Internet users love public WiFi, despite the fact that free connections are filled with security concerns. As noted by Dark Reading, while over 90 percent of users believe public hotspots are insecure, 89 percent go ahead and connect anyway. And that’s just the beginning: Many Netizens are willing to leverage free WiFi to conduct financial and other critical data transactions — according to Gizmodo, two million Australian users do their banking on public WiFi every day, despite the potential risks.
And no-cost WiFi networks are rapidly expanding. Urban centers such as New York City recently rolled out subway station WiFi while social media giant Facebook has introduced a WiFi finding app that helps guide users to the nearest bastion of available Internet. With public WiFi such a big draw — and user showing no signs of logging off even if personal data is at risk — it’s worth taking a look at the top wireless threats and how you can stay safe on free-for-all connections.
Ideally, any private WiFi you’re using, such as corporate offerings or home networks, should use strong encryption to ensure that your data isn’t on display for any malicious actor with a mind to hack your connection. The Internet available in coffee shops, airports, and hotels, meanwhile, often eschews encryption in favor of usability and speed: It’s quick and painless for users to connect and start surfing but everything sent and received is in plain text, meaning anyone with the means and motive to eavesdrop on your browsing session can see exactly what’s in that company email, instant message or Facebook post.
Think of it like this: Instead of having a quiet conversation with friends, unencrypted WiFi connections create a scenario where you’re shouting potentially private information from the digital rooftops. Not a great idea if you want to stay safe online.
[pullquote]Are Starbucks Wifi1 or AirprtWireless really legitimate connections?[/pullquote] The certainly look on the up-and-up at first glance, but here’s the problem: There are no rules or restrictions when it comes to naming WiFi channels. As a result, all cybercriminals need to do is create a hotspot name that seems believable and then create a “dummy network” by broadcasting over a relatively small radius — usually within the coffee shop or airport terminal. Unsuspecting victims see an open WiFi network with great signal strength, click to connect and are then prompted to enter extra personal details, such as date of birth of Facebook login credentials.
In some cases, hackers aren’t really offering an actual WiFi connection, and after multiple attempts users go elsewhere, leaving criminals in possession of usable personal data. As noted by Kaspersky Lab, meanwhile, others use dummy hotspots to relay your information to a legitimate WiFi network allowing them to access — and obtain — every piece of data you send out.
Browser companies are getting backlash for tracking user behavior, but what if the problem didn’t come from Google or Microsoft but rather an interested cybercriminal looking to create a profile of your habits and steal critical information? Since public WiFi connections are typically light on security, it’s easy for tech-savvy attackers to stalk your surfing habits and discover exactly where you’re going, who you’re talking to and what you’re doing online.
Financial institutions are making it easier than ever to access bank accounts, transfer money, and complete transactions online. As a result, many users are tapping public WiFi to conduct daily banking tasks, send money transfers or even make large purchases. The problem? Your credentials are up for grabs when using a free network since all hackers need to do is watch where you’re going, record your login/password information and then gain access once you’ve logged out.
Imagine this nightmare of a scenario: You open your laptop at the coffee shop to check your bank balance only to encounter a “password error” message. Contacting the bank leads to the discovery that hackers gained account access, transferred out thousands of dollars and along the way opened several new credit cards in your name. Bottom line? Don’t access any sensitive information over a public WiFi connection — this includes banking websites, medical portals or online payment sites. And since many people use the same password for multiple sites including their social profiles it’s not a bad idea to steer clear of Facebook and Twitter in addition to more sensitive sites.
[pullquote]The ultimate hacker score and user threat when using public WiFi? Total device compromise.[/pullquote] It could start with attackers putting something simple, such as a keylogger, onto your laptop and then recording everything you type during subsequent WiFi visits.
The next level? Cybercriminals send you a legitimate-looking email (since they can see you checking the account while you sip your latte) then convince you to download a malicious attachment or direct you to a compromised website. The result is the same in both cases: Your device is infected with malware; even logging off the network won’t reverse the damage. Once infected, there are a number of potential consequences — ransomware which locks down your files and demands payment, processes which run in the background collecting personal information and access details which are then sent to a command and control (C&C server) and then sold via the Dark Web or used to create a fake identity, or simply a hailstorm of unwanted ads which warn you to install “antivirus” programs that are simply more bloated malware.
So there you have it — big threats just from logging on to your favorite coffee shop WiFi or browsing the ‘net while waiting at the airport. But it’s not all bad news — since you’re going to use public WiFi anyway, there are options to help you stay safe, including:
Is public WiFi secure? Absolutely not — and users on public connections may encounter threats ranging from data theft to browser tracking to credential compromise or malware infections. Ideally, steer clear of free WiFi hotspots. Realistically? Surf safe, use HTTPS where possible and opt for a VPN if you’re determined to access personal data on public WiFi.
We’ve seen a rise in social gaming sites over the years. These sites, which are…
The vaping industry continues to evolve, with product designs becoming more sophisticated and user-centric. Modern…
As digital landscapes evolve, more marketers, content creators, and businesses are asking, what is AI…
Today, small businesses have an incredible opportunity to grow beyond traditional means and reach new…
Online competitive games have long been a cultural phenomenon, drawing millions worldwide. From strategic block…
In a world where companies constantly strive to tap into new markets, they also face…