Home / Essay / Public Hacking: Problems and Solutions, Essay Example

Public Hacking: Problems and Solutions, Essay Example

Pages: 11

Words: 3159

In the past two decades the advent of the Internet, followed by the explosion in the development and use of personal communication and information devices, has changed the modern world immeasurably. From desktop computers to laptops to cell phones, smartphones, and tablets, these devices have become part of the everyday world for billions of people around the globe, and have redefined the way people do business and interact with each other in their professional and personal lives. With these changes, however, come some significant risks and dangers, as users of these devices often store and send sensitive personal data and information with them. As we transfer our lives into the digital realm, our cell phones, computers, and even our credit and debit cards become ripe targets for hackers eager to exploitany vulnerability. While many business and individuals make effortsto protect their home and business computers from hackers, they do not always take the same care when using digital devices on public networks or when setting password protection for credit cards and debit cards. This paper examines several of the key areas of vulnerability that are exploited by hackers, including the use of publicWiFi hotspots and networks and point-of-sale terminals where credit cards are used to make purchases. In addition to exploring issues related to the vulnerability of electronic devices and sensitive personal information, the paper will offer a number of suggestions about how users can protect themselves from being targeted by hackers.

Background and Overview

As recently as the late 20^th century the primary means of communication between people in different locations were so-called landline telephones and letters sent through the mail. The use of fax machines became popular and widespread in business sand even in personal use, but their use was largely limited to sending and receiving documents that had to be shared quickly. For interpersonal communication and conversation in public and private life, however, telephone technology remained widely popular and relatively unchanged for decades. By the late 1990s,as more and more people became aware of the capabilities of the Internet, email and other forms of electronic communication began to supplant the traditional forms of communication that had dominated the landscape for so long. By the early 20^thcentury the Internet became the backbone of a new world of digital communication, as business and private individuals developed websites and moved their lives into the digital realm.

One of the notable aspects of the Internet revolution was that millions of people began to conduct personal and professional financial business online. It became possible to do almost anything online that used to require a visit to the bank or writing checks, from depositing money to paying bills to simply checking account balances. As banks set up websites to serve as portals for their customers to access their account information, it became necessary for these customers to establish passwords and other credentials that would allow them to log in to these accounts while keeping others from doing the same. While these systems are intended to provide security and privacy for sensitive and personal information, they also mean that anyone who has these passwords cannot just see these accounts; they can also steal from them by withdrawing funds in cash, moving money to other accounts, or otherwise compromising the accounts. With this in mind, it has always been an imperative of the Internet age that customers establish secure, hard-to-crack passwords and that they also keep these passwords secret and protected.

Another significant vulnerability in the Internet age is the issue of “identity theft.” Identity thieves exploit some of the weak points of the current system, and take advantage of people who are not vigilant enough, to gain access to personal information that they then use to set up new accounts under the names of their targets. Once these accounts are established, identity thieves may apply for credit cards, open lines of credit, and otherwise use their false digital identities to steal money and even products and services under the names of their victims. Far too often these victims are unaware they have been targeted until it is too late, and the thieves have moved on to their next targets.

There are a number of ways that identity thieves can gain access to the information they need to establish these bogus accounts or to acquire sensitive personal and financial information. In some instances, hackers simply attempt to crack the passwords and credentials of victims, often by using software and other technology designed for this purpose. In other instances they look for weaknesses in the security systems of point-of-sale (POS) systems in retail business and other locations where credit cards are used. In such cases, thieves may not even need to establish new credit card accounts; they simply hack into these systems to access card numbers and personal identification numbers (PINs) of valid credit and debit cards. This information can be used to make online purchases, it can be used to open new accounts, and it can even be sold to other hackers and thieves who will exploit it for the purpose of setting up multiple false identities. While customers have less control over the security systems of retailers and other businesses than they do over their own electronic devices and credit cards, there are steps people can take to protect themselves against public hacking. The following section examines several of the key points of vulnerability exploited by public hackers.

Wireless Insecurity

While a full and thorough discussion about personal and professional IT security is beyond the scope of this discussion, there are several notable ways in which millions of people make themselves vulnerable to hacking when using computers, tablets, and cell phones in public. Even users who are vigilant about protecting their bank accounts and other sensitive information with passwords often leave themselves open to attack when using public wireless Internet connections, typically referred to as “WiFihotpsots.” These hotspots are not just convenient, but are in many cases necessary for users who are on the go, whether traveling for business, on vacation, or otherwise untethered from their work or home Internet connections. As people use the connectivity of the Internet for more and more aspects of their daily personal and professional lives, having access to the Internet at all times is increasingly important. WiFi hotspots make this possible, but they also come with significant risks.

By one estimate there were less than 200,000 public hotspots worldwide in 2006, though that number has grown exponentially since then (Chenoweth et al, 2010). It is now common for many businesses and public organizations to offer free WiFi access to customers, and cities around the world are even establishing free hotspots in parks and other public settings. As the Internet evolves from a useful curiosity to a necessity of modern life like electricity and running water, it is becoming increasingly important that access be easy and uninterrupted. Businesses see the advantage ion offering free WiFi as a means of attracting busy customers; if someone needs to access the Internet and cannot do it in one location, they may simply take their business elsewhere. With this explosion in convenience and access to public WiFi, however, comes a serious downside: such public WiFi networks rarely offer and security to users. There are typically no passwords or other credentials need to log on to a public WiFi network, which means that anyone and everyone who is logged on is potentially exposing themselves to the risk of being hacked, having their personal data accessed, or otherwise opening themselves up to a digital attack.

It is not just the threat to personal information that is associated with public hotpots. Another significant issue is that users whose devices are unprotected are at risk of picking up malicious viruses and other malware when connected to public networks. Not only can these viruses cause damage to users’ devices, they can also be carried to other networks. Many people now use their own devices for work and personal use, or use work-0issued devices in the same manner. It is one thing for a business’s IT department to protect its own in-house computers, or even devices issued to employees for other uses, when they are connected to the business networks. It is another matter entirely, however, when these devices are used elsewhere, and connected to multiple networks. It is possible, of course, for IT departments to install protective software and set up firewall on portable computers and communication devices, but far too often users circumvent those safety measures when connecting to other networks. According to Chenoweth et al (2010), many users are in a hurry to establish connections to public networks, and forego available security measure in the interest of time.

The problems are worst for personal devices, however; according to one study, the majority of people who use such networks to access the Internet with their personal devices never use any safety measures to protect their devices (Chenoweth et al, 2010). Along with the risk to their personal and private information, and to leaving themselves open to malicious viruses, they also place other networks at risk. Users may not even realize that their devices have been compromised, and when they connect these same devices to other networks they can carry the viruses with them and transmit them to these other networks. According to Chenoweth et al, “the insecure nature of wireless networks ingeneral and public hotspots inparticularis especially problematic given therapid increase in e-commerce.” E-commerce relies on the public perception that doing business online is generally safe and secure, and anything that poses a risk to that perception may have a negative effect on individual retailers and even the e-commerce sector in general (Chenoweth et al, 2010). Even if retailers take all available precautions on their end of a transaction, however, they cannot do anything about customers whose devices are unprotected on public networks.

Point of Sale Vulnerability

Wireless hotpots are not the only vulnerable areas for connection to public and private networks. In most e-commerce transactions, where a user makes a purchase or otherwise spends money online, the transaction is relatively secure via encryption and other systems. Where the purchaser is most vulnerable in such cases is when someone gains access to their credit card or other financial information by hacking their computer or other device, or by cracking their passwords and other credentials. On the retailer end, however, there are also vulnerabilities; despite their best security efforts, it is not uncommon to hear news reports that hackers have gained access to passwords and other sensitive information stored by companies, financial institutions, or other organizations. Between these two extremes, however, there is another area of vulnerability: the point of sale systems where customers swipe their credit or debit cards to make purchases. These POS systems can be hacked or compromised in a number of ways, and both customers and businesses must take steps to protect themselves.

The POS system has several primary components: the card itself, which has a magnetic stripe used to store sensitive information; the device in which credit and debit cards are swiped; the software and hardware in the store or other location that processes this information; the network connecting the POS device to the business’s computer systems and to the customer’s financial institution; and the computers at the other ends of those network connections that process the payments and authorize the transfer of funds from ban to business on behalf of the customer. Each of these parts can potentially be compromised, and hackers are eager to find new ways to exploit these vulnerabilities as new safety measures and protocols are put in place.

The most vulnerable point in the POS system is the software used onsite to process payments (Gomzin, 2014). This software, generally referred to as the payment application, is the first point in the network chain in which the information stored on a credit card is read, examined, and processed. In the majority of cases, businesses use some form of PC-based hardware and some version of Windows –based software for the payment application process (Gomzin, 2014). It is, in fact, not uncommon to see a desktop computer at cash register, though POS swiping devices can also be wired to a main computer stored in a back room or other secure area. Regardless of the physical location of the payment application computer, it is this hardware and software combination that leaves customers’ information most at risk.

The simplest and most direct way for hackers to access private information in the POS environment is to access it while it is being processed in the payment application computer. The most secure POS payment application systems are designed to only hold information long enough to process it, and once it is sent along the POS network is is no longer available on the computer. In theory, this means that a hacker who remotely accessed -or even physically stole- a computer would not be able to do much damage, as sensitive customer information would not be stored on the hard drive. This may be accurate, but there is another means by which hackers can access information: by remotely accessing a computer in real-time, as it is performing payment application processes. While most sizable business will have taken steps to secure their internal networks and POS systems from being breached in such a manner, there are innumerable smaller business and other organizations that either do not or cannot take such precautionary measures (Gomzin, 2014). Even when firewalls and other security measures are in place, it is still possible for hackers to circumvent them.

Once a hacker establishes a remote connection to a POS payment application system, it is possible to monitor every electronic transaction and record all the pertinent information, such as credit card numbers and PINs, as well as names, addresses, and any other information that is either stored on a customer’s card, kept in the computer records of the business, or accessed via the Internet by the payment application system. Even though the local business computer may not store a copy of a customer’s credit card number, the payment application process typically calls up a range of information about the customer from different sources and databanks, crosschecks all that information, and then allows the payment to go through. While all of this remote connecting and cross-checking may happen in the space of a second, that moment serves as a digital snapshot of a customer’s entire personal and financial profile, from bank account information to, in some cases, home address to age, occupation, and private phone number (Gomzin, 2014). A hacker who establishes a remote connection to a POS system can conceivably steal personal information from hundreds or thousands of people in a brief amount of time, and use that information to establish new identities or otherwise exploit the array of possibilities.

The Cloud and the Future of Wireless Security

A new area of vulnerability for the public has been gaining attention recently as high profile public figures have had their personal information hacked. The term “the cloud” is used to describe the use of offsite or off-device data storage, and the cloud is used both for personal and professional applications (Juels&Oprea, 2013). Individual users, for example, may sync their smartphones and tablets to a cloud storage system, and the data on their devices will be automatically backed up and stored in a remoter sever, freeing up space on the devices. Businesses use cloud storage in much the same way, by sending data and records to a remote storage system. In both instances users can take steps to protect their information by using passwords and other credentials, but those responsible for hosting and maintaining the cloud storage must also protect the systems. There have been a number of news stories in recent years about celebrities and other public figures whose cloud accounts have been hacked, and whose private photographs have been made available on the Internet.

Protecting Private Information on Public Networks

In each of the three main scenarios described in this paper, there are ways that the breaches could have potentially been prevented. This does not mean hackers will be stopped by every effort, but anything that makes it more difficult for someone to hack a device or a system may discourage the effort. The first scenario, in which a user connects to a public hotspot and leaves his or her device open to attack by hackers, is one of the most significant ways in which people can place their devices and their information at risk. It is also the scenario in which the potential risks can be the most easily circumvented. Regardless of the type of device being used, from a laptop to a table or cell phone, all users should download and install virus protection software or apps, and install a firewall whenever possible. Most public networks will not offer any encryption or other protection, but by simply installing some simple safety apps and software into their devices, users can protect themselves from attack (Chenoweth et al, 2010). With so many devices connected to so many public networks, a hacker is unlikely to waste time trying to breach a protected device, and will instead simply move on to those that are unprotected.

There are also ways to protect POS systems, and even the smallest businesses should use firewalls and all other available protection. It may present upfront costs for business, but these costs are small compared to the costs incurred if a hacker manages to breach the system and steal sensitive information (Gomzin, 2014). Customers can also protect themselves against these risks by simply changing their passwords and PINs regularly. This suggestion is also useful for accessing online accounts from home and work, as it will make it more difficult for hackers to breach accounts without having the appropriate PINs or log-in credentials. For users who count on cloud storage to back up personal information, it is also helpful to change passwords frequently (Juels&Oprea, 2013), though there is little that users can do if these accounts are not protected by the companies that operate them.

Conclusion

As the number of public hotspots grows, so too will the number of users. With this growth come increased security risks to users and to the networks that are exposed to viruses and malware. Other risks to public networks can be found in POS systems and even in the remote storage offered by cloud services. In most cases, however, users can take simple, effective steps to protect their devices and to alleviate potential threats. By installing simple apps or software, changing passwords frequently, and monitoring personal accounts diligently, most users could easily avoid having their devices hacked or otherwise exploited.

Works Cited

Chenoweth, T., Minch, R., & Tabor, S. (2010). Wireless insecurity: examining user security behavior on public networks. Communications Of The ACM, 53(2), 134–138.

Gomzin, S. (2014). Hacking Point of Sale : Payment Application Secrets, Threats, and Solutions (1st ed.). Hoboken, NJ: John Wiley & Sons, Incorporated.

Juels, A., &Oprea, A. (2013). New approaches to security and availability for cloud data. Communications Of The ACM, 56(2), 64–73.