Beware of this Word When it Comes to Wi-Fi
There are many scary words when it comes to surfing the Internet through a Wi-Fi connection such as, jamming, malware, ransomware, and key-logging just to name a few. Collectively, all of these types of threats today are enough to scare most anyone when connecting to a third party Wi-Fi network. However, there is one word that is far scarier, one that should sound alarm bells in your head whenever you see it. You may have seen it yesterday or perhaps you will run into it later today.
Trying to guess what it is? How about “Free,” as in Free Wi-Fi.
Free Public Wi-Fi
If you are like most people, chances are you have used free Wi-Fi yourself. According to a survey of 1,025 people conducted by Symantec in May of 2016, 87% of all Americans use public Wi-Fi to access the Internet with their personal devices. In fact, the younger you are, the greater the probability as 95% of millennials acknowledge they have shared information over public Wi-Fi. What is especially worrisome about this figure is that 60% of those who admit to using public Wi-Fi believe that their information is safe when using public Wi-Fi. In fact, 22% actually visit banking and financial sites while connected to public wireless while 56% log onto their social media sites. Even more check their email accounts.
It isn’t just Americans however, who love free public Wi-Fi. There are an estimated 100,000 unsecured public Wi-Fi hotspots around the world. Because of the ubiquitous nature of these networks, we as a society have become far too comfortable using them and sometimes, we forget value the convenience of them more than security.
Is ‘Free’ Wi-Fi Really Free?
It is a universal truth that some people will always be allured by the word “free.” It is also a universal truth that when it comes to “free” you get what you pay for. At the least, there is usually a hidden cost to that word. In the case of the many free Internet offerings at hotels, airports, coffee houses and retail establishments, free usually constitutes with the word “risk.” A lot of it in fact. When something is free, there is little incentive for a business to invest much money into it in order to improve the quality of it. In the case of the free complimentary Wi-Fi offered by many businesses and organizations, this may mean any one or all of the following:
- Their wireless infrastructure often consists of store bought SOHO equipment rather than enterprise level hardware that is designed for speed and security
- Some networks may consist of outdated equipment that do not offer the latest network and security protocols
- Business owners may be naïve to the necessity to keep their wireless routers and switches patched and up-to-date. Even if they are aware of the importance of this practice, it is probably a last priority with so many other pressing demands of their business
- SSIDs are many times setup using default settings and that may not be aligned with industry best practices.
Federal-Level Free Wi-Fi Warnings
The concern over the riskiness of public Wi-Fi is not just limited to cybersecurity professionals or equipment vendors. Both the FBI and the Federal Trade Commission have issued warnings to U.S. citizens concerning the use of free Wi-Fi and the inherent risks involved when using it. Private organizations such as AARP regularly try to educate its members concerning the risk. In the UK, the public awareness site for online safety, GetSafeOnline.org, regularly publicizes recommendations for its citizenry in dealing with the many threats of free Wi-Fi.
Unsecured Wi-Fi Risks
Many people equate the risk of free public Internet with open Wi-Fi only. Open Wi-Fi is especially risky as any data transmitted across it can be captured by using a packet scanner used within the broadcast range of the network. Unsecured Wi-Fi networks can also serve as a breeding ground for malware deployed by cyber criminals onto connected devices. This is easy to do in unsecured environments, as many users don’t fully utilize the local firewall that may be installed on their device. Once malware is installed, hackers can have free reign to someone’s files, camera or microphone. In similar fashion, hackers can install bots that can be then used for DDoS and credential stuffing attacks or crypto mining.
The risk of free-Wi-Fi is in no way limited to open SSIDs however. One of the most dangerous threats in a wireless environment is a Man-in-the-Middle attack. In a scenario called the evil twin, an imposter replicates the SSID of a public Wi-Fi by implementing a fake hotspot, which could simply be a laptop computer. By boosting the signal of the rogue access point, users and their devices are drawn to it versus the legitimate Wi-Fi signal. SSIDs using a secure wireless protocol such as WPA2 are just as susceptible to this attack as the hacker can simply utilize the same wireless key the user is instructed to use by the business proprietor. Once connected, all of the user’s session activity can be monitored including logon credentials.
How to Protect Yourself on Free Wi-Fi
This is not to say that you should never use a public Wi-Fi connection when on the road for business or on vacation with friends or family. It just means you have to be properly equipped to utilize these resources in a secure and safe way. The fact is that anyone who takes advantage of free Wi-Fi should protect him or herself with a VPN service. VPN encrypts and anonymizes all of your traffic no matter how you connect to the Internet. A VPN service protects all data transferred within your Wi-Fi sessions in the same manner that the corporate world has been doing for years to protect the remote web traffic of their employees. Even if a hacker is able to capture your session using an evil twin hotspot, all of your data is encrypted from endpoint to endpoint, preventing anyone from observing or manipulating your information.