Wednesday, July 5, 2017

Public WiFi for dummies


Traveling and staying in a hotel I started to use the Internet via a Smartphone. I paused, thinking data usage might be tight so better use Wi-Fi. Logging into the hotel’s Wi-Fi I paused again, knowing better than to use unsecured public Wi-Fi. Thinking I was only checking the Internet for dining options, it was safe to use pubic Wi-Fi for that purpose. Then the browser failed to load, with a warning that the server was an unsecure network. Thank you Google or Apple or whomever installed a safety feature to moderate our temptations. The tricky thought occurred to turnoff the Wi-Fi, log into the account and then switch on the Wi-Fi. After some research it was revealed that this technique would still leave you vulnerable. After switching the connectivity your phone (the app or website) would renegotiate the connection, although seamless to the user, your login information would still be exchanged and visible.

Decided to look into the pitfalls and dangers of public Wi-Fi. A simple search returned many articles on public Wi-Fi risks. Lots of experts explaining how easy it is compromise networks and for unsuspecting users to fall victim. Smartphones, tablets, and laptops have become appendages to our busy Internet connected lifestyles. Data usage has become the new “minutes” and consumers are looking for ways to save on usage and ultimately money. Public Wi-Fi is a common way to cut back on data usage. However, there is risk to online security.

Risks

Norton reported in 2013 that 68% of people using public Wi-Fi were victims of cyber crime. The Norton Cyber Security Insights Report announced that in 2015 21% of Americans had their email hacked and 12% had their financial data stolen after shopping online. Millennials are a growing victim demographic with 40% falling prey to cyber crime in 2015. Although one of the more tech savvy age groups, Millennials are more open to sharing logons and passwords that compromise their online security.

When you leave the house you are still connected. Whether you login to your accounts via the cellular network or Wi-Fi, nothing is 100% secure. While 4G cellular networks are encrypted and are far, far better than an unsecured public Wi-Fi connection, there have been incidents of cellular networks being hacked. Although the effort is usually much greater than most cyber criminals are willing to make. Public Wi-Fi is a much easier target. Both due to security weaknesses and the plethora of devices being used on those networks.

Breaches

Most public Wi-Fi breaches are through man-in-the-middle attacks. Hackers place themselves either between two victims or between the user and the app and eavesdrop on the transmissions being sent back and forth. It is important when using apps and websites in public to ensure you are logging into the correct site or app as hackers can spoof those and trick users to logging into the hacker’s site.

Just because you need a password to login to public Wi-Fi doesn’t mean it is secure. It just means that there is an authentication step before you can access the router.  Additionally, the person setting up the Wi-Fi may not have installed all the available security features.  The hacker may be logging into the same network as you, giving them access to your transmissions.

When you are browsing, HTTPS is usually a good thing to look for. It means the data transfer between your device and the website is secure-on their end. There is still a possibility that you were hacked on your end. It’s like having a phone conversation but you have your phone on speaker.
The most secure networks offer end-to-end encryption. Financial apps usually are encrypted. Most big name apps/browsers/email/social media are probably secure from man in the middle attacks as the data being exchanged is encrypted, the session can be viewed but not the data. However, we’ve all read about the big guys getting hacked. Better safe than sorry later.

Reduce your risk

Some simple rules to live by while using your mobile devices in public.
When using any network that is not your own, consider it unsecure.
Never use public Wi-Fi to login to anything that requires a password. After using any network that is not your own it is wise to change passwords.
When you do use hotel or public Wi-Fi, make sure you are, in fact, connecting to the hotel's Wi-Fi and not hacker’s site. Look-alike Wi-Fi signals use names similar the hotel or business.  If you’re not comfortable, ask before logging on.
Keep your device OS up to date.
Use COMMON SENSE.

Review our blog archive for other articles cyber security:


No comments:

Post a Comment