Beware of sinister WiFi snoops

PETALING JAYA, Kuala Lumpur - Devices costing as low as RM47 (S$18) can hijack your home and office WiFi and broadband connection from as far as 1km away.

Worse, they also enable hackers to steal your personal data, including passwords for online transactions.

The Star found that the "WiFi hackers", also known as "WiFi adapters", were sold openly at gadget stores, supermarkets and digital malls as well as online.

An information technology specialist, who wanted to be known only as Thomas, said that a powerful device could hack WiFi connections as far as 1km away from the source.

"When the device is installed into a personal lap top or computer, its antenna would detect WiFi signals.

"It would then tap into nearby networks by hacking their passwords," he said.

Thomas, whose personal network had been tapped, said the "man-in-the-street WiFi pirate" would normally use the tapped WiFi connection to download stuff from the Internet like videos and movies.

Din, another IT expert, said the more sinister hackers would even steal personal data.

"There is a method called man-in-the-middle attack. This allows the hacker to 'sniff' even sites secured with https such as banking portals, e-mail and social media (Facebook, Twitter).

"What this means is that the safety net of encrypted data is no longer in place," he added.

Din revealed a far worse case scenario of a WiFi connection being hacked.

"If the hacker uses the connection from your broadband or WiFi account to hack a government or any website, the trail will lead back to you.

"You may then find yourself in trouble for an act that you neither committed nor had any knowledge of," he said.

Illegal to ride on another's WiFi connection

It is illegal to hack to hitch a ride on another person's WiFi connection, said the Malaysian Communications and Multimedia Commission.

Both the person using a WiFi hacking device and the supplier of such a device are liable under Sections 236 and 239 of the Malaysian Communication and Multimedia Commission Act 1998.

Section 236 states that a person who commits "fraud and related activity in connection with access devices" can upon conviction be liable to a fine not exceeding RM500,000 or to imprisonment for a term not exceeding five years or to both.

It also states that a person who produces, assembles, uses, imports, sells, supplies or lets for hire any hardware or software used to obtain unauthorised access to any network service, applications services or content applications service is committing an offence.

Section 239, meanwhile, governs the "unlawful use, possession or supply of non-standard equipment or device" and those found guilty are liable to a fine not exceeding RM100,00 or to imprisonment not exceeding two years or to both.

Sheikh Raffie Abdul Rahman, the adviser for MCMC's strategic communications department said products such as these were normally not locally manufactured.

"We suspect they are smuggled in or imported through false or dishonest Customs declaration.

"So far we have prosecuted three offenders in court last year and this year. All pleaded guilty and have been compounded by the Sessions Court in Kuala Lumpur, Shah Alam and Taiping," he added.

Sheikh Raffie, however, said that unlawful access of a computer system falls within the Computer Crimes Act 1997 and is under the jurisdiction of the police.

According to Cybersecurity Malaysia, software for hacking WiFi connections is easily available online.

(Cybersecurity Malaysia is the national cybersecurity specialist agency under the Science, Techno-logy and Innovation Ministry).

"(Affected) users will experience reduced network bandwidth performance and slower download speed," said its chief executive officer Dr Amirudin Abdul Wahab.

He advised users to set strong passwords for their networks, using a combination of alphabets, numbers and characters, with between eight to 16 characters.

"Also install antivirus software in your computer and keep it always updated with the latest signature files to detect and remove malware.

"You should also enable personal firewalls in your computer to block or filter malicious traffic into your computer," he said.

Meanwhile, a Telekom Malaysia Bhd (TM) spokesman said hacking into private networks was beyond the control of a service provider.

"It is an issue of personal privacy. All sorts of devices to hack into WiFi passwords are easily available. Users must protect themselves by using strong passwords and changing their passwords regularly," she said, adding that customers were also always reminded to change their passwords upon the first registration.

"Believe it or not, some people do not even change the default passwords given to them when they first register with us," she said.

Ways to check if you are a victim of WiFi hacking

One way of finding out if your WiFi has been hacked is to check if there is any unknown Internet Protocol address logging on to your Internet access.

An IP address is a code assigned to each device (for example, a laptop or mobile phone) connected to a network.

IT specialist Thomas said that if a WiFi connection is unusually slow, you should log on to the WiFi router port and go to the set-up page and check for any foreign IP address.

"You can always contact your Internet service providers and ask them for more information on how to do this," he said.

Fellow specialist Din said that another way of checking if your WiFi connection has been hacked would be to look for Media Access Control (MAC) addresses connected to your WiFi access point or router.

"A MAC address is a unique identity number of any device that can connect to the Internet, including PC, laptop, tablet and mobile phone. It is just like your unique identity card number.

"Your service providers can explain how to check on the MAC addresses connected to your WiFi or broadband. They can even guide you on how to restrict the number of devices that are allowed to be connected to your WiFi/Broadband," he added.