Forewarned means armed: What cyber threats await in public places

[Father]

You can face cyber threats not only when working at an office computer or downloading pirated games on your home laptop. Sometimes cybercriminals act in the most unexpected places — in shopping centers, public catering establishments, airports or hotels. Some threats are quite common, while others are almost non-existent due to implementation costs that exceed the possible benefit for an attacker. However, if you know where the threat may be waiting, the chance of not becoming a victim of fraudsters increases.

Public Wi-Fi networks​

Open networks in the metro, cafes, hotels and other public places carry several threats at once. They can be used by hackers to steal money and confidential data, infect your device, and use it for their own purposes. Most often, criminals operate in places with large crowds of people, especially tourists: at train stations, airports, and popular attractions.

Attackers can intercept data using special sniffer programs if the traffic is not encrypted or encrypted well enough. To do this, a hacker just needs to have a laptop or smartphone and be close to the access point. Attackers will see everything you enter on your device at this time: from your social media username and password (in this case, the session ID will be intercepted), to your bank card number and CVC code.

Marina Probets
Internet analyst at Gazinformservis

The most common threat is identity theft over open Wi-Fi networks. Hackers can intercept the data of users who use public Wi-Fi in public places. Also, skimming (card cloning equipment) is still common at ATMs and payment terminals. Criminals can install skimmers to copy data from bank cards and gain access to victims ' financial resources.

In order to protect against cyber threats in public places, it is recommended not to enter personal data on public devices, monitor your banking operations, and avoid connecting to open Wi-Fi networks.

Another way to get victim data or steal money is through fake Wi-Fi networks. In this case, the criminal himself opens an access point in a public place. At the same time, the network has either a common neutral name, such as "Wi-Fi Free", or a name consonant with the existing network in this place, such as "Coffee House" instead of the existing "Coffee House".

Kai Mikhailov
Head of Information Security at iTPROTECT

Attackers can use Wi-Fi networks to lure users to fake sites with the purchase and booking of tickets, for example, through which they can get personal data for further theft of funds. Sites may be indistinguishable from real ones, just located at different IP addresses, but because of the intercepted session, users will be directed to fake ones. Also, when updating applications, Trojan programs may be installed for users, and remote administration tools may be left on the devices, through which attackers will gain control over all the user's data and device. In addition, attackers can intercept data transmitted by device owners. Therefore, it is very important not to use public networks without security tools and to remain vigilant when working with personal data, if this cannot be avoided.

In April 2024, the cyber police announced the detection of a new type of fraud related to public Wi-Fi networks, as a result of which users lost their Telegram accounts. The case was registered at Sheremetyevo Airport. After connecting to the fake network, the user receives a message with a request to log in via Telegram. The victim enters the code and loses access to their account.

Vlad Driev
Senior Security Analysis Specialist at the USSB

If you have already connected to such a network and understand this, then, first, immediately turn off Wi-Fi. Secondly, try to remember what you did during the time you were connected to it. If you entered the code from Telegram or WhatsApp, then immediately go to the app and close sessions on all devices. If you have used passwords somewhere, change them immediately. The main thing is to use the mobile Internet for this purpose. Companies can transfer their networks to connect using certificates for protection, then the credentials will not be transmitted over the air.

Also, for security reasons, you can recommend that everyone turn off Wi-Fi on laptops and phones in public places.

Information security experts recommend not connecting unnecessarily to public Wi-Fi networks, not logging in to other sites via social networks, and not conducting banking operations, but using the network only for safe actions, such as viewing the weather or getting directions on a map.

QR codes​

QR codes are used everywhere — they are used in coffee shops to leave tips and open electronic menus, rent electric scooters, and view detailed information about a product or service. Often the average person doesn't think twice about scanning the code, it happens almost reflexively, as if in between. And this inattention or ignorance is used by intruders. They paste a fake code on top of the real one, as was the case in Moscow with the electric scooter service, or place their own fake ads with QR codes. So, for example, fraudsters put up ads about replacing the intercom on the entrances in St. Petersburg.

Fraud involving QR codes is called quishing. This is one of the phishing options, and the risks for the victim of fraud are the same — infection of the device, loss of data and money. Cybersecurity experts recommend not scanning everything in a row, checking the URL for a secure connection, using proven QR scanning applications, and disabling automatic actions when scanning a code.

ATMs and payment terminals​

Attackers use skimmers to steal bank card data and money. Skimmers are miniaturized data-stealing devices hidden inside conventional card readers. After the hardware intercepts the data, the thief takes it to create a clone of the card or simply perform fraudulent actions. Perhaps the worst part is that skimmers often don't interfere with the normal operation of an ATM or credit card reader, making them much harder to detect.

In 2019, Sberbank declared victory over skimming in Russia, however, you should not lose vigilance, cases of theft of money from accounts using fake cards are still found. In addition, readers can be used by unscrupulous employees of hotels, public catering or entertainment establishments.

Your own gadgets and IoT devices with Bluetooth enabled​

Due to the simplicity and prevalence of various hacker devices "for enthusiasts" like Flipper Zero, HackRF One, Pwnagotchi and others, you can increasingly encounter such a phenomenon as BLE spam. In addition, you can use Bluetooth LE Spam applications for spam attacks over the Bluetooth Low Energy protocol. The app sends connection requests that mimic Google Fast Pair, Microsoft Swift Pair, and Easy Setup services and mimic various Apple devices. In this case, a lot of fake messages will pop up on the phone screen of the victim of the attack with requests to connect various non-existent Bluetooth devices, such as headphones, set-top boxes, and a microphone.

In addition to the BLE spam attack, attackers can remotely activate and control your IoT devices. In April 2024, cybersecurity experts were able to hijack a Tesla using a $169 Flipper Zero and a Wi-Fi board. In addition to financial damage, the possibility of remote access can have very serious consequences for human health and life. So, computer security specialist Barnaby Jack from IOActive, where he evaluated medical devices, discovered vulnerabilities in insulin pumps and pacemakers. With just a laptop, a criminal could dump the entire contents of an insulin pump into a patient's pancreas and cause instant death, and in the case of a pacemaker, program the device to generate a strong current. Fortunately, the actual use cases of these vulnerabilities are still unknown.

Flash drives and USB wires​

Every person is curious in one way or another, and this quality is used by intruders to build their trap. They place a malicious chip in a device, most often a flash drive. If you find a flash drive in a public place, a person will most likely want to see what is written on it. At least in order to return the device to the owner later. After connecting the flash card to the computer, the fraudster gets access to the victim's device.

Vlad Driev
Senior Security Analysis Specialist at the USSB

Scammers use small Arduino-like controllers to simulate the operation of the keyboard. The device itself is usually placed in a case from a regular flash drive, so as not to arouse suspicion, although in fact the case can disguise itself as any other USB device. Such a "flash drive" is placed in a crowded place and lies there until a curious person picks it up and inserts it into their computer, laptop, phone. The "flash drive" appears as a keyboard and starts typing malicious code. Such devices can be purchased on marketplaces.

To protect against this technique, you can use antivirus solutions with the ability to protect against unauthorized USB connections. And also follow the simple advice – do not insert extraneous flash drives into your devices.

This is also the principle that has recently become widespread O.MG Cable with a malicious chip that can be used to gain remote access to connected devices.

Smartphone charging stations​

It may seem that charging your phone at charging stations is more convenient than carrying a powerbank or your own charger cable. You may actually recharge your device, but at the same time you risk becoming a victim of cybercriminals. The US FBI warned about an unusual threat in 2023. Attackers have devised ways to use USB ports in public places to inject malware onto devices. For example, public charging wires can be connected to a computer through which a criminal will receive user data. In addition, attackers build special devices into the charging cables, and when connected to them, the user's gadget becomes vulnerable.

It's easy to protect yourself from this threat — just don't use shared charging stations or other people's cables. If you still need to charge your phone, but there are no other options, then turn on the option charging only without data transfer and use an adapter cable that has wires only for transmitting current.

Ekaterina Starostina
Director of Business Development, Webmonitorex

In addition to attacks via charging devices, there are other complex attacks that can be implemented in public places, but are extremely rare due to their complexity and high costs for attackers. For example:

• Public USB Port Attack: Attackers can install malware on public USB ports in public places to infect the devices of users who connect to them.
• Bluetooth attack: Attackers can use vulnerabilities in Bluetooth connections to gain access to users ' devices and intercept their data.
• NFC (Near Field Communication) Attack: Attackers can use vulnerabilities in NFC technology to transmit malicious data to users ' devices that have NFC enabled.
• RFID (Radio-Frequency Identification) Attack: Attackers can scan and copy RFID tags used in access cards or contactless payment systems to gain unauthorized access to buildings or financial assets.

These attacks require specialized knowledge and resources on the part of attackers, so they are rare, but it is important to be aware of the potential risks and take measures to protect your data when using public networks and devices.

Cyber attacks are not always intended to steal information or cause harm. There are cases when cyber hooligans hack information boards, switch TV channels in public catering using Flipper Zero, or hack sex toys just for fun. For example, someone turned on an adult movie on a huge screen in the center of Alma Ata, and ESET conducted a study and warned about the insecurity of applications for "smart" intimate toys.

Conclusion​

The border between the digital and analog worlds is becoming less visible, and the territory of cyber threats is constantly expanding. Therefore, do not lose your vigilance and relax if you get up from the computer desk and go outside. Walking around a shopping mall or waiting for your flight at the airport, you need to be equally wary of pickpockets and cybercriminals.