How Secure are Public Wi-Fi Hotspots?

You’d be surprised at just what you are risking. Like many people who use mobile devices, on more than one occasion, you’ve probably whipped out your smartphone or tablet and seen a login window to a WI-Fi hotspot appear. That comes as no surprise because Wi-Fi networks are extremely commonplace now — many coffee shops and burger outlets now offer free Wi-Fi as an incentive to visit their establishment. And they can be handy when you’re out and about and need to check your email, catch up with your friends on Facebook, or post that quick update to Twitter.

But before you connect, think carefully. Exactly how secure is that hotspot? And what dangers might there be lurking within? Is it a real, legitimate hotspot, or have the bad guys set up a honey pot with the intention of sniffing as many passwords and other credentials as they can? (A honey pot is a fake resource set up by cybercriminals to trap unsuspecting users. The honey pot is made appealing to the end-user to encourage them to access it).

Unfortunately, not everyone is this lucky — in many cases, it takes months before any wrongdoing comes to light — and by that time, a lot of damage may already have been done, both to your financials and your reputation.

So why are hotspots so dangerous?

Whenever you connect to someone else’s Wi-Fi from your smartphone or tablet, your personal data is vulnerable to hackers. You won’t definitely get hacked, but the potential is there.

Remember: you’re accessing the Internet, downloading email, and updating Facebook over someone else’s Internet connection. Who knows how they have it configured?

While there are many legitimate Wi-Fi hotspots around that are perfectly safe to use, there are also many that can cause you a whole heap of trouble. If you frequent locations such as airport lounges, coffee shops, convention centers, libraries, and other public places, you’ll already have seen the proliferation of hotspots that are available for you to connect to. However, some of these should be referred to as danger spots as well as hotspots; because of their popularity, they are frequently targeted by the bad guys because they know that the chances are high they’ll be able to connect to an unsuspecting user’s computer, or trick unsuspecting users into connecting to their Wi-Fi hotspots.

If you have no alternative but to connect to a public Wi-Fi network or hotspot, practice safe surfing in every possible way:

The first and most important thing to do is make sure that the network you are connecting to is genuine and not something is thrown up by criminals intent on getting your personal information. Before you connect to a hotspot, speak to a nearby receptionist or individual who would know to attempt to confirm that the hotspot is legitimate. Also, look out for signs; most organizations that provide free Wi-Fi will generally post up a sign advertising the fact. The sign will contain the network name (also known as the SSID) and password. If you can’t see a sign and there are no individuals around to confirm that the network is legitimate, don’t join it.

Avoid Wi-Fi networks that do not require a password to join. Running a WiFiY hotspot competently and professionally means taking security seriously. A major indication that security has taken a back seat is where the hotspot has been so poorly configured that it doesn’t even need a password to be incompetent or misguidedly thought he was making it ‘easier’ for people to connect by removing the need for a password. Even if the hotspot is legitimate, hackers who have identified that no password is required to connect will find it easier to poke around in places where they are not wanted. Another alternative is that the insecure hotspot was actually set up by identity thieves wanting people to connect to their network. If you’ve ever connected to a hotspot that didn’t require a password and then felt smug that you’ve somehow beaten the system, think twice before patting yourself on the back: If a password is not required, the network is not safe. And connecting to Wi-Fi networks that are not safe is a terrible idea.

If you’ve confirmed that the hotspot is legitimate and you’ve connected to it, feel free to surf to your heart’s content, but under no circumstances should you perform any financial transactions over it. This covers buying things from popular online destinations as well as accessing your bank account. While the hotspot may be genuine, you still cannot guarantee that the bad guys are not eavesdropping to see if they can glean information being sent between your device and their network. If you limit this information’s value, there will be nothing for the bad guys to steal. If the Wi-Fi network is not your own, wait until you get to a network that you really trust (like your home network) before conducting financial transactions. If you need to check your bank balance, visit an ATM instead; you’d be surprised at the features modern ATMs have.

Restrict your surfing to general websites that don’t require you to provide account details or other login credentials. While it’s true that cybercriminals are after your banking details, they’ll quite happily take any other personal details that you care to share with them, such as logins to your email accounts, etc. Essentially, you want to eliminate the potential of any of your passwords or personal information being sent over the Wi-Fi connection. It’s not as easy as it sounds, though, especially when you remember that most browsers will auto-fill your credentials into some websites when you visit them. Be alert when visiting those sites. Once the bad guys have you on their network, they can then redirect you to websites that look legitimate but are really just elaborate fakes. Those websites then attempt to download and run malware on your smartphone or tablet. If they are successful, and the malware is run, then your device becomes compromised. When your device is compromised in this way, the bad guys can access it through a ‘back door’ in which the malware opens up. The back door allows the criminals to run programs and code on your device whenever they want to. Typically the programs will allow the criminals to snoop around your device, access your personal data, take pictures and even record audio and video. If they have downloaded your data, they can then use that data for their own means or sell it to other identity thieves.

Poorly configured hotspots

Not all Wi-Fi hotspots set out to grab your data or compromise your smartphone. Some might be legitimate, but the individual who set the network up was incompetent. The result is an insecure hotspot, which is more likely to make you end up with a compromised device after using it.

Many people set up Wi-Fi networks without changing the default administrator passwords. Hackers who are skilled enough (and have the right equipment) can tell what type of hardware is being used on the network. They can then try the default passwords for those bits of hardware (such as routers) and, chances are, they’ll be logged on with administrator permissions in no time. Once they have control of the network, they can make changes to their benefit and the detriment of anyone who logs onto the network.

For example, the hacker may turn off encryption, meaning that information sent over the network — such as passwords and banking information – is sent in plain text. This makes the information easy for the bad guys to access and is one reason you should not visit banking or financial websites over Wi-Fi hotspots.

Once the bad guys have the network how they want it, all they need to do is sit back and observe. Sooner or later, they will have someone logging on and accessing sites that require passwords and other confidential data which can be harvested for later use.

Besides, when using public Wi-Fi, look out for shoulder surfers. These are people who’ll look over your shoulder to see your passwords and account names as you type them. While you may not think they’ll be able to see much, you’ll be surprised; they have become very skilled at working out what you’re typing.

In addition to shoulder surfing, identity thieves have been known to use cameras with powerful zoom lenses to record passwords and keystrokes. Bear these points in mind when choosing your seat.

What not to do:
  • Don’t connect to Wi-Fi hotspots that do not have a password.
  • Don’t conduct financial transactions over a Wi-Fi hotspot.
  • Don’t forget to change default passwords on the Wi-Fi networks that you set up.
  • Don’t forget to periodically review the settings on the Wi-Fi networks that you set up.

This is how you can keep your privacy safe and avoid malicious attacks on your device. We hope you’ve got enough information about the topic, so make sure you comment and share your views on it.