Free Public Wi-Fi – Too Good to be True?
The age-old adage, ‘There is no such thing as a free lunch’, could well be adapted for the 21st century to ‘There is no such thing as free Wi-Fi.’
Whilst both the geographical and financial convenience of using public Wi-Fi has made its usage omnipresent across the world, it is deemed to be one of the least safe ways the access the internet. Cyber criminals are well aware of the lax standards of security associated with public Wi-Fi hotspots and readily target them.
The Rise and Rise of Public Wi-Fi
The three most popular places that people connect to public Wi-Fi networks are in coffee shops, airports and hotels. Devices connected to free Wi-Fi hotspots in places like these are frequent targets for hackers due to the fact that such networks often do not require authentication to establish a connection.
We at NECL have a wealth of experience in combatting cybercrime in a variety of different public, personal and business environments. As such, we have identified the three of the most common ways in which cybercriminals exploit public Wi-Fi networks, as follows.
1. Malicious Hotspots
These are hotspots created by cybercriminals that impersonate a genuine network, with the intention to trick someone into connecting to a malicious network that can then steal their data. Someone visiting a coffee shop called ‘Bean to Cup’ (and with the Wi-Fi network similarly being called ‘Bean to Cup’) could inadvertently connect to a network named ‘BeanToCup’ – a malicious network installed within the proximity of the genuine network.
Once someone unwittingly connects to this imposter network, cybercriminals will gain access to all of the information that this person accesses. This can be particularly dangerous if the person logs on to their e-mail or online banking accounts.
2. Man in the Middle Attacks
Man in the middle attacks are becoming increasingly prevalent and involve a hacker eavesdropping on a conversation between two parties and, in the worst instances, changing the nature of the correspondence.
When a mobile device or computer connects to the internet, data is sent from one device to another. Encryption vulnerabilities at either of these points can enable a hacker to view these exchanges and then correspond accordingly.
Imagine 50 years ago if Business A sent an invoice by post to Business B requesting a bond deposit of £1000 for construction work. The postman opens this letter before he delivers it to Business B, reads it, reseals it and delivers it. The postman then eagerly waits for a response from Business B with a bond for £1000. Once Business B posts the letter out, the postman intercepts it and steals the bond.
This scenario sounds rather convoluted, but it is essentially the way that man in the middle attacks operate in the present day in an attempt to steal from businesses.
The Waiting Game
In one recent example, a criminal group operated a man in the middle attack on a series of businesses throughout Europe and stole €6 million simply by monitoring communications. When the time for several payments approached on various projects, the hackers simply sent invoices out with their own bank details on them before the legitimate businesses had sent their own invoices out.
3. Unencrypted Networks
These are particularly vulnerable public networks – an open wireless connection means that no password input is required in order to connect to the network. If your mobile settings are configured to automatically connect to proximate Wi-Fi networks then an unencrypted network can allow hackers to scan your PC or phone and actively try to exploit your hardware and software.
In addition to this threat, hackers may also be able to view all of the data held on your device, such as downloads, images, e-mails and passwords.
Staying Safe on Public Wi-Fi
Three of the simplest things that you can do to be more secure are to never allow your Wi-Fi to automatically connect to networks, make sure that you are connecting to the correct network when using the Wi-Fi in a public space and to avoid accessing banking information and e-mails when in public.
Additionally, a Virtual Private Network (VPN) is a useful tool that helps to keep data secure when using a public Wi-Fi network. VPNs encrypt the data that is sent from any device and also mask your own IP address with a specific VPN IP address. What this effectively means is that your data will not be able to be viewed by any third party and that your location will also be hidden.
Advice for Businesses
When businesses order new Wi-Fi routers they tend to arrive factory sealed and with the encryption turned off. To ensure that the most secure network connection is established it is advisable to have a professional IT worker set up the modem connection with full encryption. Once the router is fully secure, IT consultancy experts can then help you to install the most up-to-date anti-malware software.
Advice for Public Users
Many businesses neglect to have their network professionally activated, thus public users of Wi-Fi are advised to install a VPN on their device. Some VPNs are available to download for free, however if you want a super secure VPN then it is advisable to purchase one so as to obtain the upmost security, functionality and privacy.
NECL offers a range of IT consultancy options for businesses and individuals alike. Our range of popular IT services and packages are supplemented by our bespoke plans, which can be tailored to your specific requirements.