Imagine this scenario: you’ve just landed in a new city. What’s the first thing you would think of doing? Head to the luggage belt? Visit the washroom? No – it would typically be scanning for free Wi-Fi networks at the airport. It’s sort of an automatic reaction that has developed ever since the smartphone boom.
It’s not just airports though, as today, you can find free Wi-Fi pretty much everywhere – in malls, coffee shops, public transport, restaurants and in 2016, we’re going to see this increase ten-fold with big conglomerates like Google as well and the Government stepping in to make public Wi-Fi ubiquitous in India. It’s a great idea, and one that’s been widely praised.
However, one of the pitfalls of public Wi-Fi is that it’s easily open to attacks from hackers. According to Norton’s Cybersecurity Insights Report, millennials seem to be the most vulnerable to attacks as most of their work, business, and socialising is done online. The report also found 77 percent of Indians would be devastated if their personal financial information was compromised and around 52 percent have experienced credit card fraud, or know someone who has.
Jagdish Mahapatra, Managing Director for Intel Security, India and SAARC, tells Gadgets 360 that the firm’s recent study for India highlighted that diet or fitness related promotional links are something that cyber criminals run on a regular basis. He also states that 78 percent of Indian consumers consider dangers of unsafe online search terms but click on promotional diet [weight loss] links. That said, 44 percent of survey respondents have purchased a service or product from a promotional link without knowing whether or not it’s a secure site. Many respondents reported their willingness to share information like email address (79 percent), full name (72 percent) or age (53 percent) with a website, service or company in hopes of reaching their goal weight or dream body.
How can a hacker get your data?
The biggest problem with public networks is the lack of authentication. To join a free network, you typically have to tap the desired icon, enter some credentials like your mobile number in a browser window (if at all) and you’re good to go.
There isn’t any password required to join as you would normally have at home or in private networks. This means anyone can join the network and start tapping into your information very easily. In fact, Mandar Bale, Strategic Business Manager at FireEye, tells Gadgets 360 that even browser plugins like Firesheep have demonstrated how easily Web sessions can be hijacked in order to steal credentials.
The most common type of attack, he explains, is known as the man-in-the-middle attack. Here, the hacker is able to exploit a security flaw in the network to position himself between you and the access point. Bale adds that devices such as Wi-Fi Pineapple make it very easy to perpetrate such attacks. This way, all the information that’s passing between you and the Internet is first intercepted by the hacker.
By sniffing the data, the hacker can potentially recover your financial data, passwords, account logins and other sensitive data that you might have. This could also lead to identity theft if you’re not careful.
Sidejacking is form of hacking where an active Web session is compromised by intercepting the credentials of the user, says Altaf Halde, Managing Director South Asia, Kaspersky Lab. This method mostly works on sites that require a username and password such as mail accounts, social networking sites, to name a few.
Rogue networks are another threat to watch out for. In public places, you’ll often notice many unsecured networks, among which, some of the names might look similar with slight variations. While one of them would be legitimate, the other could be a rogue access point set up by the hacker to lure an uninformed user. These hotspots will typical have names like “Free Wi-Fi” or mimic closely the name of a popular coffee shop or restaurant, thereby fooling unsuspecting users.
Hackers also typically use unsecured connections to spread malware. On a computer with file sharing enabled, this is easily achievable if you connect to a spurious network. According to Kaspersky , hackers have even managed to hack the connection point itself, causing a pop-up window to appear during the connection process offering an upgrade to a piece of popular software. Clicking the window installs the malware.
With this many risks, it’s not a surprise that Sunil Sharma, VP Sales, Sophos India and SAARC, describes joining a public Wi-Fi network as “stepping into a black hole”. And as he points out, even if you’re not a senior corporate executive, it doesn’t mean your data is worthless – even a student needs to stay alert and aware.
How to stay safe on public Wi-Fi?
Despite the looming threats out there, don’t let this put you off public Wi-Fi. Halde suggests, “It’s a good idea to avoid logging into websites where there’s a chance that cybercriminals could capture your identity, passwords, or personal information – such as social networking sites, online banking services or any websites that store your credit card information.”
Rana Gupta, Vice President (Identity & Data Protection), APAC, Gemalto, suggests disabling file sharing on your laptop when connected to a public Wi-Fi hotspot. He says, “while one can safely keep data in sharing mode when using a private network which is secure, one must disable network sharing option on their smartphones and laptops when on a public Wi-Fi network which will prevent hackers from accessing their data.”
In Windows, you can find this under Network and Sharing Centre in Control Panel or System Preferences -> Sharing if you’re using a Mac. It’s also recommended to turn on the firewall for both OSes. Another good practise would be to use the “Forget network” option for public Wi-Fi networks or delete it once you’re done using it, in order to avoid automatically connecting to it the next time you’re in the area.
It’s also important to keep your software patched to the latest versions, whether you’re on a laptop, smartphone or tablet. Hackers are constantly trying to find loopholes and vulnerabilities for your devices, to which manufacturers keep releasing new firmware and updates to fix this. So, the next time you get a notification for an update, don’t ignore it.
Sometimes, even seemingly safe apps have been known inadvertently leak information. A recent investigation by FireEye revealed a popular camera app called Camera360 Ultimate which accidentally leaked sensitive data which could give malicious parties unauthorised access to users’ Camera360 cloud accounts and photos. This issue has been fixed in the latest version of the app. Hence, it’s best to limit your usage of third-party apps, especially when on public networks.
Sophos’ Sharma also suggests that when you’re traveling, invest in a local SIM so you can use mobile data, instead of being completely reliant on Wi-Fi. He also recommends that users encrypt their data. “Assuming you still go ahead and connect to an open Wi-Fi, look out for a padlock symbol on your browser,” he adds. “The lock symbol indicates that your connection to the website is encrypted, which is important for your security and privacy. If it’s missing, exit immediately.”
The simplest solution of course would be to just stick to your data plan but if you absolutely must use a free Wi-Fi network; then do use a VPN or virtual private network, to get your work done. This way, even if a hacker manages to sniff your data, it will be heavily encrypted.
If you’re using Windows, Opera’s latest developer build offers a free built-in VPN service within the browser which requires no setup. Total VPN and CyberGhost and a couple of other popular services that you can try too. Enabling two-factor authentication is another way to protect your login details.
Of course, there are no absolute guarantees when it comes to safeguarding your privacy, even with precautions in place. That’s just one of the side-effects of living in a heavily interconnected world. Staying vigilant and restricting the type of activities you conduct when you’re out of the confines of your home network will go a long way in ensuring your safety on the Web.