PUBLIC WI-FI
Public wi-fi, sometimes called free wi-fi, is a type of network where anyone has access and through it can connect to other networks or the internet.Professionals are split about the security risks posed by using public wireless networks. Some say that today’s users have little to worry about, that public wi-fi’s reputation as a security threat is no longer deserved, while others disagree.
In an exercise conducted by The Washington Post, professionals from cybersecurity company Avast were invited to “steal” data from users as they surfed the internet and conducted routine activities, such as checking email, streaming videos, and logging onto social media sites. The exercise yielded little results for the would-be hackers. While connected to the same network, the Avast “hackers” could see what websites were visited, what time of day the sites were visited, and what device (e.g. iPhone, laptop, Android, etc.) was used to access the websites, but no specific user data, such as user names or passwords, was collected.
However, the pitfalls of public wi-fi lie in the
network that one is connected to. Not all public wi-fi
connections are safe. Some public wi-fi networks are
created by bad actors, and not reputable businesses or
organizations.
In a story from CBS Boston, white hat
hacker Steve Walker shows how easy it can be for a
hacker to set up a fake wi-fi connection in a public
space. In this scenario a hacker creates an imposter
public wireless network with a name that that seems
legitimate. The imposter network may have a familiar
naming convention, like
INSERT-BUSINESS-NAME_GUEST_WI-FI, that lulls users into
a false sense of security. Hackers can even create a
connection with exactly the same name as a known wi-fi
hotspot. The fake login or connection screen can contain
phishing links designed to steal usernames and
passwords. Once connected to this rogue wi-fi network
the hacker has access to all the user’s inputs. From
this data the hacker can piece together websites
visited, gain access to accounts, and even financial
data if it is input while connected to the fake service.
Other risks posed by using public wi-fi networks include
malware, viruses, and worms, fake system’s updates for
phones that are designed to steal information, and even
session hijacking.
While there are risks posed to privacy and security when using public wi-fi, experts also say the risk to reward ratio makes this type of cyber crime less attractive to hackers and cyber criminals. The hacker is more exposed trying to steal sensitive data in this fashion, and the payoff is not guaranteed with such a random assortment of users or “targets.”
There are many reasons users connect to public
wireless networks, from poor cellular service to the
need to conserve mobile data use to sheer convenience
and better speed. While users cannot totally eschew the
use of public wireless networks there are some best
practices that will offer the user some protection
against hackers and mitigate risk.
These include:
• On both Android and Apple tablets and cell phones,
disable file sharing apps.
• While on a wireless
public network do not work with sensitive data.
•
Refrain from visiting sites that request or require the
input of personal data.
• Encrypt information that is
sent between two parties.
• The user should ensure
that the websites visited are secure. The user can know
a site is secure by observing https in the address bar
or a lock icon next to the web address.
• Use a VPN
to encrypt all online user traffic.
Of course, the
only guaranteed way for users to protect themselves is
to avoid public wi-fi at all costs, using exclusively
home networks or private wireless connections via a
personal hotspot.