The Dangers of Open Wi-Fi
by Jim Marasco, The Daily Record, February 2017 When you’re away from home or work, it’s become difficult to get through the day without having access to the Internet. Whether you’re checking your email, social media, paying bills or trying to stay connected to the office, access to the Internet has become critical. Most people don’t realize the dangers that can arise from connecting to an open Wi-Fi source.
Connectivity
Our phones and tablets have become remote work stations and almost critical in our daily activities. As a result, simply using your phone or tablet’s mobile connection could become expensive. Therefore, most people try to access a broadband connection where possible to alleviate using all of their cellular data allowance. Hotels, airports, restaurants and retailers all boast “free Wi-Fi” which tempts most individuals to simply connect onto their network. Before you connect again, consider the risks.
What’s the Harm?
A June 2016 study by cyber security firm Symantec found that 87% of U.S. consumers have readily used public internet. More than 60% of consumers think their information is safe when using this connection according to the study. They mistakenly believe that the Wi-Fi provider or websites they are visiting will keep them safe. Some networks even offer passwords. Don’t be fooled – these passwords are shared with others.
Cyber criminals have become exceptionally stealth at creating “false hot spots.” When someone starts roaming for a free Internet connection at their local retailer/airport, etc., thieves have set up their own network routers broadcasting a similar name. As consumers are fooled into connecting to the fake networks, criminals can now track all of their activity. While this could be rather harmless if all someone does is read the news headlines. However, once they start accessing bank account, credit cards, social media accounts, etc., they are exposing this information to data thieves, along with their usernames and passwords.
Assuming the free Wi-Fi spots are legitimate, there are still substantial risks. Keep in mind that all of the information you’re transferring between your device (phone, tablet, laptop) and the computer that you are connecting to is available to everybody on the network. This information can be intercepted by data thieves who “sniff” through the data running through network. Items like usernames, passwords and credit card information are exceptionally valuable to them for obvious reasons. What’s even more alarming is that “Wi-Fi sniffing” may not be illegal, if the banners you receive upon initial login don’t specifically prohibit it. The software needed for this is easy to use and inexpensive to obtain.
If usernames and passwords are stolen, attackers can access your device and install malware without your knowledge. They can obtain your photos, activate your camera or even turn your laptop into a listening device once they have access.
Open or free Wi-Fi can also pose other vulnerabilities. Sometimes hotspot providers offer free Wi-Fi to consumers in exchange for information. By clicking, “I accept” (to pages of small fine print) and providing a phone number or email in exchange for the site password, consumers may be allowing the provider to inject cookies into their browser to track their history and sell this information to advertisers. They could also track your physical location based on the Wi-Fi strength if moving through a mall or airport.
Protect yourself
The most obvious safeguard is not to connect to public Wi-Fi. Some newer cell phone models allow themselves to be used as a secure Wi-Fi hotspot so other devices (tablet, laptop, etc.) can connect through it. Unfortunately, this option will eat into your cellular data allowance. Another option involves purchasing/leasing a battery operated Mi-Fi device which creates a secure mobile Wi-Fi network wherever you travel.
If it’s necessary to connect to an open network, make sure to choose the initial setting as “public network.” The other choices that will pop up when you initially connect are “home” or “public network.” This will trigger a preset list of settings. By choosing the public network option, it offers the most security involving network discovery, file sharing, media streaming, etc. Once online, limit your browsing to public sites. Refrain from logging into any email or social media accounts. Personal banking or credit card sites should definitely be avoided, along with downloading any software. Keep in mind that there is a good possibility that others can see the information that is transferred or what you are doing.
Another option that is available is to connect through a Virtual Public Network or VPN similar to what most companies use for employees to connect remotely. A VPN creates a network within a network solution. Consumers can use the same technology which thwarts Wi-Fi sniffing and safeguards your data. There are many VPN services or options available that can be used with apps for cell phones and laptops. However, if going this route, don’t be fooled by the cheapest provider. Do your research – some of them have been known to sell user information such as sites visited, applications downloaded, etc. Read their privacy policy and check their background and history.
Be aware
Next time you are out and about, don’t be tempted by the quick and easy free Wi-Fi. Be aware of the vulnerabilities and take the necessary precautions to protect yourself from data hackers and cyber thieves.
James I. Marasco, CPA, CIA, CFE is a partner at Stonebridge Business Partners.