Public WIFI Security: What Are You Sharing?
An interesting read from Maurits Martijn exploring public WiFi security reveals just how easy it is for a skilled hacker to exploit you and ruin your life if they so choose. The author shares the experience of spending time with an “Ethical Hacker” in an Internet cafe in Amsterdam, to see how simply one can fool the masses by exploiting free, open WiFi.
“We took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled.”
In the test, the hacker pulls a laptop from his backpack and hides a small black device under the menu. When the waitress passes by, we ask for two coffees, and the WiFi password. Meanwhile, the hacker switches on his laptop and the device, launches a few programs, and before long the screen starts to fill with green text lines. It gradually becomes clear that his device is connecting to every laptop, smartphone, and tablet in the cafe.
"Everything, with very few exceptions, can be cracked."
The idea that public WiFi networks aren’t secure is not exactly news. It is, however, information that can’t be repeated enough. There are currently more than 1.43 billion smartphone users worldwide - 150 million in the U.S. alone. Over 92 million Americans own a tablet, and more than 155 million own a laptop. In 2013, an estimated 206 million tablets and 180 million laptops were sold worldwide, and the demand continues to increase. Between coffee shops, trains & hotels, the majority of active portable devices have at one point or another, been connected to a public WiFi network. The good news is that some networks are better protected than others.
The article does a fine job at identifying the risks associated with sharing and using open WiFi, however, the feature fails to provide suggestions on how to achieve the highest level public WiFi security with smart internet surfing. That’s where the experts come in. We’ve compiled a few tips from our team at Echosec.
Top Tips on Public Wifi Security:
1. A good start - make sure you're using HTTPS connections. This ensures that the content of your messages is masked, however, it doesn’t hide the destination. (Much like reading the address on an envelope, but not opening it.)
2. Be picky - Avoid logging into sensitive sites such as online banking, where your private information will be displayed. For these sites, err on the side of caution and tether to your phone’s mobile data plan.
3. Use a VPN - A VPN (virtual private network) is basically a group of computers forming a separate network over the internet. The network of computers exchange trusted keys and verify each other’s authenticity.
4. Change WiFi Settings - It’s convenient when your computer or phone is set to remember and automatically login to WiFi networks you’ve connected to before, however, it’s much safer to have this option disabled, and manually connect to each network, every time. Imagine how many coffee shops and pubs you’re momentarily connecting to when wandering through a city with your laptop in tow.
Hint: To make logging in easier, store the WiFi passwords of your favorite establishments in a secure place such as Keychain on Mac, or Lastpass online.
5. Avoid Cookies - When using public WiFi, block cookies and remove tracking. Cookies remember your computer as you navigate the web, which can weaken your level of privacy. If you need to enable cookies for making a purchase online, or logging into a site, use your mobile data.
6. Digital Defense - Keep the firewall on, and turn sharing settings off whenever your computer is leaving your house or office. This can be done in Control Panel (PC) or System Preferences (Mac).
Book A Consultation To Learn More About Data Discovery with Echosec