Mobile Security Best Practices

So, what really is the risk of public Wifi anyway? I got this question after my post yesterday about public WiFi and security risks. 🔹 First, the risks. The video I have attached here demonstrates an Evil Twin attack, where a hacker sets up their own WiFi network that matches the name of a legitimate network in the area. Unsuspecting victims are likely to connect to the Evil Twin network instead - sometimes even automatically. At that point, the hacker can sniff their traffic (easily reading unencrypted traffic and just tracking encrypted traffic) or use various login prompts and links to try and get the connecting users' credentials to various services. Another risk is an attacker gaining control of the legitimate WiFi network by, for example, exploiting an unpatched vulnerability and identifying the administrator login (using default credentials, brute force, etc.). These are legitimate attacks that hackers have demonstrated in the real world countless times - check any Black Hat or DefCon presentation list. 🔹 So, how concerned do I really have to be? About as concerned as you would be for Stranger Danger. The rule we generally tell kids is "don't talk to strangers". Is that because every stranger is evil? No of course not. But, the impact of meeting an evil stranger could be catastrophic, so until we get to know the person better, we keep our guards up. The same goes for public WiFi networks. Most of the time (probably 99% of the time), your public WiFi networks will be just fine. But, connecting to a rogue or hacked network could be catastrophic. 🔹 So, what can I do? Practice basic security principles: ▪ Don't connect to a public WiFi if you don't need to. ▪ If you do connect, be very careful with prompts for personal information or passwords. Look for the domain name and the secure padlock. Make sure you understand why you are being asked for the information (no legitimate WiFi network connects through your Facebook account). ▪ Only use websites that are secured with HTTPS (secure padlock again). ▪ Don't do business or anything sensitive on a public WiFi ▪ Use a VPN What other risks have I missed or suggestions for protecting yourself do you have? Let me know! #security #cybersecurity #wifi #publicwifi #penetrationtesting #hacking #wirelessnetworking https://lnkd.in/geBvxt9Z

As I've been writing my new book The Invisible Threat, I have been detailing examples of the need to continually assess our cybersecurity. Some years ago I looked at a case where a criminal set up an evil twin Wi-Fi router near a Starbucks and harvested the information of everyone that connected. But this story has my eyes raised! Imagine this: Sarah, a frequent traveler, connects to what she believes is the in-flight Wi-Fi to check her emails. Unbeknownst to her, a cybercriminal a few rows behind has set up an evil twin network, mimicking the airline's legitimate Wi-Fi. As Sarah logs in, the cybercriminal intercepts her data, gaining access to her personal information inflight. This actually happened! Earlier this month, Australian Federal Police arrested a man for executing such evil twin Wi-Fi attacks on multiple domestic flights and at airports in Adelaide, Melbourne, and Perth. The suspect allegedly created fake Wi-Fi networks, prompting passengers to log in with their email or social media credentials to harvest their logins for these accounts. How to protect yourself! *Avoid Logging In: Free Wi-Fi should not require email or social media logins. *Use a VPN: Encrypts your data and secures your connection. *Disable File Sharing: Prevent unauthorized access to your device. *Forget Networks: Manually forget public networks after use to avoid auto-reconnections. Stay vigilant in public places and always remember to assess your security. Nothing is ever free. Please Share this post to spread awareness! #CyberSecurity #WiFiSafety #TravelTips #DigitalSafety #TechNews

During a recent hotel stay, curiosity led me to ask for the Wi-Fi credentials. Out of habit, I inspected the network setup and accessed the main router's web page (default gateway). Shockingly, the admin panel was unprotected by a strong password, and the firmware hadn’t been updated in years! Over 25 devices were connected to this network, exposing guests to significant risks like unauthorized access or data interception. Mitigation Recommendations: 1️⃣ Always set strong, unique admin passwords for routers. 2️⃣ Regularly update router firmware to patch vulnerabilities. 3️⃣ Disable remote admin access if not needed. 4️⃣ Use guest Wi-Fi networks to isolate client traffic. This situation underscores how critical even basic cybersecurity measures are—whether at home, in offices, or in public spaces. 🌐 Stay secure, stay updated! #CyberSecurity #NetworkSecurity #WiFiRisks

🛜 Fake WiFi isn’t just theory I acknowledge there are mixed messages on the dangers of trusting free WiFi. Some say there are 100 other things to worry about first, others say never use public WiFi at all, then some would argue VPNs and app-level encryption mitigate most of the risk. However common or uncommon these attacks might be, there are still victims. This case is a reminder - a man has been jailed after running fake airport and in-flight WiFi networks to steal credentials, access private accounts and obtain intimate material. The method was as old-school as it gets but still worked: 👉 He set up a portable wireless access device (a WiFi Pineapple) to listen for device probe requests at Perth, Melbourne and Adelaide airports, plus onboard domestic flights 👉 When a device searched for a known network, it instantly created a matching one with the same name 👉 Devices connected automatically, thinking it was trusted and safe 👉 Victims were taken to a fake login page and asked to “sign in” using email or social accounts 👉 Those credentials were captured and stored on his device 👉 He used those stolen credentials to unlawfully accessed online accounts of multiple women, monitoring communications and stealing intimate photos and videos Worth remembering as we keep balancing convenience and risk. 📰 Australian Federal Police: https://lnkd.in/gNaA7t8p 📰 Security Affairs: https://lnkd.in/g7D4aQ9F 📰 Australian Broadcasting Corporation (ABC): https://lnkd.in/gndxT7eT 📰 iTnews: https://lnkd.in/g7nkjT3x #cyber #CISO #wifi

Day 22/31 October Cybersecurity Awareness Month 🔓 The Hidden Dangers of Public Wi-Fi: Stay Protected! 🔓 Public Wi-Fi networks at cafes, airports, and other public places are incredibly convenient, but they can also be a hotspot for cybercriminals looking to steal your personal information. Before you connect, consider the risks: 1️⃣ Man-in-the-middle attacks: Hackers can intercept data sent over unsecured networks, allowing them to steal your passwords, emails, or even banking details. 2️⃣ Fake Wi-Fi hotspots: Cybercriminals often set up malicious hotspots with names similar to trusted networks, tricking users into connecting and unknowingly giving them access to your device. 3️⃣ Unencrypted data: Without proper encryption, anything you do on public Wi-Fi can potentially be monitored by others on the network. Here’s how to protect yourself: 1. Use a VPN: Virtual Private Networks (VPNs) encrypt your internet traffic, making it much harder for hackers to access your data. 2. Limit sensitive activities: Avoid logging into banking, work accounts, or entering any personal information on public networks. 3. Disable automatic connections: Turn off automatic Wi-Fi connections on your devices to prevent joining risky networks unknowingly. 4. Turn off file sharing: Ensure file sharing and Bluetooth are turned off while using public Wi-Fi to reduce your attack surface. 5. Use HTTPS: Ensure websites you visit use HTTPS, which adds an additional layer of encryption. Public Wi-Fi can be risky, but with the right precautions, you can protect your personal and professional data from cyber threats. Stay safe, stay smart! #cybersecurity #informationsecurity #informationtechnology

🚨 Would you use free Wi-Fi? 🚨 I’m here in front of the New York Public Library in Manhattan, where they’re offering free Wi-Fi. Sounds convenient, right? But can you really trust it? 🛑 Here’s what you need to know: That free, open hotspot with no password? It’s unencrypted, which means cybercriminals can intercept your data and steal your information without you even knowing it. Scary, right? 😬 💡 So, what can you do? 📱 Use your phone's bandwidth—it’s much safer than public Wi-Fi. 🔐 No signal? Walk a block or two for a stronger connection. 🛡️ Or, protect yourself with a VPN (Virtual Private Network), which encrypts your data while it’s in transit and keeps it safe. Let me tell you about a case I handled during my time with the Federal Bureau of Investigation (FBI): An individual logged into free hotel #WiFi at a very reputable hotel chain. A cybercriminal set up an evil hotspot and was able to gain access to their email account. This led to a significant financial loss for the victim—just because they trusted an open Wi-Fi network. Don’t take the risk—a few simple steps can make all the difference. 👍 If you found this helpful, follow me for more tips on staying safe in this digital world! 🧠🔒 #CyberSecureMindset #FreeWiFi #StaySafe #DigitalSafety #CyberSecurity #Manhattan #PublicWiFi #VPN #Privacy #NYC

While staying at a reputable 𝐡𝐨𝐭𝐞𝐥 𝐢𝐧 𝐃𝐮𝐛𝐚𝐢, I ran a routine check on the guest 𝐖𝐢-𝐅𝐢, which is a habit I’ve built when connecting to public networks. Here’s what stood out: - ipconfig /all showed 𝐦𝐮𝐥𝐭𝐢𝐩𝐥𝐞 𝐃𝐍𝐒 𝐞𝐧𝐭𝐫𝐢𝐞𝐬, including one I didn’t recognize - The assigned DNS was 𝐨𝐮𝐭𝐬𝐢𝐝𝐞 𝐭𝐡𝐞 𝐡𝐨𝐭𝐞𝐥’𝐬 𝐈𝐏 𝐫𝐚𝐧𝐠𝐞 𝐚𝐧𝐝 𝐧𝐨𝐭 𝐥𝐢𝐧𝐤𝐞𝐝 𝐭𝐨 𝐚𝐧𝐲 𝐩𝐮𝐛𝐥𝐢𝐜 𝐫𝐞𝐬𝐨𝐥𝐯𝐞𝐫 - Abuse databases had previously flagged it for 𝐩𝐡𝐢𝐬𝐡𝐢𝐧𝐠, 𝐩𝐨𝐫𝐭 𝐬𝐜𝐚𝐧𝐬, 𝐚𝐧𝐝 𝐃𝐍𝐒 𝐜𝐨𝐦𝐩𝐫𝐨𝐦𝐢𝐬𝐞 - I then ran 𝐧𝐞𝐭𝐬𝐭𝐚𝐭 -𝐚𝐧𝐨, and found active connections to remote IPs I didn’t initiate and upon manual inspection, some resolved to 𝐬𝐮𝐬𝐩𝐢𝐜𝐢𝐨𝐮𝐬 𝐢𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 => With no IT staff available for validation, 𝐈 𝐛𝐥𝐨𝐜𝐤𝐞𝐝 𝐭𝐡𝐞 𝐃𝐍𝐒 𝐈𝐏 𝐥𝐨𝐜𝐚𝐥𝐥𝐲 𝐚𝐧𝐝 𝐬𝐰𝐢𝐭𝐜𝐡𝐞𝐝 𝐭𝐨 𝐚 𝐭𝐫𝐮𝐬𝐭𝐞𝐝 𝐨𝐧𝐞. ## Key reminder: You don’t need to be a hacker to practice digital hygiene, If you are in a situation where you have to connect to public Wi-Fi: - 𝐔𝐬𝐞 𝐚 𝐕𝐏𝐍 - 𝐑𝐞𝐯𝐢𝐞𝐰 𝐲𝐨𝐮𝐫 𝐃𝐍𝐒 𝐚𝐧𝐝 𝐧𝐞𝐭𝐰𝐨𝐫𝐤 𝐭𝐫𝐚𝐟𝐟𝐢𝐜 - 𝐃𝐨𝐧’𝐭 𝐚𝐬𝐬𝐮𝐦𝐞 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐣𝐮𝐬𝐭 𝐛𝐞𝐜𝐚𝐮𝐬𝐞 𝐲𝐨𝐮 𝐬𝐞𝐞 𝐚 𝐩𝐨𝐥𝐢𝐬𝐡𝐞𝐝 𝐛𝐫𝐚𝐧𝐝 Cybersecurity isn’t paranoia - it’s a habit! #CyberSecurityAwareness #DNSHijacking #PublicWiFi

Critical Warning for Travelers: Turn Off This WiFi Setting on Your Phone Now ⸻ Introduction: Public WiFi Isn’t Always the Danger—Your Phone’s Settings Might Be Cybersecurity experts are once again sounding the alarm—not about public WiFi itself, but about a dangerous default setting on smartphones that can quietly expose you to hackers. Whether you use an iPhone or Android device, the real threat lies in auto-connecting to WiFi networks without your consent. During travel, when vigilance is low and hotspots are everywhere, this setting could turn your phone into a serious liability. ⸻ Key Security Insights and Warnings The Setting to Avoid: Auto-Join WiFi Networks • Most smartphones are set by default to automatically connect to known or open WiFi networks. • This convenience can be exploited by attackers who set up malicious hotspots with familiar names (e.g., “Starbucks_WiFi” or “Airport_Free_WiFi”). • Once connected, your device may: • Leak data over unencrypted connections • Be tricked into connecting to a fake site for login or malware download • Expose sensitive activity to nearby snoopers Zimperium and NSA Sound the Alarm • Security researchers at Zimperium warn that auto-connecting is especially risky when traveling. • Even the NSA has advised users to disable automatic connections to public networks, calling the setting a real-world risk. FTC Guidance Adds Nuance • The Federal Trade Commission (FTC) says public WiFi is usually safe if you’re using encrypted apps and HTTPS websites. • However, the agency also notes that captive portals, like those found in hotels and airports, may be deceptive and gather too much personal info. • The best practice remains to disable auto-connect and manually join only verified, trusted networks. How to Protect Yourself • Turn off auto-join or auto-connect features in your phone’s WiFi settings: • On iPhone: Go to Settings > Wi-Fi > (network name) > Auto-Join → Toggle off. • On Android: Navigate to Settings > Network & Internet > Wi-Fi > Wi-Fi preferences → Disable “Connect to open networks.” • Avoid sensitive transactions over public WiFi without a VPN. • Never download apps or updates over open networks. • Use two-factor authentication to add an extra layer of protection to critical accounts. ⸻ Why This Matters: A Simple Fix That Can Prevent a Major Breach In a world increasingly reliant on mobile connectivity, small oversights can lead to big problems. Auto-joining public WiFi networks opens the door to man-in-the-middle attacks, data interception, and phishing scams—especially in airports, hotels, and cafés. Disabling this single setting is a quick, powerful step to safeguard your data and privacy. Stay in control of your connections, and stay secure—wherever you are. https://lnkd.in/gEmHdXZy

Most people connect to Wi-Fi without thinking twice. That’s exactly what makes the Wi-Fi Pineapple such an effective attack platform. 🍍⚠️ The Wi-Fi Pineapple is a wireless auditing and penetration testing device designed to demonstrate how easily attackers can exploit trusted wireless behavior. Originally built for security professionals and red teams, it can be used to perform rogue access point attacks, credential harvesting, traffic interception, and man-in-the-middle attacks against unsuspecting users. And the dangerous part? Most victims never realize they connected to the wrong network. Here’s how it works: A Wi-Fi Pineapple can impersonate legitimate wireless networks by exploiting how devices automatically reconnect to familiar SSIDs. If your phone or laptop is searching for “Airport WiFi,” “Starbucks,” or a corporate guest network, the device can mimic that network name and trick users into connecting automatically. Once connected, attackers may be able to: 🔹 Intercept unencrypted traffic 🔹 Capture login credentials 🔹 Redirect users to malicious websites 🔹 Launch phishing portals 🔹 Monitor browsing activity 🔹 Perform man-in-the-middle attacks This is why public Wi-Fi remains one of the most underestimated cybersecurity risks. The Wi-Fi Pineapple highlights a major reality in cybersecurity: Convenience often overrides security awareness. Key protections every organization and individual should implement: ✅ Avoid connecting to unknown or open Wi-Fi networks ✅ Disable automatic Wi-Fi connection settings ✅ Use VPNs on public networks ✅ Enforce HTTPS-only browsing policies ✅ Train employees to verify legitimate SSIDs ✅ Implement network monitoring and rogue AP detection The biggest cybersecurity threats are often the ones users trust the most. Not every attack begins with malware. Sometimes it starts with a Wi-Fi signal that looks completely normal. #CyberSecurity #InfoSec #WiFiSecurity #EthicalHacking #RedTeam #NetworkSecurity #CyberAwareness #PenTesting #CyberDefense #Technology