Threats When Using A Wi-Fi Hotspot And How To Avoid Being Hacked
I, and many with me, can literally do my work anywhere. When I fancy getting out of the office, I can simply head down to the nearest café, pub or public library, fire up my laptop and I’m away.
But indeed, it’s not just the business-minded or professionally-committed individual who makes use of the constantly connected world that we now live in. We all do, whether we’re at work or play. In fact, I’d even go so far as to say that we have become dependent on wireless hotspots to complete all of our online activities and manage our everyday lives. Of course we have – they’re absolutely everywhere. Cafes, pubs and libraries are only the tip of the iceberg, for any hotel, restaurant, airport, train station or arena that doesn’t offer free Wi-Fi is taking a huge business risk, as the modern public can very easily find a competitor that does.
We want to be able to connect with friends on social media. Check-in with the office whilst we wait for the train. Pay a bill over coffee with friends without having to excuse ourselves from the conversation, even momentarily. Check our emails when we’re waiting for flights. Make doctor’s appointments whilst we’re on our lunch break in the café across the street.
We want to do all of these things, because we can do them. In cities, our smartphones even hook up to the nearest hotspots when we’re walking down the street. The internet has become commoditised to the extreme, in some places almost to the point where it’s as omnipresent as the air that we breathe.
With Freedom Comes Risk
We love the freedom that these open networks deliver. But, alas, with this freedom and flexibility, there are many, many, attendant risks. A lot of open networks are dangerously lax on security, and, combined with the anonymity of connection and sheer chaos of these mass meeting grounds, the pickings are rife for anyone to hack into our devices and get their hands on some of our most valuable information.
Indeed, anyone from the nosey to the out-and-out malicious can hide in amongst all the mayhem, and infiltrate our laptops, phones and tablets. From here they can decode our passwords, siphon off our sensitive data, steal our identities, and infect our devices with all sorts of devastating malware.
The Threats Are Real
Indeed they are. In a recent Wi-Fi hack experiment, antivirus developers Avast found that more than half of Wi-Fi hotspots available in London offered weak and inadequate security protection for their users that were so poor that they would be hackable by “every IT college student”.
“In that experiment, our experts flew into nine cities around the world,” explained Avast spokesperson Marina Ziegler. “In Europe it was London, Barcelona and Berlin and in London we found that 54 per cent of routers were weakly encrypted and easily accessible to hackers.”
Filip Chytry, Avast’s virus analyst, also added that many public routers use default passwords allowing hackers to access private data transmitted via the network including browsing history, passwords and emails.
“Many routers are either completely unsecured or have very weak or even default passwords,” Chytry said. “That means that if a hacker walks into a pub, he can access the router’s settings and for example reroute the traffic via another malicious server. That’s very easy. Every IT college student can do that.”
In another experiment, a seven-year-old broke into a Wi-Fi hotspot in just 10 minutes and 54 seconds after watching an online video tutorial explaining how to do it.
And in yet another controlled experiment, security firms Mandalorian Security Services and F-Secure teamed up to hack into the online activities of three UK politicians while they were connected in London.
Here are the highlights from the hacking, as reported by the ISP Review:
- The hackers drafted an email and left it in David Davis’s drafts folder, which was destined for the national press and comically announcing his defection to UKIP.
- David Davis’s PayPal account was compromised, as it used the same username and password as his Gmail – a common habit.
- In the case of Lord Strasburger, a Voice overIP (VoIP) call he made from a hotel room was intercepted and recorded using technology freely available on the Internet, and relatively easy to master.
- Mary Honeyball MEP, who ironically sits on the EU committee responsible for the “We Love Wi-Fi” campaign, was browsing the Internet in a café when the ethical hacker sent her a message seemingly from Facebook which invited her to log back into her account, as it had timed out. This was how she unwittingly gave her login credentials to the hacker, who then accessed her Facebook account. Honeyball was using a tablet that had been issued to her only days before by the European Parliament’s technology officers.
The Vulnerabilities Of An Open Network
Emails, PayPal, VoIP, social media, instant messaging. The list goes on, actually. In fact, anything and everything that you would hope is secure on your device comes under great risk when connecting to an open Wi-Fi network.
And these vulnerabilities are actually a direct consequence of what we all love so much about Wi-Fi hotspots – namely that they generally require little or no authentication to establish a network connection. This means that even a hacker with only limited skills can gain unrestricted access to unsecured devices that are using the same network.
One of the biggest threats is formed out of a scenario when the hacker positions him/herself between your device and the Wi-Fi router. When this happens, every single piece of information that you pass over to what you think is the network, gets intercepted by the hacker. Including passwords, bank details, PayPal information, email logins, etc. etc. etc. With all of this invaluable information at his/her fingertips, the hacker can then, completely at leisure, go about conducting all manner of online activity as if he/she were you. And that means not only are you leaving yourself vulnerable, but anyone else who does business with you online as well – including your place of work.
Alternatively, some hackers prefer to use these unsecured Wi-Fi hotspots to upload malware onto devices. This is a particularly simple accomplishment if you allow for file sharing across your network. It’s also not uncommon for the attacker to actually hack the connection point itself, and then force a pop-up window to appear upon logging in. As soon as the user hits ‘Enter’, the infected software is uploaded onto their computer.
So, Should We Stop Using Wi-Fi Hotspots Altogether?
You will be pleased to hear – as are my surf-holiday entrepreneur friends, the students I have met, countless other professionals and private individuals up and down the country, and of course myself – that there really is no reason to stop using Wi-Fi hotspots, provided that you and we all start taking some proper precautions to protect ourselves.
The reality is that most hackers are going after easy targets, and it is of course the cowardly nature of the maliciously-minded to prey on the weak. And so, rather than us all packing up shop and tethering ourselves tightly back to our office desks once more, by taking a few provisions to strengthen our security, we can make ourselves safe.
How To Protect Yourself When Using A Wi-Fi Hotspot
- Use A VPN: When connecting to your business through an unsecured connection, it’s essential that you do so via a virtual private network (VPN). This will encrypt all information that you send, which should add a layer of armoury that most coffee shop hackers won’t waste their time with.
- Use SSL Connections: When conducting your regular browsing, ensure that you always use the Secure Sockets Layer (SSL) when entering any sensitive data into a website. This will ensure that your information is encrypted as it passes over onto the web. Most websites that require you to hand over your credentials will be secured with an SSL (note: a website that uses encryption starts with https.), and those that aren’t you should avoid using.
- Install A Strong Personal Firewall: Make sure your laptop is protected with a strong, personal firewall, and is up-to-date with the latest virus protection to ensure that you’ve got the best chance of keeping the bad guys out.
- Turn Your Wi-Fi Off When Not In Use: If you’re genuinely doing some work on your computer (as opposed to just mucking around on Facebook) and you don’t need the internet, then just turn the Wi-Fi off. You may not realise, but even if you haven’t actually actively connected to a Wi-Fi network, your device is still transmitting data between any network within range. So, just play it safe and keep the Wi-Fi turned off when not using it, and concentrate on that Word document or Excel worksheet.
- Get your WiFi HotSpot provider to use integrated web filtering services, so that illegal, malicious and hacking sites on the Internet always are blocked from access from anyone on the hotspot network. This will protect you from the malicious clicks you make that fake a URL and takes you elsewhere to install malicious software or trick you on your credit card or log in information.
- Use a web browser based web filtering service, to really make sure that you don’t accidentally end up on a page where you don’t want to end up surfin’. This will make your web surfing more secure even if your hot spot provider has not taken care of taking the adequate steps to secure his network.
Wi-Fi hotspots are already popular, and are only going to become increasingly ubiquitous as time goes on. It has to be said that currently, security is most definitely not up to scratch on a large scale, leaving you and your business vulnerable every time you log on.
The best advice besides installing a web filter plugin to your browser is to stay alert, use your common sense, never click on anything without thinking about where it’s come from and why it’s appeared first, and install the best protection tools at your disposal. If you take these precautions then you should find yourself pretty well-guarded against cyber-criminals, and can continue to enjoy all the benefits and luxuries of a mobile office. I know I will – time for another coffee and a flapjack, me thinks!