An Unsecured Wi-Fi Network Equals Danger.

So what is the most dangerous word or phrase when it comes to Wi-Fi?  Could it be jamming or sidejacking?  Password Theft? How about rogue access points?  While those are all certainly scary words, there's another that should instantly sound alarm bells in your head whenever you see it.  You may have seen it yesterday or perhaps you will run into it later today at your local coffee shop.

Still wondering?

Here it is – “Free Wi-Fi”.  Or maybe even just “free.”

In fact, the FBI and the Federal Trade Commission all caution U.S. citizens when using free Wi-Fi and be mindful of the security risks.  Other organizations such as the AARP caution its members that “Free public wireless networks may come at a steep price — the theft of your finances and identity.” In the UK, the public awareness site for online safety, GetSafeOnline.org, lists numerous recommendations in dealing with a “free” but threatening environment that is characteristic of public Wi-Fi.

Free WiFi is everywhere these days, giving us the ability to work remotely in coffee shops and restaurants. It’s very convenient but potentially unsafe. Connecting to a public Wi-Fi network requires little authentication — at best you’ll be greeted by a captive portal and have to check a box agreeing to the terms of service.  Anyone can connect to these networks, including cybercriminals.

The Cost of Free!

As most learn at some point in life, “free” always has a cost.  In the case of free Wi-Fi, that cost is the risk involved in signing on to free public Wi-Fi.  When something is free, there is little incentive to invest much money into it in order to improve the quality of it.  In the case of the free Wi-Fi offered by many businesses, this may mean any one or all of the following:

  • The use of inexpensive store bought SOHO wireless equipment rather than enterprise level hardware with Wi-Fi security enabled
  • Outdated equipment that may not support the latest security protocols
  • Equipment and SSIDs are not configured according to industry best practices
  • The lack of basic firewall security
  • The lack of any sort of content filtering on the Wi-Fi network. An unsecured Wi-Fi network equals danger.

The presence of any of these factors can contribute to an insecure environment, which hackers can easily target unsuspecting users who are oblivious to their potential jeopardy.  Some of the most common threats include the following:

  • Stealing your password or personal information within a non-encrypted connection or through a rogue access point
  • Session hijacking so that a hacker can browse a site using your own online account
  • Obtaining information on your computer by directly accessing your computer
  • Downloading malware and viruses that can then conduct their malicious tasks

Free doesn’t sound as enticing now does it?

This does not mean that you should never utilize public Wi-Fi.  It simply implies that there are certain precautions you should always take when utilizing it.  Of course, you would never verbally give out your passwords or personal identification numbers within a crowded coffee shop.  Well, a wireless hotspot is full of prying ears as well as everyone shares the same wireless access point.  In a sense, it is one big conversation.

  • Never conduct any sort of financial transactions such as online banking or online shopping
  • If you ever must access a secure site that requires authentication, always make sure that the URL starts with “HTTPS” rather than simply “HTTP.”  HTTPS means that you are connected to the designated site with an encrypted connection.
  • Consider a password manager to handle all of your online passwords.  By letting the password manager do all of the work, hackers cannot use key loggers or other tools to capture your passwords.  It also uses encryption to store and secure them on your device.
  • If your employer provides VPN access, then ensure that the VPN connection is enabled automatically upon the immediate detection of an Internet connection.
  • Consider a VPN subscription if you travel a lot or are forced to utilize public Wi-Fi a lot.  Using a VPN subscription service ensures that you always have an encrypted connection no matter where you are. 
  • Turn off file and printer sharing as well as network discovery.  In Windows 10, this is implemented in the advanced settings within the Network and Sharing Center.  In the same way that enabling this feature makes it more convenient for co-workers and family to access your files, it makes it easy for intruders as well.
  • Turn off the Wi-Fi feature on your device when not required.  When enabled, your device may be connecting to available Wi-Fi hotspots throughout the day, often when you may not be aware, making your device even more susceptible to attack. 
  • If applicable, enable and configure the public profile of the local firewall on your device such as the one that comes with the Windows operating system.
  • Protect your system with modern day security suite that not only quarantines known malware applications but also blocks access to known malicious websites.  If you do not have a security suite, then configure the security settings of your favorite web browser at the very least.  These types of settings can also block reported attack sites and prevent the automatic downloading of files.

Public Wi-Fi Networks – How Safe Are They?

Public Wi-Fi networks are mainstream today. Restaurants, hotels, stores, transportation hubs, libraries all provide guest Wi-Fi free or for a nominal fee. It’s a service an establishment can offer for minimal cost and effort, allowing for a tidy profit stream, useful user information and better customer satisfaction. Few users give a second thought to accessing these networks, from their tablet, laptop or smartphone – but should they?

Most companies imagine that things such as public Wi-Fi are a background consideration. However, with the internet playing an increasing role in the success or failure of businesses, it is important to ensure public Wi-Fi is secure.

What Risks do You Face When Using Public Wi-Fi?

Next we’ll examine the various threats posed by public Wi-Fi as well as some common tools used by attackers. When it comes to public Wi-Fi, the most likely threat is a common hacker or scammer attempting to steal a user’s information for profit.

Attackers are often after personal details such as your name, address, financial information or social security numbers.
There is also the potential for blackmail if an attacker finds compromising documents or images on your device.
If you have file-sharing options turned on it can be easy for an attacker to load ransomware onto your device, encrypting your data and demanding a ransom to unlock it.

On public Wi-Fi, there are many ways scammers can use to get to you. Here are some of the most common:

  •  MITM attacks

The ‘Man IN The Middle’ attacks are a common form of attacks on people on public Wi-Fi. A hacker captures the data you are sending. Most hackers who use this method exploit flaws in apps or websites that allow them view the information being passed. The information can include bank details, passwords, personal identification information, and other data that could be used for identity theft. The most common type of MITM attacks are those that occur over unencrypted  unsecured Wi-Fi networks.

The easiest way for an attacker to exploit public WiFi is to position himself between clients and the router.  A man-in-the-middle attack (MITM) is like eavesdropping where an attacker can get in-between point A and B and intercept data.  Sometimes this data can be modified in the process of transmission to trick the  victim into disclosing sensitive information, such as log in credentials. The victim will likely never notice anything is amiss.

Once the user falls for the deception, the data is collected.

For users using weak passwords,  even if that password is encrypted it will not take long before the attacker cracks your password. Learn how to create a strong password this will make them harder to crack. Security depends on the trust between devices on a  network and when a user accidentally trusts a malicious party the network becomes compromised.

  • Fake Hotspots.

Not all public hotspots are legitimate.  Attackers create “free” WiFi networks (often called evil twin hotspots) in an attempt to lure in unsuspecting users. When you connect to such a network, you give criminals an opportunity to monitor all your data.  

All an attacker has to do is find a high-traffic location and set up a fake network with a legitimate sounding name like ‘Hotel Wi-Fi.” By the time the attack is uncovered or authorities have isolated the  source of the signal, the attacker is has moved on - with the stolen user credentials.

The whole experience is transparent to the victim. Most of the time the hacker allows the victims to reach their intended Internet destinations while they secretly eavesdrop on the network traffic so that they can steal the information from the victims as the victims attempt to login to their e-mail, provide credit card numbers while shopping online, etc.

Avoid using open Wi-Fi hotspot – always ensure they’re secured and that a password is required to access.

  • Wireless “sniffing.”

This is a practice where your data is observed, intercepted, and interpreted. It helps experts to diagnose any problems on the network. In the wrong hands, it can be used to monitor and collect data from unsuspecting victims.

Common Tools used by Wi-Fi attackers

While many sites are switching to Secure Socket Layer (SSL) which provides end-to-end encryption, there are various ways an attacker can circumvent this. One example is  an SSLstrip,  a tool that transparently hijacks HTTP traffic on a network. There are various pen testing tools for mobile devices, like zANTI.  This lets security managers assess the risk level of a network with the push of a button but it can also make it easy for attackers to scan public WiFi networks and find vulnerable devices — including yours. There is no shortage of tools and guides to help aspiring hackers learn how to infiltrate a public Wi-Fi network.  Most of these tools are so easy to use, a ten-year old could do it.

How To Stay Safe on Public Wi-Fi

1. Check the Terms and Conditions.

In your desire to get some free internet, it can be quite tempting to click through any terms and conditions that pop up on your screen. However, you should be careful about what you sign up for in public. A huge amount of free public Wi-Fi also takes something from you. These firms will give you some bandwidth as long as you agree to give them your email address and a phone number for instance.

The terms and conditions include details on how the company will make use of the data they collect from you. If you can bear to wait for just a few minutes, it can be quite beneficial to read what you are giving up. It is one of those times when having an alternative email can prove useful.

2. Stick to Advertised Wi-Fi Networks.

Just because you see free Wi-Fi pop up on your screen does not mean you must connect to it. Hackers are known to set up free Wi-Fi that they use to mine data from unsuspecting individuals. If you see open Wi-Fi that is not advertised publicly, you will have to think twice about using it.

3. Only Visit Secure Sites on Wi-Fi.

The green padlock at the top left corner of your browser shows you that you are connecting to a secure site. This sign is even more important when you are relying on free Wi-Fi. Think hard before doing anything important when on free Wi-Fi. For instance, avoid making any credit card transactions on public Wi-Fi. Additionally, it is best to use a mobile browser rather than an app when on public Wi-Fi. Mobile browsers are better at checking the security of sites than apps. Some apps could be accepting fake security credentials without you knowing about it.

For apps, you are at the mercy of developers when it comes to app security. You should only use apps from trusted companies when using public Wi-Fi. Such companies spend millions every year to ensure that their apps are secure. However, even then you are not guaranteed of being secure.

4. Switch Off Sharing.

When your device is connected to the Internet in a public area, you will not want to share anything. You can turn off sharing in the Control Panel depending on the OS you use. You may also opt to have your OS do it for you by choosing “Public” the first time you connect to a public network.

5. Switch Off Wi-Fi Capabilities in Public.

Even when you are not actively connected to any Wi-Fi network, your computer hardware can still transmit data to any network that is in range. There are measures in place to keep such networks from getting in touch with you. However, hackers can be quite smart, and they can get into your laptop. Besides that, switching off Wi-Fi settings allows you to extend the battery life of your device.

Other Useful Tips.

Avoid downloading anything when using public Wi-Fi. Additionally, always ensure that the OS and all other software are always up to date. Although your device automatically manages your connection when you are on public Wi-Fi, it is always best to double check. When you are done with a Wi-Fi, always forget the network. That way, you can reduce the security risk to your device. Additionally, make simple choices like using different passwords for each app.

Are we ignoring security risks for the sake of Wi-Fi connectivity?

Most are unaware of the risks of using public Wi-Fi. Results of a survey conducted in May of 2016, by Symantec, revealed a lack of awareness, among public Wi-Fi users, as to the risks and personal responsibilities associated with Public Wi-Fi. 

  • Over 60% of the respondents believed that their information was safe while accessing public Wi-Fi and only half of those polled understood they are responsible for ensuring their privacy is protected.
  • 17% of the respondents believed that it is the duty of websites to protect visitors’ information, while using public Wi-Fi
  • Another 17% believe the responsibility lies with the provider of Wi-Fi access.

Who Is Responsible For Ensuring Public Wi-Fi Security?

The short answer as to who is responsible for public Wi-Fi security is all parties involved – the user, the business offering the service, the websites visited, the equipment manufacturer and the provider of security software. All have a vested interest in maintaining security, whether it is the protection of data, public image or discouraging further attacks.

Providers of public Wi-Fi legally liable?

As to who will be held accountable varies by jurisdiction and on a case-by-case basis, predicated on negligence/behavior determined in court. A likely precedent as to how courts will view responsibility can be found in the September 2016 ruling by the Court of Justice of the European Union (CJEU). Sony had sued a business owner in Munich, Germany for copyright infringement because someone had downloaded music illegally on his public Wi-Fi. A lower court had found that the shop owner was liable, for having an unprotected network. However, the CJEU overturned the ruling, but did stipulate providers of public Wi-Fi should require users to present identification and to password protect their networks, or they could be liable for nefarious behavior in some cases.

The CJEU decision is not the only stipulation as to how a business must protect Wi-Fi networks. PCI DSS regulations require isolating point-of-sale (PoS) operations from public Wi-Fi, using either a firewall or a second DSL line. Gramm-Leach-Bliley Act (GLBA) and Health Insurance Portability and Accountability Act (HIPPA) both require reasonable measures for protection of data with substantial fines for violations and even imprisonment for failure to do so under GLBA. Certainly, any business offering public Wi-Fi should take every reasonable precaution to secure the network, or there could be serious consequences.

So, while users, businesses, ISPs and manufacturers should all take appropriate steps to ensure a safe experience on public Wi-Fi, the business offering the service likely has the most risk of legal repercussions, if the network is not secure. Business need to ensure their ISPs are providing the most secure Wi-Fi possible to avoid legal fines.

WebTitan Cloud For Wi-Fi

WebTitan Cloud for Wi-Fi provides businesses with an user friendly, yet robust, mechanism for securing user and company information, tracking user activity and controlling content – all critical to a safe and compliant public Wi-Fi offering. To learn more about WebTitan Cloud for Wi-Fi,  email us at  info@titanhq.com.

Public Wi-Fi is a massive boost to productivity. It’s super convenience for all of us, but it brings with it a myriad of risks to mitigate against. As we’ve shown earlier it’s easy for attackers to steal your login credentials, personal information and other data,  with the ever-growing arsenal of tools and new techniques being used.  As technology grows, so do the security flaws. Be prepared.

Get Your 14 Day Free Trial

Talk to Our Email and DNS Security Team

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us