Public Wi-Fi has become a staple for most of us. Public Wi-Fi networks like those in coffee shops or hotels are not nearly as safe as you think. Even if they have a password, you are sharing a network with people whom you don’t know, which means your data is at risk. When free Wi-Fi is available anyone of us would leave your own network and get connected with the free Wi-Fi available.
Just because most wireless routers have a firewall to protect you from the internet does not mean you are protected from others connected to the same network. It is remarkably easy to steal someone's username and password, or see what they are doing just by being on the same network. Also check your privacy settings for automatic change of your settings to the appropriate level of security every time you connect to a public network.
What is Wi-Fi
Wi-Fi is the standard for wireless internet, which allows devices to connect at high speeds to the internet.
Public Wi-Fi networks in places like coffee shops, pubs, airports or hotels for often unsecured connections which can expose personal data and leave devices open to online threats like malware, spyware and cyber snooping.
Why is public Wi-Fi vulnerable to cyber attack?
The average free public Wi-Fi is not secure and just because you may need a password to log in, it does not mean your online activities are encrypted. Various reasons make public Wi-Fi susceptible to attack.
- Some wireless networks may use older standards for encryption, which can throw up security issues.
- Some wireless networks may use older standards for encryption, which can cause security problems. In such a case, an attacker creates a rogue hotspot with the intent to unleash man-in-the-middle (MITM) attackson unsuspecting victims that join their rogue network. This type of attack allows an attacker to intercept the communication between you and the servers of the websites you visit, allowing them to read, insert, and modify messages.
- Minimally skilled hackers can easily eavesdrop and monitor your online traffic to capture valuable information such as login credentials, credit card numbers etc.,
How to identify that you have logged on to a rogue Wi-Fi
- An attacker’s rogue Wi-Fi hotspot can pretend to act as a public network that you might come across at a coffee shop. Instead of connecting to a real public Wi-Fi hotspot, your device ends up connecting to the attacker’s rogue hotspot and now the attacker is sitting between you and the actual Wi-Fi network, so they are able to see your online traffic.
- Another tactic that can be used is to create a public Wi-Fi network called “Free Wi-Fi” and wait for victims to join. Naturally, lots of people will try to connect, especially if free Internet service is being offered.
- If you are away from home, say at a coffee shop and all of a sudden your computer shows that you are connected to your home network. Chances are someone could have caught your computer’s broadcast request.
- In some cases, if you are browsing a website that you know should be encrypted (HTTPS) such as your bank or your favorite social networking site but the page is rendering in HTTP, then someone might be performing a man-in-the-middle attack and serving you the HTTP version of the site in order to capture your login credentials.
Methods of attack used by hackers
- Brute force/cracking attacks : These can be used by malicious hackers to bypass a public Wi-Fi password either by mass testing a huge amount of passwords (brute force attacks) or by using specialized software and tools to trick the router into revealing the password (cracking attack).
- War driving: In this method malicious hacker driving around various locations, looking for vulnerable Wi-Fi connections he can later exploit.
- Wi-Fi Sniffing: This process involves specialized intercepting tools or software that can intercept and reassemble internet data sent between a router and a device. From a technical perspective, it’s very easy to set up a Wi-Fi sniffer since all you need is a laptop and some widely available software to add the necessary functions.
- Karma Attacks: To carry out this type of attack, a malicious hacker needs a specialized hardware tool which can create a clone of the target Wi-Fi, tricking connected devices into switching to the cloned network. At this stage, the malicious hacker has complete visibility of what the connected devices are doing while in the network.
Case study: Within 20 minutes a hacker was able to know many details of the people who used the public Wi-Fi at the coffee shop; where he was there. Personal information like name, age, birthplace, schools attended and last five things they have goggled wee easily accessible by the hacker.
All that Hacker uses is a black box with antenna and his laptop. Hacker switches on his laptop and device, launches some programs and soon the screen starts to fill with green text lines. It gradually becomes clear that hacker’s device is connecting to the laptops, smart phones, and tablets of cafe visitors. The antenna of the device is intercepting the signals that are being sent from the laptops, smart phones, and tablets around. Hacker was able to see which Wi-Fi networks the devices were previously connected to; the names of the networks are composed of mostly numbers and random letters, making it hard to trace them to a definite location. The hacker could also retrieve their passwords; steal their identity, and their banking details.
- Any hacker trying to hack using public wifi network will wait for everyone to connect to the fake network.
- Then he will scan for name, passwords and sexual orientation
- Later he will try to obtain information on occupation, hobbies and relational problems
Measures you can take to stay protected on public Wi-Fi
Generally speaking, as a precaution, you should not engage in any sort of sensitive web browsing, such as accessing your bank account or entering payment details when connected to public Wi-Fi. Consider these additional safety measures to keep your information protected:
- Never use public Wi-Fi networks to access sensitive information. Causal browsing is ok with public Wi-Fi.
- If you regularly use public Wi-Fi, it is better to use a Virtual Private Network (VPN).
- VPN creates a private network for you to shuttle information back and forth, adding an extra layer of security to your connection.
- Find a trusted VPN services online, but always better to choose one from a reputable security provider.
- If you need to use public Wi-Fi to do your official work and if your company offers VPN access use it.
- Only browse websites that start with HTTPS and avoid websites that start with HTTP while on public Wi-Fi.
- Websites that start with HTTPS are encrypted, adding an extra layer of security and making your browsing more secure.
- You should also consider installing an extension like HTTPS-Everywhere to force all websites you visit to connect using HTTPS.
- Configure the wireless settings on your devices to not automatically connect to available Wi-Fi hotspots. This ensures that you do not unknowingly connect to public networks.
- You can do this by turning off the “Connect Automatically” feature on your computers so do not auto-connect and search for known Wi-Fi networks.
- Consider using a privacy screen if you must access sensitive information in public areas.
- Treat and protect your mobile devices such as smart phones and tablets with the same precautions you would do for your laptop or desktop computer when you join a Wi-Fi network.