People nowadays tend to carelessly enjoy things that are free. Rare are those who actually stop and think of possible consequences or why the service is free. That is the case when it comes to mobile devices and public Wi-Fi networks. Every public Wi-Fi network comes with a security risk. That should have been common knowledge by now, but still, most of the people in America use them according to surveys. The results of a study (courtesy of privatewifi.com) showed that almost three-quarters of the respondents claim to have connected their own, personal email during Wi-Fi session on a public network.
People fail to see that a few hours or even less, minutes of online convenience is surely not better than losing personal info, financial info or money to some thief. Oh yes, and public exposure, that’s one of the possible outcomes. Recently an opinion poll has been conducted, and results show that more people think that public toilet seats are safer than public Wi-Fi networks. However in 2016 at the Republican and Democratic National Conventions attendees were offered with free Wi-Fi ( a public network of course) for social science purposes. Little did they know that they were test subjects. Somewhere around 70% of people present at the convention connected to unsecured Wi-Fi at both conventions.
Be aware that you are taking a huge risk every time you connect to free Wi-Fi at a coffee shop, airport or hotel. Don’t think that these things only happen to big corporations or extremely rich people, over half of the adults in the U.S are exposed, their personal information is available to hackers each year. According to Verizon’s Data Breach Investigation Report, 89% of all cyber attacks happen so as to reveal financial info or spy on people (steal pictures/videos).
Hundreds of online tutorials are available to people showing how to breach into public Wi-Fi networks, and the view count on those videos shows humongous numbers consisting of six digits suggesting that many are interested in something like that. ‘Man in the Middle‘ is the most often method used to attack. Traffic is being intercepted between the user and the destination by making the user’s device think that hacker’s machine is the access point to the internet.
Another technique similar to this but a bit harder is called the ‘Evil Twin.’ User logs on to the free Wi-Fi in a hotel room in the belief that he/she is joining hotel’s network. However, somewhere near a hacker is boosting a stronger signal off of their machine and that network uses the same name of the one from the hotel. The user thinks that he saved some money and connects to the network. Going on Facebook, watching YouTube videos or conducting online transactions is monitored by the hacker.
Here is one story that should warn business travelers. Kaspersky Lab discovered a very professional hacking campaign called ‘Dark Hotel’ in 2014. The operation was active for more than seven years, and it was used for espionage (the perpetrator was an unknown country). Targets of the ‘Dark Hotel‘ were CEOS of big companies, government officials, NGOs and other high-profile targets that were spending time in Asia. Officials or executives would connect to the hotel Wi-Fi (luxurious hotel of course) and then download ‘latest updates’ of software. Little did they know that they had been infected with malware. That ‘Trojan Horse‘ would then sit there inactive for several months and when needed could be activated to obtain important information.
Firewalls and antivirus apps are useless when it comes to these sophisticated frauds. However, you should install antivirus and use a firewall. We made a list of tips for you to shoo away stalkers and thieves:
Monitor your Bluetooth connection when in public places to ensure others are not intercepting your transfer of data.
Only visit websites with HTTPS encryption when in public places, as opposed to lesser-protected HTTP addresses.
Turn off the automatic Wi-Fi connectivity feature on your phone, so it won’t automatically seek out hotspots.
Buy an unlimited data plan for your device and stop using public Wi-Fi altogether.
Use a Virtual Private Network, or VPN, to create a network-within-a-network, keeping everything you do encrypt.
Implement two-factor authentication when logging into sensitive sites, so even if malicious individuals have the passwords to your bank, social media, or email, they won’t be able to log in.
We hope that you’ve learned something from this article and that you’ll think twice before connecting to a free network next time. You know how they say in cybersecurity industry ‘There are three types of people in the world: those who have been hacked, those who will be hacked, and those who are being hacked right now and just don’t know it yet.’ Protect yourself and minimize the risk/potential harm.