When you’re out and about connecting to public Wi-Fi may seem like a great idea — easy and free Internet, what could be wrong with that? But by connecting to Wi-Fi you may be falling into a trap set by hackers who can steal your passwords, email, personal information and more.
Last year a security firm called F-Secure conducted an experiment by setting up free public hotspots in London to see how many people would connect to them. Within 30 minutes of setting up a public network, the F-Secure hotspots had 250 people connected to them.
F-Secure was able to access email messages, usernames, passwords in addition to other data from people who connected to the networks. The company deleted all of the information it collected.
As further proof of the dangers of connecting to an unsecured Wi-Fi network, a terms and conditions page was added part way through the experiment that required users to agree to before they were connected to the network. F-Secure figured no one would take the time to actually read the terms and conditions before agreeing to them.
The terms and conditions page required that the user give up their “first-born child or most beloved pet” upon connecting to the public Wi-Fi network. (Hey, at least they didn’t require both!) The good news is that the firm didn’t try to enforce the terms and conditions, collecting neither children nor adorable pets
Just as you wouldn’t trust some computer sitting in a lobby somewhere to check your email, you shouldn’t trust some wi-fi connection that is there to connect your device through. I think that there is a psychology there, which is I trust my iPad, so I will connect to the wi-fi and I am safe.”
This video shows how F-Secure’s hotspots were set up using a crude device held together with rubber bands, how quickly people connected to the Wi-Fi networks, and what data F-Secure could see:
You can read the full report on the experiment from F-Secure here:
Man in the Middle Attack
Hackers don’t even need to set up their own Internet source to get you to connect. They can use what’s called a Man in the Middle attack where hackers set up a connection to an existing public Wi-Fi network, using a hotspot that sends out a stronger signal than the existing network. People wanting to connect to Wi-Fi will be lured to the stronger signal so they connect to the hacker’s hotspot that serves as an intermediary to the existing public network.
The hackers who use the Man in the Middle attack then have access to your data while you’re connected to the public Wi-Fi network through the bogus hotspot.
What You Can Do
Be aware when you’re connecting to a Wi-Fi network whether it is secure. If you don’t recognize the name of the network, realize it could be unsecured. When in doubt, assume that the network isn’t secure. “Public” could mean anyone.
Don’t connect to public Wi-Fi networks. Turn your Wi-Fi off when you’re away from secure connections if you don’t need to be on the Internet. Wait until you can get a secure connection to surf the Web.
Use your phone as a Wi-Fi hotspot. Use the hotspot feature on your cell phone to connect your computer or tablet to the Internet. See, Need Internet? How to Turn Your Phone into a Wi-Fi Hotspot.
Use cellular data networks when possible. You may be trying to conserve your use of cellular data but that may end up costing you more in the long run if you’re hacked when you use a public Wi-Fi network.
Use a VPN (Virtual Private Network) if you must use public Wi-Fi. Hackers will only see that you’re using a VPN and your data transmitted over the VPN will be encrypted. See, PC World, How (and why) to set up a VPN today and Ars Technica, Even with a VPN, open Wi-Fi exposes users
Don’t log into sites using your user name and password while on public Wi-Fi networks. Wait until you have a secure connection to do online banking, log into email and use social media accounts.
Look for encrypted and secure websites. Check for “https” in the web address to make sure the hacker’s hotspot hasn’t re-routed you to a malware site.
Even if a Wi-Fi network requires a password, it may not be secure. The Wi-Fi network could be set up by a hacker. Others who have logged onto the network may have access to your data.
Don’t automatically connect to known networks. Hackers can trick your device into thinking that their hotspot is a known network. From F-Secure:
I once heard it described like this: You‘re in a black room, very dark. You‘re trying to work out who else is in that room and you can‘t see anybody there. What you‘re doing is effectively saying ‘I am Mark. I know Bill, I know Charles, I know Dave and I know Jane. Bill, Charles, Dave, Jane – are you there? It is hoping that somebody in that dark room will suddenly say ‘I am Dave. I am here. I will connect with you Mark.’ That‘s what‘s going on. If the information is being put out there, it‘s not just one person‘s name. It is for example the fact that you have connected to Starbucks, you might have gone to a hotel, you might have connected to a company website and you might have connected to a lawyer‘s website. Somebody can aggregate all that information which is freely being broadcast by your device and build up a very accurate profile – not only of your working practices, but also potentially of who you are and that is quite troubling.”
Also see, Lifehacker, How to Stay Safe on Public Wi-Fi Networks
Were you aware of the dangers of public Wi-Fi networks? Do you try to avoid connecting to public Wi-Fi networks when possible? Are you mindful of keeping your information private when connecting to public Wi-Fi networks? Share your thoughts in the Comments section below!
In Case You Missed It
In the unlikely event you missed my appearance on the Going Home with Tony radio show on Thursday, you can catch it on his podcast, available in iTunes: Celebrating The Wonder of Tech.
* Free Wi-Fi Zone image (edited) courtesy of Podere Casanova via Flickr and Creative Commons