Public wi-fi has become an essential service for millions of Americans. It allows us to work in comfortable surroundings, away from the pressures of the office. We can surf the web while we sip barista-blended coffees, and stream movies or curate our Facebook feeds wherever, and whenever we like.
But there’s a dark side to public wi-fi. Unsecured wi-fi networks can pose serious security risks. If you don’t take action, these risks can lead to financial loss, identity theft, and business disasters. So we’ve come up with a list of our top 5 public wi-fi risks to help you stay as safe as possible.
The most famous vulnerability associated with public wi-fi networks is the Man-in-the-Middle Attack (MITM). As the name suggests, this allows attackers to assume a position between users and routers, potentially accessing every packet of data which travels between them.
When that happens, they become immensely powerful. Attackers can assume your identity, sniff Facebook logins, discover financial information, implant viruses – all without you knowing anything about it.
This is a particularly major issue for smartphone users, whose apps often routinely transmit sensitive data. For instance, in 2016 the CBS Sports app was [url=https://www.wandera.com/cbs-sports-data-leak-discovered-during-ncaa-tournament/]flagged[/url] as sending “personally identifiable information” across unsecured networks, while its login processes were criticized as much too open.
CBS is far from alone. Malicious actors are able to lurk on wi-fi networks without risking detection. So without the protection offered by a VPN, almost any mobile or laptop could fall victim to an MITM attack.
If you’ve ever used public wi-fi networks regularly, you may already be familiar with how dirty they can be. Sometimes, when you get home and run a malware or spyware checker, you’ll find huge collections of nasties that somehow found their way onto public wi-fi networks. And that’s no accident. These networks are usually prime vectors for malware transmission.
If an attacker wants to track your activities over a sustained period via tools like keyloggers, unsecured wi-fi networks are the ideal way to do so. The same applies to crypto-miners who want to create slave networks to mine currency.
For instance, as SiliconAngle [url=https://siliconangle.com/2018/01/09/cryptocurrency-mining-hijacking-may-coming-public-wi-fi-hotspot-near/]reports[/url], hackers have created exploits called CoffeeMiner (they aren’t even bothering to cover their tracks). These exploits infect targeted computers and inject scripts which kickstart mining activities. This mining isn’t just insecure. It can sap your battery and blitz your bandwidth, and once the malware is in place, it can be tricky to erase.
The word “public” in wi-fi should raise some alarm bells, and with good reason. Unsecured public wi-fi networks are technically open to anyone with an internet connection. As long as they are connected to the host, they can gain a remarkable level of access to anyone else on the network.
If you’re worried about sending professional documents securely, avoiding wi-fi networks entirely isn’t essential, but it’s advisable. Whether you’re completing your departmental accounts in a local cafe, or putting the finishing touches to a contract application, this information can be valuable for blackmailers and corporate rivals – and when hackers get hold of it, they will know how to use it.
The same applies if you’re worried about official surveillance. For organizations like the NSA, eavesdropping on public wi-fi couldn’t be simpler. As long as you don’t encrypt your data via VPN clients, anything you say or do is available to criminals and official agencies alike.
When you connect to a public wi-fi network, how do you know whether the hotspot you are connecting to is legitimate? You know that it can be accessed from the coffee shop or book store where you are, but beyond that, you’ll probably know very little about the hotspot itself. And this can be very handy for criminals.
It’s also very easy to create fake hotspots that users can’t detect. Freely available tools like [url=https://github.com/P0cL4bs/WiFi-Pumpkin]Wi-fi Pumpkin[/url] provide the framework needed to create a rogue access point on standard laptops.
Attackers can create networks with names that almost directly copy the routers where they happen to be. After that, it’s just a question of waiting for targets to connect. And most people are depressingly vulnerable. They don’t question the identity of local networks, or ask for the precise hotspot address. They just connect to a service which looks legitimate – regardless of the risks.
Finally, when criminals have access to your internet connection, it’s incredibly easy for them to pose as your identity. And when they have assumed your identity, they are free to commit all sorts of unpleasant activity under their new name. But if they commit crimes and the authorities investigate, it’s often the hacking victim who falls under suspicion – at least initially.
Identity theft can result in criminals harvesting your social media login passwords, your credit card information, the contacts on your email address book, and the very content of your emails. In no time, a fictitious version of yourself could be purchasing items on the Dark Web or accessing illegal material. And it all stems from unsecured wi-fi connections.
Take action and use public wi-fi networks safely
As we’ve hinted throughout this list, there are ways to use public wi-fi safely. No-one is 100% secure when they log on, but with a high-quality Virtual Private Network (VPN) on your laptop or smartphone, you can mitigate almost all of the risks we’ve listed.
VPNs aren’t hard to use, and they aren’t expensive. Moreover, given the risks we’ve considered here, using them should be a no-brainer for anyone who depends on public wi-fi.
Find yourself a VPN on VPNpro.comNo tags for this post.