Using public wifi is convenient and free. Sounds great, right? Think again. You might be saving money on your mobile data plan but it could end up costing you your privacy.
What is public Wifi
Public wifi is found at most airports, hotels, libraries or local coffee shops. Establishments that offer public wifi permit you to use their internet connection to access the internet. Many of these establishments require you to enter a security code prior to accessing the public wifi network. The security code is often provided by asking an employee of the establishment or it may be posted near the front desk or check-out counter. Public wifi is similar to the wifi network you use at your home except that you do not control who gains access to the network. This means that you and anyone else in the vicinity can join and use the network. including hackers.
The greatest risk of using public wifi is a man-in-the-middle, MITM attack. A MITM attack exactly as it sounds. Someone inserts himself in to the middle of your connection with the network, your email communications, your web browsing, or more.
One type of MITM attack is wifi eavesdropping. This is accomplished by the hacker cloning a public wifi network. It looks just like the legitimate one and may even have the same network ID, or name. He may even boost the strength of the network so it is the strongest one in the area. The goal is to confuse you in to joining his malicious network as opposed to the legitimate one. Once you are connected he could install malware, software with malicious intent, on to your device. He could monitor or store your traffic including your login credentials. Wifi eavesdropping is difficult to detect. It is very difficult to determine which available wifi network is malicious and which is legitimate by picking from a list of available wifi networks. One potential warning sign of wifi eavesdropping is viewing two available wifi networks with the same name or similar names.
Anyone in the vicinity of the public wifi network can join the network. This includes hackers. A hacker may join the public network and launch an email hijacking man-in-the-middle attack against you. This enables a hacker to secretly relay or alter communications between two parties. You may think you are communicating with your office, but you are actually communicating with the hacker. Perhaps you are waiting for wire transfer instructions from your title company. The hacker can intercept the email and send you different wire transfer instructions. Except these instructions send your money to his bank account as opposed to the title company.
Another type of MITM attack is session hijacking. You are using public wifi and have logged in to your bank account. You think everything is fine. What you don’t know is that a hacker has your login credentials which were obtained by stealing your browser cookies. Now the hacker can steal your identity and log in to your account.
Shoulder surfing is not a MITM attack but it is still a credible risk when using public wifi. No fancy technology is required with shoulder surfing. It is exactly as it sounds. While you are working away on your laptop, someone has strategically placed himself in view of your monitor. Now he can observe or record, on his smartphone, everything you are doing on your laptop.
Here are a few things you can do to reduce your risk.
• If there are two available wifi networks with the same name avoid the both of them.
• Disable the auto-connect to available wifi networks on your device. You should have to choose the wifi network that you want to use.
• Use your mobile phone as a personal hotspot, if available. Contact your mobile phone carrier for additional information.
• Purchase a mobile hotspot device to use when out of the office. These are available through mobile phone carriers.
• Use a VPN, virtual private network, when you must use public wifi.
• Use a privacy screen on your laptop or tablet.