vs. $2.35 expected
  • Revenue: $3.28 billion vs. $3.14 billion

Revenue increased 10% year over year in the quarter, which ended Oct. 31, according to a statement. Net income fell to $197 million, or 70 cents per share, from $241 million, or 85 cents per share, a year ago.

While results for the fiscal first quarter topped estimates, second-quarter guidance was light. Intuit said it anticipates a single-digit decline in revenue from the consumer segment because of promotional changes for the TurboTax desktop software in retail environments. While that will affect revenue timing, it won’t have any impact on the full 2025 fiscal year.

Intuit called for second-quarter earnings of $2.55 to $2.61 per share, with $3.81 billion to $3.85 billion in revenue. The consensus from LSEG was $3.20 per share and $3.87 billion in revenue.

For the full year, Intuit expects $19.16 to $19.36 in adjusted earnings per share on $18.16 billion to $18.35 billion in revenue. That implies revenue growth of between 12% and 13%. Analysts polled by LSEG were looking for $19.33 in adjusted earnings per share and $18.26 billion in revenue.

Revenue from Intuit’s global business solutions group came in at $2.5 billion in the first quarter. The figure was up 9% and in line with estimates, according to StreetAccount. Formerly known as the small business and self-employed segment, the group includes Mailchimp, QuickBooks, small business financing and merchant payment processing.

“We are seeing good progress serving mid-market customers in MailChimp, but are seeing higher churn from smaller customers,” Sandeep Aujla, Intuit’s finance chief, said on a conference call with analysts. “We are addressing this by making product enhancements and driving feature discoverability and adoption to improve first-time use and customer retention.”

Better outcomes are a few quarters away, Aujla said.

CreditKarma revenue came in at $524 million, above StreetAccount’s $430 million consensus.

At Thursday’s close, Intuit shares were up about 9% so far in 2024, while the S&P 500 has gained almost 25% in the same period.

On Tuesday Intuit shares slipped 5% after The Washington Post said President-elect Donald Trump’s proposed “Department of Government Efficiency” had discussed developing a mobile app for federal income tax filing. But a mobile app for submitting returns from Intuit is “already available to all Americans,” CEO Sasan Goodarzi told CNBC’s Jon Fortt.

Goodarzi said on CNBC that he’s personally communicating with leaders of the incoming presidential administration.

On the earnings call, Goodarzi sounded optimistic about the economy.

“Our belief, which is not baked into our guidance, is that we will see an improved environment as we look ahead in 2025, particularly just with some of the things that I mentioned earlier around just interest rates, jobs, the regulatory environment,” he said. “These things have a real burden on businesses. And we believe that a better future is to come.”

WATCH: H&R Block, Intuit shares fall after report Trump administration is considering a free tax-filing app

H&R Block, Intuit shares fall after report Trump admin considering a free tax-filing app

Continue Reading

Technology

Bluesky CEO Jay Graber says X rival is ‘billionaire proof’

Published

15 hours ago

on

November 21, 2024

By

Bluesky CEO Jay Graber says X rival is 'billionaire proof'

Bluesky has surged in popularity since the presidential election earlier this month, suddenly becoming a competitor to Elon Musk’s X and Meta’s Threads. But CEO Jay Graber has some cautionary words for potential acquirers: Bluesky is “billionaire proof.”

In an interview on Thursday with CNBC’s “Money Movers,” Graber said Bluesky’s open design is intended to give users the option of leaving the service with all of their followers, which could thwart potential acquisition efforts.

“The billionaire proof is in the way everything is designed, and so if someone bought or if the Bluesky company went down, everything is open source,” Graber said. “What happened to Twitter couldn’t happen to us in the same ways, because you would always have the option to immediately move without having to start over.”

Graber was referring to the way millions of users left Twitter, now X, after Musk purchased the company in 2022. Bluesky now has over 21 million users, still dwarfed by X and Threads, which Facebook’s parent debuted in July 2023.

X and Meta didn’t immediately respond to requests for comment.

Threads has roughly 275 million monthly users, Meta CEO Mark Zuckerberg said in October. Although Musk said in May that X has 600 million monthly users, market intelligence firm Sensor Tower estimates 318 million monthly users as of October.

Bluesky was created in 2019 as an internal Twitter project during Jack Dorsey’s second stint as CEO, and became an independent public benefit corporation in 2022. In May of this year, Dorsey said he is no longer a member of Bluesky’s board.

“In 2019, Jack had a vision for something better for social media, and so that’s why he chose me to build this, and we’re really thankful for him for setting this up, and we’ve continued to carry this out,” said Graber, who previously founded Happening, a social network focused on events. “We’re building an open-source social network that anyone can take into their own hands and build on, and it’s something that is radically different from anything that’s been done in social media before. Nobody’s been this open, this transparent and put this much control in the users hands.”

Part of Bluesky’s business plan involves offering subscriptions that would let users access special features, Graber noted. She also said that Bluesky will add more services for third-party coders as part of the startup’s “developer ecosystem.”

Graber said Bluesky has ruled out the possibility of letting advertisers send algorithmically recommended ads to users.

“There’s a lot on the road map, and I’ll tell you what we’re not going to do for monetization,” Graber said. “We’re not going to build an algorithm that just shoves ads at you, locking users in. That’s not our model.”

Bluesky has previously experienced major growth spurts. In September, it added 2 million users following X’s suspension in Brazil over content moderation policy violations in the country and related legal matters.

In October, Bluesky announced that it raised $15 million in a funding round led by Blockchain Capital. The company has raised a total of $36 million, according to Pitchbook.

Continue Reading

Trending