The double whammy of the largest data breach in South Africa’s Internet history coupled with the announcement that the wireless communication protocol used by virtually all wireless access points (WAP) world-wide had been hacked is bad news for both consumers and business showing just how fragile our virtual world had become.
Pieter Erasmus, an IT security strategist who works in association with Moyo Business Advisory, said the upside of the revelation was that it would hopefully dispel the false sense of security that many Internet users had.
“The data breach that has made the most intimate details of the majority of South Africans available to the hacking community who can use it for identity fraud and a host of other nefarious activities is by far the most serious breach that has ever happened in this country.
“While the wealth of passwords that was revealed in the breach is perhaps one of the issues that can be fairly easily addressed by rapidly changing all passwords, stolen identity numbers and other personal information that cannot be changed presents a much bigger problem.
“We will be seeing identity fraud committed with this data making an appearance in the not too distant future and exactly how this is going to be addressed remains to be seem,” Erasmus said.
The issue of the vulnerability of the WPA2 communications protocol that had been hacked remained a problem because it was now possible for any hacker with a little bit of technical knowledge to fool a wireless network into believing that a hacked wireless access point (router) was legitimate and could gain full access to the network without a password.
“This will affect both private individuals who make use of Wi-Fi as well as the business community who have massively adopted the technology,” Erasmus said.
“Our biggest problem is that hardly any of the Wi-Fi router manufacturers have come up with patches for their equipment. As long as the protocol remains unchanged users will remain vulnerable,” Erasmus said.
Android smartphones are a major concern in South Africa, as manufacturers struggle to release standard OS updates for their flagship phones.
There were certain actions that Wi-Fi network users could take to provide a measure of protection.
These included:
- Installing the latest security updates as soon as become available.
- Firewalls and anti-virus software should be updated on a regular basis.
- Avoid wherever possible the use of public Wi-Fi networks such as coffee shops and airports.
- Avoid non-secure website and make use of HTTPS to connect to websites.
- Always use a secure app for banking and if possible, use a virtual private network (VPN).
- On PCs download operating system updates regularly. Microsoft is expected to make available a WPA2 update this week. It is unknown whether this will solve the problem as long as the WAP remains vulnerable.
Erasmus said even with security patches, users needed to be super vigilant.
“Even with the best software and hardware security in place, social engineering remains by far the biggest threat.
“Professional hackers are social engineers at heart and know exactly which buttons to push to get potential victims to open up to them providing the most sensitive information to them in the belief that they are speaking to a legitimate support person or departmental head.”
“Our job as cyber-security experts is to ensure that our clients are fully prepared to defend themselves against such attacks not only by ensuring that their software is up to date but also to protect themselves against social engineering scams that seeks to steal data and money from unwitting victims.
Professor SH (Basie) von Solms, Director of the Centre for Cyber Security in the Academy for Computer Science and Software Engineering at the University of Johannesburg, said many computer crimes and data breaches were swept under the carpet and could not be quantified in statistics.
“It may actually be more than the two to three billion rand a year figure that is commonly quoted for South Africa.”
By Pieter Erasmus, IT security strategist, Moyo Business Advisory
