Love your phone? It's a real threat

We all do it. We arrive at a favourite café, make our order and then find a place to sit. We relax and then what’s the first thing we do? Well, often we reach straight for our smartphone, open it up and search for the café WiFi. It’s super convenient, easy to connect to and of course it means we’re not eating into our mobile data plan. Perhaps, like many people, you’ll also open your laptop in the café and start checking some emails, see what’s happening in the news and on Facebook. Then we turn to our phone and go into the banking app and pay a bill, order something online, check a score, book a restaurant. Nothing seems too wrong in this picture, does it? It’s all super easy, and the café WiFi is nice and quick.

Public WiFi is a risk

But your devices are putting you at great risk. Because WiFi in cafés, bars, gyms, airports, hotels, libraries, supermarkets and other retailers, pretty much anywhere public WiFi is available, is vulnerable to being used by hackers to get to you and your data. According to one study, almost a quarter of the world's public WiFi hotspots don't use any kind of encryption.

Unencrypted WiFi

If you’re connected to a WiFi network that supports encryption, your data is sent and received using a ‘secure key’. In essence that should mean that only someone with access to that secure key can access your information. Not all websites offer encryption though and if the WifFi connection is not encrypted either, then everything you send or receive could be intercepted and fully readable by a hacker. For data safety purposes, it’s really important to ensure the WiFi network you are connecting to is encrypted.

There are several dangers from public WiFi, here are some of them:

Theft of personal information

All the obvious things are targeted by hackers because they know that they’ll be able to use it to build a profile of you. The kind of thing that can be stolen over public WiFi includes:

● Login details

● Financial information

● Personal data

● Pictures

● Passwords

If a hacker gets into this level of information, it’s not too much further for them to get access to everything you have on your device from contact lists to photographs and of course things like bank security credentials.

A lot of people access company systems, check company email and so on over public WifFi networks. Many businesses have security tools to keep them safe online, but there are still risks with accessing company networks over public WiFi.

It may be that the WiFi appears to be free, but the WiFi provider might be tracking your activity and personal data that they then sell on to others.

Man-in-the-Middle Attacks

Man-in-the-Middle attacks are like eavesdropping on your data and they are the most common form of attack over public WiFi. When you connect your smartphone or laptop to public WiFi, data is sent between your device and the website or app you’re using. Man-in-the-Middle attacks allow cybercriminals to sit in between these two points and intercept your traffic, which they can then either read directly or manipulate.

These kinds of invasions come in a number of ways. Firstly, they can simply interfere with the WiFi network network.

Worryingly, a hacker can sit in the corner of a café and create a WiFi network, for example called ‘coffeeshop WiFi’ and unsuspecting users will connect. Sometimes hackers just slightly misspell the real name and users are tricked into connecting.

Once the hacker has created the fake network, users connect thinking they’ve found the real café WiFi and before you know it, the hacker has access to your data. They might intercept logins to websites, or reroute internet traffic to phishing or other malicious sites. They could capture all your login information and, especially if you reuse passwords, use it to try accessing countless websites and services. Compromised traffic is stripped of any encryption protections, which allows the attacker to steal information or change the information you’re sending or receiving.

The ‘man-in-the-middle’ doesn’t want you to know they’re there, sitting in the corner or on the street outside. So it can be difficult to realise an attack has occurred until you discover your email address is being used to send spam or in phishing attempts, or you find unexpected withdrawals from your bank account. You need to take care to avoid falling victim whilst you enjoy your coffee.

Honeypot

Similar to the man-in-the-middle attacks, the ‘honeypot’ is where a fake WiFi network is set up, hiding a wide range of malware that gets dumped on to your device when you connect to the rogue network. Malware exists in many forms including:

● Viruses

● Worms

● Trojan horses

● Ransomware

A hacker can even install ‘Adware’ on your device so that ads start popping up that you would not otherwise expect to see.

Session hijacking

This is where a hacker on the same public WiFi network intercepts information about your computer and its connections so that they can then mimic your device and then hijack the connection. Imagine if they did that whilst you’re connected to your bank - from the bank’s point of view it would just look like you were logging in, but the hacker would have access to your accounts.

So what can you do?

There are several things you can do to keep safe whilst using public WiFi.

Magic mobile

If you have any doubt about the security of a public WiFi network, maybe just switch off or use your cellular data, which is secure, and so avoid the public WiFi altogether. Never just select a network that appears legitimate and hope it will all be alright.

Mobile hotspots can be quickly set up to enable a number of devices to connect to the mobile cellular data network, working with 4G or 5G. That will create a private connection which is much more secure than public WiFi.

Two-factor

Using two-factor authentication can make it more difficult for attackers to access what you’re looking at. It means that, in addition to your user name and password, the website or app will ask for a random code to be entered before you can access whatever it is. The random code can be generated using an ‘authenticator app’ or simply by sending the code to you via a text message to your personal phone. This can stop the hacker getting in, even if they have your user name and password.

VPN

Using a reliable VPN (virtual private network) app or service enables you to have everything you send and receive encrypted. It effectively makes a tunnel between you and what you need to access that a hacker cannot penetrate, even if they’re sitting as man-in-the-middle. The VPN encrypts everything you send and receive over a WiFi network whether or not the WiFi network or website you are accessing supports encryption.

Turn off sharing

Sometimes in public spaces or on a train for example, when you search for WiFi, you might find people’s smartphones show up. That’s because they have left sharing open on their device and it’s a vulnerability that you can avoid simply by turning off sharing.

Turn off WiFi when you don’t need it

Even if you haven't connected your smartphone or your computer to a public WiFi network, it can be that your device is still transmitting data between any network within range. So you can turn WiFi off completely until a moment when you really need to use it.

Stay safe, tread lightly

Because data can be easily intercepted over public WiFi networks, it can potentially end up in the wrong hands. Keep your digital footprint light by regularly checking which companies have your data and getting it erased from all that don’t need it. Rightly Protect is our service that will analyse who has your data and enable you to instruct data deletion in a single click and for free.