Public Wi-Fi hotspots are everywhere. It’s estimated that by 2018 there will be 14m across the UK alone. They’re undeniably useful, giving us free (or cheap, at least) internet access and saving our precious mobile data allowances. But it’s not all good news. There are some very real risks with using Wi-Fi hotspots, and many people have no idea of the dangers or what they can do to stay safe.
So what is the problem with public Wi-Fi, and what can you do to protect yourself? Let’s take a look.
Broadband Genie recently examined the state of public Wi-Fi security and discovered some worrying statistics.
The company asked 1,515 visitors to our site about their use of public Wi-Fi. 44% said they “frequently” make use of these services, so there’s potentially tens of millions of us around the country who connect to hotspots on a regular basis in bars, restaurants and the many other locations that offer it.
They also asked for details about what people actually do with the Wi-Fi connection, and here’s where it becomes concerning. 80% access social media, 25% do online shopping, 15% use online banking, 9% pay bills and 7% conduct “business related activities”. Additionally, 69% use them for general web browsing and 27% for “other personal activities”.
That suggests a significant number of people are logging into private, confidential sites and services while connected to public Wi-Fi.
But without additional protection, this is extremely risky. Any device connected to a Wi-Fi hotspot can view the traffic sent and received by everyone else. A malicious hacker could sit back in a coffee shop with a flat white and carry out all manner of attacks to intercept data as unsuspecting customers access online banking or chat on social media. Enterprising criminals can even set up their own hotspots with the primary goal of capturing personal data.
But how likely is this? It might seem far-fetched, yet data supplied to us by security experts Avast! suggests that the majority of hotspot users are in danger. Avast! offers a free Wi-Fi Finder app that uses crowdsourcing to attempt to identify safe and risky connections.
The data gathered shows that 75% of public Wi-Fi connections are vulnerable. The majority do not employ any encryption, so all traffic is visible to every user with freely available software tools. But there are also hotspots where the router is accessible from the wider internet, susceptible to known security flaws or have already been hacked.
Here are just some of the ways a hacker could steal data from public Wi-Fi users:
Using packet sniffing tools like the free Wireshark an attacker can intercept and analyse all traffic sent over a network. This is a basic method which is defeated by encrypted connections, but it’s also very easy to do and can pick up passwords and emails if they’re sent unencrypted.
Man In The Middle (MITM) attack
In a MITM attack the hacker relays data between two parties. Each side believes they are talking directly to the other, but the hacker is able to eavesdrop and, if desired, alter the traffic. If a hacker uses a forgedcertificate and the user ignores security warnings, MITM attacks can potentially defeat HTTPS encryption to intercept passwords and other encrypted data.
If a site is not properly secured with HTTPS it is possible for a hacker to hijack a web session by intercepting cookies. You logon to social media, and the hacker is able to impersonate your identity and access your account. Tools like the Firefox extension Firesheep make this worryingly simple.
How to safely use public WiFi
There are ways to use a public WiFi hotspot safely, but many of us aren’t taking advantage of the security tools at our disposal. A Virtual Private Network (VPN) is a secure connection which encrypts all network traffic on your device and routes it through a proxy server. Use a VPN and even if the WiFi network is unencrypted any hackers watching will only see a stream of jumbled data.
However, our survey showed that just 15% of respondents use VPNs on public Wi-Fi, while 44% said they didn’t know what they were. If you want to take advantage of public hotspots with a high degree of security, follow these golden rules:
Use a VPN- A VPN is a really effective way to lock down internet traffic and protect against snoopers and should be used whenever you sign on to a public hotspot or any other connection you do not fully control. VPNs are generally not complex to setup or use, with most services offering the necessary software and tutorials to get you up and running in no time.
There’s no shortage of choice when it comes to VPN providers including many free services. However, it is important to do some research into the provider before signing up. While a VPN can protect you against hotspot hackers and other external threats, the VPN provider itself can theoretically intercept traffic, so make sure you opt for a trustworthy firm.
Always use HTTPS- Any service which requires a login or involves transmitting personal data should be secured with HTTPS to encrypt communications. This is indicated by the URL beginning ‘https’ and a padlock symbol in your browser. If not, walk away. Remember that without HTTPS or any other protection all traffic is visible to anyone else on the network, so behave accordingly when using unprotected sites.
Pay attention to security warnings- When using encrypted sites and services watch out for certificate or security warnings as this could be an indication that the encryption is not properly configured or someone is attempting a MITM attack.
Keep software up to date- Security vulnerabilities in software on your devices can be exploited by hackers to insert malicious software or steal information. Ensure your operating system and applications are always bang up to date.
Use anti-virus- You should have an anti-virus tool already, if not there are several excellent free options including Avast! Free and Avira Free. After connecting to a hotspot, run a quick scan to check for unwanted nasties.
Disable file sharing- Before connecting to a hotspot check that there are no shared folders or drives which could be accessible to others on the network. This is very easy on Windows as each time it detects a new network it will ask if it is a private or public connection, disabling file sharing automatically if the latter is selected.
Don’t connect automatically– Check that your laptop or other devices are not set to automatically connect to open networks, otherwise you could inadvertently connect to a vulnerable hotspot and accidentally expose private information.
Confirm the hotspot name- One sneaky hacker trick is to set up a fake hotspot with a very similar name to a legitimate service. Before logging on to a hotspot, check the name.
Always use strong, unique passwords- Never use the same password more than once, and make sure that each password is long (at least 12 characters) and strong, preferably a random mix of letters, numbers and characters. To make life easy use a password manager such as Lastpass so you don’t need to remember each login.
IPS can help.
Find out what we can do to help you from our Networks page.