Six iPhones, four iPads, seven
Android devices, one Chromebook,
three Macintosh devices and ten
Windows devices (I assume these
are the laptops I see when I look
around) respond to my query.
This act of “calling” every device
that is connected to the wireless
network is referred to as ‘
enumeration’, and since I am a hacker, I know
how to do it.
Harvesting Your Email
My goal is to gather the email addresses – and possibly other data –
from the devices on this “free” network.
I collect 2,400 email addresses
by polling the 31 devices identified
above. I do this by sitting anonymously at a table in the restaurant
and pushing a couple of pre-programmed buttons that launch
my ‘attack vectors’. These addresses will be sold to my “clients” who
in turn use those addresses for further attacks, spam messaging and
I do this daily. I have programmed
many of my ‘attack vectors’ to function automatically when I visit my
favorite hot spots, so I just relax and
have lunch, a coffee or whatever
while I am there.
Watching Every Move You Make
I may be able to collect the photos
on your device, or install a ‘bot’
(robot) that will allow me to monitor what you are doing. I can collect
keystrokes that you are typing, turn
on your camera or monitor your
If you type in a web address like
“ bankofamerica.com”, my ‘script’ –
which recognizes keywords including all common banks and email
providers – wakes up and records
the next 200 keystrokes you type.
Those characters almost always
contain your user name and password. The script will then send me
all of the data it collects from the
thousands of compromised devices
I have connectivity to.
Gathering Your Data
My process is about mass access,
not precision. Every connection I
make does not get me paid, but the
thousands of connections I make do
How Can You Stop Me?
The first and easiest way: Don’t use
public Wi-Fi. Ever. Free is a relative
term. In this case, ‘free’ puts you in
the exact place that leaves your
devices vulnerable. For your phone,
don’t connect to Wi-Fi networks.
Best bet is to disable Wi-Fi on your
For your other devices, buy a data
plan for your mobile phone and use
your device as a wireless hot spot
for your other devices. If you don’t
have a smart phone, buy a portable
hot spot to achieve the same
purpose. Make sure your Wi-Fi is
password protected and you’ll have
your own private mobile network,
keeping your devices secure. It is
possible to hack such devices, but
it is much more work than simply
tapping into the public Wi-Fi.
Should You Use Wi-Fi?
If you decide to use Wi-Fi, do not allow it to auto connect. Many people
auto connect to multiple locations
every day: at your favorite restaurant, coffee shop, car service shop,
airport, hotel and more. Often your
device is not even used; it is simply
connecting to the Wi-Fi network
because it is set to automatically
do so. These automatic connections
make your device vulnerable.
Now that you have an idea of what
hackers are capable of and how they
operate, you will know some precautions to take in order to prevent
the worst from happening to you.
I walk into a restaurant, could be any restaurant; assume it is your
favorite one, with free Wi-Fi.
It’s busy. Good for me.
I connect to the Wi-Fi hotspot, but instead of checking my email,
I call every device that is connected to the wireless network.
KARL EPPS, ENCE, CHFI EPPS FORENSIC CONSULTING PLLC
Karl Epps is an EnCase Certified Examiner (EnCE); Certified Computer
Forensic Examiner (CCFE); Certified Hacking Forensic Investigator (CHFI)
and Cellebrite Certified for cellular examinations. He is currently preparing
for the Certified Ethical Hacker (CEH) and Certified Penetration Tester
Confessions of a Serial Hacker
13880 N. Northsight Blvd., Suite 115, Scottsdale, AZ 85260