Why Do These Hacks Keep Happening?

Old Banner

A number of people around the college community have seen coverage of the latest hacks on the news and have asked me, “Why do all these hacks keep happening? Can’t something be done?”

There are many answers to that question. A few are below:

  • We do A LOT to stop attacks against FIT. There is a huge amount of technology at play to protect the college, and we do our best to train and engage you, our community, to be our eyes and ears to stop suspicious activity.

  • There is a lot of money at stake. Cybercrime is a multibillion dollar industry.

  • It’s hard to stop criminals when some countries harbor and even encourage them,

  • Finally—and this is the point of this post—the software and networks that enable everything, from our phones to our medical devices, are so complicated that every single-use case and attack can’t be tested in advance.

This brings us to today’s story. It turns out that someone discovered that if your iPhone or iPad attaches to a Wi-Fi network named “%p%s%s%s%s%n,” the Wi-Fi capability on the device is disabled permanently. Further, several other network names with percent signs in them will have the same effect. It doesn’t appear to steal data or credentials, but a prankster could easily set up a wireless network with that name in Penn Station or some similar public place just because they think it’s funny.

The key point here is that no one at Apple ever tested for this condition, nor could they reasonably be expected to. However, security “researchers,” some who are well-meaning and some who are not, spend all day every day putting every piece of software through every bizarre condition they can think of to see if it breaks. Eventually it does, and that’s how vulnerabilities are discovered. That realization, that technology will never be perfect, is why it’s so important to remain vigilant. Technology does a good job of protecting us, but we need to protect ourselves as well.
 

What can you do? 

  1. Configure your Wi-Fi devices to ask you before they connect to networks, especially if they don’t have a password or have a static password.  

  2. Take our Cybersafe training when it is offered in the spring semester.

  3. Check out our website and remember our 4 Don’ts of email safety.

Technology, whether it’s anti-virus, spam filters, or firewalls, is there to help you protect yourself.

 
 
About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT. Read past issues here.