Public Network

In an exercise conducted by The Washington Post, professionals from cybersecurity company Avast were invited to “steal” data from users as they surfed the internet and conducted routine activities, such as checking email, streaming videos, and logging onto social media sites. The exercise yielded little results for the would-be hackers. While connected to the same network, the Avast “hackers” could see what websites were visited, what time of day the sites were visited, and what device (e.g. iPhone, laptop, Android, etc.) was used to access the websites, but no specific user data, such as user names or passwords, was collected.

However, the pitfalls of public wi-fi lie in the network that one is connected to. Not all public wi-fi connections are safe. Some public wi-fi networks are created by bad actors, and not reputable businesses or organizations.
In a story from CBS Boston, white hat hacker Steve Walker shows how easy it can be for a hacker to set up a fake wi-fi connection in a public space. In this scenario a hacker creates an imposter public wireless network with a name that that seems legitimate. The imposter network may have a familiar naming convention, like INSERT-BUSINESS-NAME_GUEST_WI-FI, that lulls users into a false sense of security. Hackers can even create a connection with exactly the same name as a known wi-fi hotspot. The fake login or connection screen can contain phishing links designed to steal usernames and passwords. Once connected to this rogue wi-fi network the hacker has access to all the user’s inputs. From this data the hacker can piece together websites visited, gain access to accounts, and even financial data if it is input while connected to the fake service. Other risks posed by using public wi-fi networks include malware, viruses, and worms, fake system’s updates for phones that are designed to steal information, and even session hijacking.

While there are risks posed to privacy and security when using public wi-fi, experts also say the risk to reward ratio makes this type of cyber crime less attractive to hackers and cyber criminals. The hacker is more exposed trying to steal sensitive data in this fashion, and the payoff is not guaranteed with such a random assortment of users or “targets.”

There are many reasons users connect to public wireless networks, from poor cellular service to the need to conserve mobile data use to sheer convenience and better speed. While users cannot totally eschew the use of public wireless networks there are some best practices that will offer the user some protection against hackers and mitigate risk.
These include:
• On both Android and Apple tablets and cell phones, disable file sharing apps.
• While on a wireless public network do not work with sensitive data.
• Refrain from visiting sites that request or require the input of personal data.
• Encrypt information that is sent between two parties.
• The user should ensure that the websites visited are secure. The user can know a site is secure by observing https in the address bar or a lock icon next to the web address.
• Use a VPN to encrypt all online user traffic.
Of course, the only guaranteed way for users to protect themselves is to avoid public wi-fi at all costs, using exclusively home networks or private wireless connections via a personal hotspot.

Take the Public WiFi Test