Insider Threat: WiFi and cellular data extraction

The intricate details revolving around the security of personal and corporate accounts are often times not fully realized or understood and the measures to harden the security of a corporation are not done proactively but rather reactively. Account security can be compromised by something as simple as logging into an account from a public WAP (Wireless Access Point).

  • Threat-Public WAP: For those that access their private or corporate accounts via public WAP are running a very high risk of compromising their PII through an “evil twin” attack. An example of how quickly and easily one of these attacks can be mounted from a savvy data thief lying in wait at your local Starbucks, together: a device called WiFi Pineapple and a program called Karma can automate the creation of an “evil twin” access points and start collecting (your) data.
  • Threat-B.Y.O.D (Bring Your Own Device): Another [Insider] threat to any business is an employee’s smartphone being plugged into an office computer via USB. This can essentially initiate a cellular broadcast of the computers data.

A proactive approach to hardening corporate security will not eliminate ALL threats and anomalies, it will however greatly reduce incidents, problems, events, etc.

Comment here

This site uses Akismet to reduce spam. Learn how your comment data is processed.