The Dangers of Using Public WiFi
Once our primary concern when booking a hotel room was having a decent view, today it’s whether we have free WiFi access. The same goes for wherever we find ourselves — be it at a coffee shop, a restaurant, at the airport, etc. In a generation glued to their screens and addicted to connected devices (IoTs — the Internet of Things), there’s nothing more convenient than jumping on a free internet connection to surf the net, check mail, enjoy Face-time, meet work deadlines, or even do some banking.
However, many hackers lurk in the deep web awaiting public WiFi users. They pose a real security risk, especially those stealthily gathering private information to commit their crimes. In fact, the internet threat landscape is booming with cybercriminals with ever-advancing tricks and trends. Cybercrime in all its many forms (financial fraud, online identity theft, stalking, hacking, bullying, information piracy and forgery, email spoofing, intellectual property crime, and more) can wreak havoc in a victim’s life and experts especially warn against making financial transactions or using credit cards on public WiFi.
Regular free public WiFi is not a secure environment. Even if you need a password to log in, online activities are not necessarily encrypted. What makes public WiFi susceptible to attack are weak/outdated encryption protocols used by some wireless networks that can easily be cracked. There are even tools online built to perform brute force attacks on such networks. Another problem is unwittingly joining a rogue WiFi access point (APs) created by an attacker to launch a man-in-the-middle (MITM) attack. MITMs enable attackers to intercept communication between victims and the servers of websites they visit and then read, insert, and alter messages. Even novice hackers can gather private information — from login credentials to credit card and social security numbers — by directing users to a legitimate-looking website that prompts them to provide such information.
There are many examples of attacks to every sort of device. So, no matter how tempting it is to use your lunch break to buy clothes or bling online, stop before you shop!
How to Identify You’re At Risk
If you’re aware of the risks, you’re already one step ahead. There are also several warning signs that you may be logged on to a rogue WiFi or at risk of being hacked.
- If a site prompt asks you to re-enter your user name and password and then the web browser suddenly says the security certificate is invalid, log off and shut down your computer.
- If you are on your laptop at the airport and a dozen free WiFi connections (even one called “Free Wi-Fi”) pop up, check with the proprietor that you’re connecting to the real network.
- If you’re connected to WiFi away from home and your computer shows you’re connected to your home network, it’s likely that someone has caught your computer’s broadcast request.
- If you’re browsing a site that you know should be encrypted (HTTPS), such as your bank or favorite social networking site, but the page is rendering in HTTP, a hacker might be performing an MITM attack and serving you the site’s HTTP version to capture your login credentials.
Just because most wireless routers have a firewall doesn’t mean you’re protected from others connected to the same network.
10 Tips to Stay Protected
- Beware of hackers when using unsecured public WiFi networks.
- Keep Antivirus Software up to date on all your web-enabled devices — smart phones, webcams, gaming systems, etc.
- Use a trusted Virtual Private Network (VPN) that protects your network and IP address. This prevents hackers from accessing data you enter into forms online and more.
- Make sure you know how to wipe an android phone, especially passwords, before selling it. Using the default factory reset option is not enough.
- When browsing, go incognito (aka private browsing). This allows you to browse whatever you like without worrying about deleting cookies or your history, especially at a public place.
- Don’t enter your social security number online unless you are sure you’re on a secure connection and dealing with a trustworthy company.
- Don’t click on links or attachments unless you trust the source.
- Asking how secure is my password? Best practices is to make them long, strong and unique.
- Use a pop-up blocker — links in pop-up ads are an infamous sources of malware.
- Avoid falling into the clickbait trap — enticing headlines and links (“12 grossest summer health threats– Number 2 will shock you!”) have you divulge personal information and lead to disappointment (counterfeit goods) or dangers such as malware, phishing scams, and more. If you’re not sure, read up on what is clickbait.
Recommended Software Solutions
There are several software solutions to help ensure safe browsing.
- NetSetMan is a program that customizes your network profiles for different networks. You choose your IP address, DNS server, and can even run scripts every time you connect to one of your preset networks.
- There are apps like ControlPlane that offer a fair amount of customization — you can turn on your firewall, turn off sharing, connect to a VPN, and a more depending on the network you’ve connected to.
- There are many antivirus programs offering a host of services and features. The best, including McAfee, Norton and BullGuard, provide solid virus and malware detection and removal rates, light, adaptable software and real-time protection.
Bottom line, beware of free WiFi. It may be tempting, but there are even freely available video tutorials online detailing how to hack a network that even a child can get the hang of — a Google search returns over 11 million results, and YouTube lists almost 14,000 tutorials!