Published 13 June 2017 Category: IT

Wise Up About Public Wi-Fi

As you already know, connecting to public Wi-Fi networks is a risk for anyone. Well, we may not think it is, but it is. It really doesn’t matter if you work for a big, medium or small company, or if you’re just surfing online for your own personal business. Someone who wants to get in will do it, and it won’t be hard for them to do so. But, when we see that there is a free network for us to connect to, we get excited. Free? How great! Well, not exactly.

There are dozens of online tutorials showing hackers how to compromise public Wi-Fi, some of them with millions of views. The most common method of attack is known as “Man in the Middle.” In this simple technique, traffic is intercepted between a user’s device and the destination by making the victim’s device think the hacker’s machine is the access point to the internet.

A similar, but more sinister, method is called the “Evil Twin.” where: you log on to the free Wi-Fi in your hotel room, thinking you’re joining the hotel’s network. But somewhere nearby, a hacker is boosting a stronger Wi-Fi signal off of their laptop, tricking you into using it by labeling it with the hotel’s name. Trying to save a few bucks, and recognizing the name of the hotel, you innocently connect to the hacker’s network. As you surf the web or do your online banking, all your activity is being monitored by this stranger.

Still not convinced of the risks? Here’s a story that should worry business travelers in particular. Around 3 years ago in 2014, experts from Kaspersky Lab uncovered a very sophisticated hacking campaign called “Dark Hotel.” Operating for more than seven years and believed to be a sophisticated economic espionage campaign by an unknown country, Dark Hotel targeted CEOs, government agencies, executives, NGOs, and other high-value targets while they were in Asia. When executives connected to their luxury hotel’s Wi-Fi network and downloaded what they believed were regular software updates, their devices were infected with malware. This malware could sit inactive and undetected for several months before being remotely accessed to obtain sensitive information on the device.

Although antivirus protection and firewalls are essential methods of cyber defense, they are useless against hackers on unsecured Wi-Fi networks. Consider the following seven security tips to keep prying eyes out of your devices:

  • Don’t use public Wi-Fi to shop online, log in to your financial institution, or access sensitive sites — ever

  • Use a Virtual Private Network, or VPN, to create a network-within-a-network, keeping everything you do encrypted

  • Implement two-factor authentication when logging into sensitive sites, so even if malicious individuals have the passwords to your bank, social media, or email, they won’t be able to log in

  • Only visit websites with HTTPS encryption when in public places, as opposed to lesser-protected HTTP addresses

  • Turn off the automatic Wi-Fi connectivity feature on your phone, so it won’t automatically seek out hotspots

  • Monitor your Bluetooth connection when in public places to ensure others are not intercepting your transfer of data

  • Buy an unlimited data plan for your device and stop using public Wi-Fi altogether

The better you protect yourself, the greater your chances of minimizing the potential damage.

Remember: Falling victim to public Wi-Fi’s dangers is a question of when, not if. Here's Compass Offices' take on secure Wi-Fi and how we protect our clients.