Beware when you are accessing wi-fi networks and other devices, as all may not be as it seems, according to Belvedere College student Brian Kelleher.
Brian’s project – We are Not Safe – is the result of a two-year study by him, where he examined the security behind wi-fi networks.
He told Dublin Gazette: “I did four main experiments as part of my project.
“Firstly, I looked at hacking wi-fi; secondly, I looked at hacking locked Apple computers that are password-protected; thirdly, I looked at installing viruses on Apple computers; and, finally, I did a survey to see how secure people think their passwords are.”
The project earned him a special award from the IE Domain Registry (IEDR).
Brian explained how his wi-fi experiment works.
“It uses a program called Wi-Fi Phisher, which uses a fake wi-fi page to trick the user into entering their password.
“It looks like a normal router upgrade front page, but in reality when you put in the password, it goes to the attacker.
“I tried it on five wi-fi networks, and four of them were vulnerable to the attack.
“Because public wi-fi networks are unencrypted, an attacker can monitor what you can do.
“There’s an attack where the hacker can ‘spoof’ a website. So, for instance, if you look at facebook.com, they can intercept that request and put up a different page, and you wouldn’t necessarily know.”
Passwords to start your computer can also be the subject of attacks.
Brian said: “This type of attack exploits a vulnerability in a mode called ‘Single user mode’. This allows the attacker to access all of the files in a computer.
“What an attacker would do is delete a file, and create a new admin account. Once they have a new admin account, they can change all of the other passwords in the system.
“If the attacker has one password, they essentially have all of the passwords, because if you have a Gmail password, for instance, you can reset all of the other passwords.
“Most people still use the same password. In the survey I conducted, 80% of people use the same password on multiple sites. Clearly, if you have one password, you have most of them.
“People need to be vigilant online, and use secure passwords. Make sure what you click on, or what you enter your password in, or any credentials, are credible.”
It was Brian’s second year in a row at the Young Scientist Exhibition.
Last year, he had a project about the housing crisis, and he built an algorithm relating to which houses would perform well as rentals.