HIGHLIGHTS
Public Wi-Fi networks are a boon but can also be a threat if not careful
Most common attacks include man-in-the-middle, malware and spoofing
Stay safe by using a VPN and avoiding rogue networks
Imagine this scenario: you've just landed in a new
city.
What's the first thing you would think of doing?
Head to the luggage belt? Visit the washroom?
No - it would typically be scanning for free
Wi-Fi networks at the airport. It's sort of an
automatic reaction that has developed ever
since the smartphone boom.
It's not just airports though, as today, you can find free Wi-Fi
pretty much everywhere - in malls, coffee shops, public transport, restaurants and in 2016, we're
going to see this increase ten-fold with big conglomerates like Google as well and the Government
stepping in to make public Wi-Fi ubiquitous in India. It's a great idea, and one that's been widely
praised.
However, one of the pitfalls of public Wi-Fi is that it's easily open to attacks from hackers.
According toNorton's Cybersecurity Insights Report, millennials seem to be the most vulnerable to
attacks as most of their work, business, and socialising is done online. The report also found
77 percent of Indians would be devastated if their personal financial information was compromised
and around 52 percent have experienced credit card fraud, or know someone who has.
Jagdish Mahapatra, Managing Director for Intel Security, India and SAARC, tells Gadgets 360
that the firm's recent study for India highlighted that diet or fitness related promotional links are
something that cyber criminals run on a regular basis. He also states that 78 percent of Indian
consumers consider dangers of unsafe online search terms but click on promotional die
t [weight loss] links. That said, 44 percent of survey respondents have purchased a service
or product from a promotional link without knowing whether or not it's a secure site
. Many respondents reported their willingness to share information like email address (79 percent),
full name (72 percent) or age (53 percent) with a website, service or company in hopes of reaching
their goal weight or dream body.
How can a hacker get your data?
The biggest problem with public networks is the lack of authentication. To join a free network,
you typically have to tap the desired icon, enter some credentials like your mobile number in a
browser window (if at all) and you're good to go.
There isn't any password required to join as you would normally have at home or in private networks
. This means anyone can join the network and start tapping into your information very easily. In fact
, Mandar Bale, Strategic Business Manager at FireEye, tells Gadgets 360 that even browser plugins
like Firesheep have demonstrated how easily Web sessions can be hijacked in order to steal
credentials.
The most common type of attack, he explains, is known as the man-in-the-middle attack. Here
, the hacker is able to exploit a security flaw in the network to position himself between you and the
access point. Bale adds that devices such as Wi-Fi Pineapple make it very easy to perpetrate such
attacks. This way, all the information that's passing between you and the Internet is firs
t intercepted by the hacker
By sniffing the data, the hacker can potentially recover your financial data, passwords,
account logins and other sensitive data that you might have. This could also lead to
identity theft if you're not careful.
Sidejacking is form of hacking where an active Web session is compromised by intercepting
the credentials of the user, says Altaf Halde, Managing Director South Asia, Kaspersky Lab
. This method mostly works on sites that require a username and password such as
mail accounts, social networking sites, to name a few.
Rogue networks are another threat to watch out for. In public places, you'll often notice
many unsecured networks, among which, some of the names might look similar
with slight variations. While one of them would be legitimate, the other could be a rogue
access point set up by the hacker to lure an uninformed user. These hotspots will typical
have names like "Free Wi-Fi" or mimic closely the name of a popular coffee shop or
restaurant, thereby fooling unsuspecting users.
Hackers also typically use unsecured connections to spread malware. On a computer
with file sharing enabled, this is easily achievable if you connect to a spurious network.
According to Kaspersky , hackers have even managed to hack the connection point
itself, causing a pop-up window to appear during the connection process offering an
upgrade to a piece of popular software. Clicking the window installs the malware.
With this many risks, it's not a surprise that Sunil Sharma, VP Sales, Sophos India and
SAARC, describes joining a public Wi-Fi network as "stepping into a black hole".
And as he points out, even if you're not a senior corporate executive, it doesn't mean
your data is worthless - even a student needs to stay alert and aware.
How to stay safe on public Wi-Fi?
Despite the looming threats out there, don't let this put you off public Wi-Fi. Halde
suggests, "It's a good idea to avoid logging into websites where there's a chance that
cybercriminals could capture your identity, passwords, or personal information -
such as social networking sites, online banking services or any websites that store
your credit card information."
Rana Gupta, Vice President (Identity & Data Protection), APAC, Gemalto, suggests
disabling file sharing on your laptop when connected to a public Wi-Fi hotspot.
He says, "while one can safely keep data in sharing mode when using a private
network which is secure, one must disable network sharing option on their smartphones
and laptops when on a public Wi-Fi network which will prevent hackers from
accessing their data."
In Windows, you can find this under Network and Sharing Centre in Control Panel
or System Preferences ->Sharing if you're using a Mac. It's also recommended to
turn on the firewall for both OSes. Another good practise would be to use the
"Forget network" option for public Wi-Fi networks or delete it once you're done
using it, in order to avoid automatically connecting to it the next time you're
in the area
It's also important to keep your software patched to the latest versions, whether you're
on a laptop, smartphone or tablet. Hackers are constantly trying to find loopholes and
vulnerabilities for your devices, to which manufacturers keep releasing new firmware
and updates to fix this. So, the next time you get a notification for an update, don't ignore it.
Sometimes, even seemingly safe apps have been known inadvertently leak information.
A recent investigation by FireEye revealed a popular camera app called Camera360
Ultimate which accidentally leaked sensitive data which could give malicious parties
unauthorised access to users' Camera360 cloud accounts and photos. Hence
, it's best to limit your usage of third-party apps, especially when on public networks.
Sophos' Sharma also suggests that when you're traveling, invest in a local SIM so
you can use mobile data, instead of being completely reliant on Wi-Fi. He also
recommends that users encrypt their data. "Assuming you still go ahead and connect
to an open Wi-Fi, look out for a padlock symbol on your browser," he adds.
"The lock symbol indicates that your connection to the website is encrypted, which is
important for your security and privacy. If it's missing, exit immediately."
The simplest solution of course would be to just stick to your data plan but if you
absolutely must use a free Wi-Fi network; then do use a VPN or virtual private
network, to get your work done. This way, even if a hacker manages to sniff your
data, it will be heavily encrypted.
If you're using Windows, Opera's latest developer build offers a free built-in
VPN service within the browser which requires no setup. Total VPN and CyberGhost
and a couple of other popular services that you can try too. Enabling two-factor
authentication is another way to protect your login details.
Of course, there are no absolute guarantees when it comes to safeguarding you
r privacy, even with precautions in place. That's just one of the side-effects of
living in a heavily interconnected world. Staying vigilant and restricting the type of
activities you conduct when you're out of the confines of your home network wil
l go a long way in ensuring your safety on the Web.
