It’s not uncommon for organizations to have employees that travel to different locations whether it’s to visit customers or different offices, especially with the rise in remote working and remote co-working spaces.
When these employees travel or work outside of the office network, they often connect to public Wi-Fi hotspots which could be creating a ‘massive surge’ in hacking crimes according to web filtering platform Titan HQ.
Providing users with remote access to the corporate network can help improve employee productivity, but it introduces a high level of cybersecurity risk with a chance an attacker could also gain remote access. However, this is far from the only danger when it comes to public Wi-Fi as hackers can also easily target individuals and their information with ease when connecting to public Wi-Fi.
When it comes to public Wi-Fi, the most likely threat is a common hacker or scammer attempting to steal a user’s information for profit. Attackers are often after personal details such as your name, address, financial information or social security numbers. There is also the potential for blackmail if an attacker finds compromising documents or images on your device.
As you peruse your favorite social media site, access your email, and check to see if a financial transaction cleared your online bank account, a hacker could easily capture all of your login credentials and data. So what is the most dangerous word or phrase when it comes to Wi-Fi?
“Free Wi-Fi”
As a result of the rise, in the US, the FBI and the Federal Trade Commission have all urged caution when using free Wi-Fi and be mindful of the security risks. Other organizations such as the AARP have cautioned its members that “Free public wireless networks may come at a steep price – the theft of your finances and identity.”
Free WiFi is everywhere these days, giving us the ability to work remotely in coffee shops and restaurants. It’s very convenient but potentially unsafe. Connecting to a public Wi-Fi network requires little authentication – at best you’ll be greeted by a captive portal and have to check a box agreeing to the terms of service. Anyone can connect to these networks, including cyber criminals.
The presence of any of these factors can contribute to an insecure environment, in which hackers can easily target unsuspecting users who are oblivious to their potential jeopardy. Some of the most common threats include the following:
- Stealing your password or personal information within a non-encrypted connection or through a rogue access point
- Session hijacking so that a hacker can browse a site using your own online account
- Obtaining information on your computer by directly accessing your computer
- Downloading malware and viruses that can then conduct their malicious task
On public Wi-Fi, there are many ways scammers can use to get to you. Here are some of the most common:
Man In The Middle attacks
These attacks are one of the most common while using public Wi-Fi. A hacker captures the data you are sending. Most hackers who use this method exploit flaws in apps or websites that allow them view the information being passed. The information can include bank details, passwords, personal identification information, and other data that could be used for identity theft. The most common type of MITM attacks is those that occur over unencrypted and unsecured Wi-Fi networks.
The easiest way for an attacker to exploit public WiFi is to position himself between clients and the router. A man-in-the-middle attack is like eavesdropping where an attacker can get in-between points A and B and intercept data. Sometimes this data can be modified in the process of transmission to trick the victim into disclosing sensitive information, such as login credentials. The victim will likely never notice anything is amiss. Once the user falls for the deception, the data is collected.
Fake Hotspots.
Not all public hotspots are legitimate. Attackers create “free” WiFi networks (often called evil twin hotspots) in an attempt to lure in unsuspecting users. When you connect to such a network, you give criminals an opportunity to monitor all your data. All an attacker has to do is find a high-traffic location and set up a fake network with a legitimate sounding name like ‘Hotel Wi-Fi.” By the time the attack is uncovered or authorities have isolated the source of the signal, the attacker has moved on – with the stolen user credentials.
The whole experience is transparent to the victim. Most of the time the hacker allows the victims to reach their intended Internet destinations while they secretly eavesdrop on the network traffic so that they can steal the information from the victims as the victims attempt to log in to their e-mail, provide credit card numbers while shopping online, etc. Avoid using open Wi-Fi hotspots – always ensure they’re secured and that a password is required to access them.
Wireless “sniffing.”
This is a practice where your data is observed, intercepted, and interpreted. It helps experts to diagnose any problems on the network. In the wrong hands, it can be used to monitor and collect data from unsuspecting victims.
Common Tools used by Wi-Fi attackers
While many sites are switching to Secure Socket Layer (SSL) which provides end-to-end encryption, there are various ways an attacker can circumvent this. One example is an SSLstrip, a tool that transparently hijacks HTTP traffic on a network.
This lets security managers assess the risk level of a network with the push of a button but it can also make it easy for attackers to scan public WiFi networks and find vulnerable devices – including yours.
“It doesn’t take long for a determined hacker to crack an unprotected wifi network. For would be hackers, there are a multitude of websites that promise to help you crack wi-fi passwords in two minutes. Many others provide significant detail on wireless hacking tools’ Ronan Kavanagh from TitanHQ said.
“This does not mean that you should never utilize public Wi-Fi. It just means you should take precautions. If you wouldn’t verbally give out your password in a crowded coffee shop then you should see a wireless hotspot as being full of prying ears as well as everyone shares the same wireless access point. In a sense, it is one big conversation.”
How To Stay Safe on Public Wi-Fi:
1. Check the Terms and Conditions.
In your desire to get some free internet, it can be quite tempting to click through any terms and conditions that pop up on your screen. However, you should be careful about what you sign up for in public. A huge amount of free public Wi-Fi also takes something from you. These firms will give you some bandwidth as long as you agree to give them your email address and a phone number for instance. Try to find time to read before agreeing.
2. Stick to Advertised Wi-Fi Networks.
Just because you see free Wi-Fi pop up on your screen does not mean you must connect to it. Hackers are known to set up free Wi-Fi that they use to mine data from unsuspecting individuals. If you see open Wi-Fi that is not advertised publicly, you will have to think twice about using it.
3. Only Visit Secure Sites on Wi-Fi.
The green padlock at the top left corner of your browser shows you that you are connecting to a secure site. This sign is even more important when you are relying on free Wi-Fi. Think hard before doing anything important when on free Wi-Fi. For instance, avoid making any credit card transactions on public Wi-Fi. Additionally, it is best to use a mobile browser rather than an app when on public Wi-Fi. Mobile browsers are better at checking the security of sites than apps.
4. Switch Off Sharing.
When your device is connected to the Internet in a public area, you will not want to share anything. You can turn off sharing in the Control Panel depending on the OS you use. You may also opt to have your OS do it for you by choosing “Public” the first time you connect to a public network.
5. Switch Off Wi-Fi Capabilities in Public.
Even when you are not actively connected to any Wi-Fi network, your computer hardware can still transmit data to any network that is in range. There are measures in place to keep such networks from getting in touch with you. However, hackers can be quite smart, and they can get into your laptop. Besides that, switching off Wi-Fi settings allows you to extend the battery life of your device.
Other Useful Tips.
Avoid downloading anything when using public Wi-Fi. Additionally, always ensure that the OS and all other software are always up to date. Although your device automatically manages your connection when you are on public Wi-Fi, it is always best to double-check. When you are done with Wi-Fi, always forget the network. That way, you can reduce the security risk to your device. Additionally, make simple choices like using different passwords for each app.
- Always ask the establishment what the name of the official hotspot is. This will prevent you from making incorrect assumptions and choose a malicious hotspot.
- Disable the “auto connect” or “auto-join” functions for saved hotspots for all of your wireless devices, which is good advice in general.