Christian Gunning (Europe) - Let the (Hacking) Games Begin: Reducing the Risk of Cyber Attack on Wi-Fi Networks During the Olympics

This blog post looks at what both operators and users can do to reduce the risk of attack on Wi-Fi networks during the 2012 Olympics.

All of the pundits agree: the 2012 London Olympics are set to be the most connected and social in history. An estimated five million visitors are expected to attend the games, and most are expected to be toting their smartphones, tablets and other mobile devices.

Though the city has prepared for this mobile onslaught by adding thousands of hotspots in the London area and Olympic Park and increasing overall bandwidth available for mobile networks, LOCOG still expects demand for bandwidth to outpace availability, resulting in slow and potentially unavailable networks, pushing many mobile users to the nearest usable hotspot.

The influx of connection-hungry visitors, skyrocketing mobile traffic and new hotspots means one thing for hackers: the Olympics are a golden opportunity for exploitation and data capture.

Crafty data thieves can set up “evil twin” access points that look like the real thing but are really man-in-the-middle attacks on end users that funnel all traffic through a computer that is capturing personal data being sent online. Even the laziest hackers can use tools like Firesheep for one-click access to a user’s personal info on commerce and social networking sites allowing nefarious characters to sidejack user sessions. More aggressive hackers can even take up residence on a busy public Wi-Fi network to install malware to scan for private information.

Keeping data secure during a high-traffic event is the responsibility of both the network operator and mobile device users. A well-managed network can mitigate threats to users, and users can surf smart by taking just a few simple steps.

What Operators Can Do to Reduce Risk

•    Disable peer-to-peer traffic: Disabling LAN-based peer-to-peer traffic can prevent hacker snooping of local resources, as well as malicious or inadvertent communication between users. It can also prevent hackers from using manual or automated probes and worms from spreading. By focusing on the local network, there is no impact on WAN-based peer-to-peer technologies like Skype or IM, and it has the added benefit of crippling simple tools like Firesheep.

•    Block incoming connections: Using a network firewall to prevent arbitrary incoming connections can help prevent users from being exposed to hackers probing for weaknesses.

•    Monitor for rogue access points: Managed network providers can prevent “evil twin” networks from cropping up by monitoring for unauthorized access points that try to come online using the designated network identifiers. Network providers can use a denial-of-service counterattack to move users who have unwittingly signed on to an evil twin network back onto the legitimate network and shut down the exploit before it starts.

Steps Users Can Take to Stay Secure

•    Use a VPN: Mobile users who are in hurry to share a final score or a photo, and who are used to using protected connections at work and at home, can easily forget this simple preventative measure. Securing all connections on public networks via VPN will encrypt all user communications – indeed this can thwart both man-in-the-middle and Firesheep attacks, among others. Many personal VPN services are available for a small fee, while others, like Boingo’s Secure VPN for iOS devices , are available free for customers. 

•    Secure connections: Most popular services – like Twitter, Facebook and Gmail – can be configured to connect using a secure method. Five key letters to remember when logging on to a website on a public network: HTTPS. Beyond configuring each of your key web services to default to SSL-encrypted sessions, you can also use third party browser extensions like HTTPS Everywhere from the EFF to force SSL when it’s available.

•    Update passwords: Users can improve their odds of staying secure by creating complex temporary trip passwords and changing them every few days while traveling.

•    Surf smart: Though checking the bank balance might be a top to-do at the Games, users should avoid logging into financial, healthcare or other personal sites on public networks, period.

•    Use a trusted Wi-Fi provider: If possible, users should try to connect to a network managed by a trusted Wi-Fi provider. BT is the official communications provider for the Olympics, with hotspots deployed in and around London and Olympic venues, and has agreements with companies like O2, Boingo and Tesco Mobile to allow their customers to roam onto their networks. Mobile users should check to see where their provider has hotspots in the area, or for the venue’s official Wi-Fi SSID, before they head to the Games for the day.

Though data traffic and social engagement during the Games is sure to be overwhelming, hotspot operators and mobile users can reduce their risk by staying aware and taking these necessary precautions.

By Christian Gunning, vice president of corporate communication, Boingo Wireless