Think twice before connecting to any public WiFi
Saturday 9th November 2019 at 08:26, I received an email from Greg, our Manager Director asking me to write an article about cyber security. The request was timely, fifteen minutes before I was in my local barbershop, struggling to access Instagram.
My barber said, ‘Connect to the WiFi’.
I replied, ‘No, do you know how easy it is to sit in between a WiFi connection and obtain information?’.
My barber replied, ‘But I don’t do Internet banking’.
It was at that point, I was reminded (once again) that the average mobile user, still isn’t aware of the dangers of connecting to public WiFi.
Everyone has been in a situation where we consider connecting to public WiFi. Many public places offer it now – coffee shops, barbershop/hairdressers, airports and shopping centres. Mostly, we want to connect to save data or the main connection is weak. At the point of consideration, the best course of action is ‘Think twice before connecting to any public WiFi’. By thinking twice, I would suggest asking yourself ‘Do I need to connect to this public WiFi?’ Unless it’s an emergency, the answer is likely to be – No. If that’s the case – I’d recommend you don’t connect!
The most extensively used WiFi security protocol is WPA2 and to date, it’s still the most secure. Even though WPA2 is the most extensively used WiFi security protocol, it does still have vulnerabilities and for that reason, yes – I’m going to say it again ‘Think twice before connecting to any public WiFi!’.
Connecting to a public WiFi that is using WPA2 can allow for threats such as man in the middle (MITM) attacks to occur. A MITM attack is when an attacker sits in between the user and their mobile device and the device distributing the WiFi connection. The device that distributes the WiFi connection can be a router, a firewall or simple an access point (AP).
With the attacker in between your connection to the WiFi, they are now able to obtain information, as you are now sending information directly to the attacker. This information could be simple information such as accessing a website, or login credentials you have used to access your favourite social media site. Even worse, it could be bank account login details. Once an attacker has some information about you, they can then start to perform social engineering techniques and work to penetrate systems that you access.
There may be a time when you have no choice and have to connect to a public WiFi. If this situation is ever presented to you, follow these recommendations to improve your security and minimise the risks.
- Always ensure your device is fully up to date
If you must connect to a public WiFi connection, then your mobile device should be fully updated with the latest update available. An up-to-date device will give you additional protection, any known vulnerabilities will hopefully be patched in the latest update.
- Always connect to a VPN (Virtual Private Network)
Using a VPN connection when accessing any public WiFi connection is a smart decision, in comparison, it’s inexpensive compared to the potential cost of providing login credential information to a MITM attacker. A VPN connection would provide a secure connection when connected to a public WiFi, encrypting any traffic from a user’s mobile device and the internet. Using a VPN would provide an additional level of security and peace of mind knowing that your data is not easily available.
- Always access websites that use HTTPS
By accessing only websites that use HTTPS means that any data being transported from between the device and the website is encrypted, meaning data stays confidential.
- Always disable file sharing
This may seem like a strange thing to suggest but it is vital and a frequently overlooked feature. Often users are not sure if they even can share files at ease, let alone know how to enable and disable file sharing. Having file sharing enabled means at least one area of your device is available for public access. Which means files can be obtained from the public location. But at the same time, it is possible to put files into the public location. The files could be malicious containing malware.
- Always use Two-factor authentication (2FA)
Even though many websites have implemented ‘Two-factor Authentication’ (2FA) and understand the importance of providing 2FA to their customers, many websites have not. We recommend only logging to a service you have 2FA enabled for. Therefore, if your credentials are exposed, a hacker can’t infiltrate the account you have just accessed over the public WiFi.
- Never make payments
For many websites, a padlock symbol displayed means the website is secure to accept payments. Be aware that a scammer can create a malicious website including a padlock. It’s often assumed that when a padlock is present, the website is safe. Stay safe and as a rule, never make payments over a public WiFi.
- Never download applications
Downloading software or applications via public WiF is not advised. Because there is the potential to be redirected to a website that is not the website you expect. Or in some cases, you will be presented with a link to download some ‘amazing software’ that is in fact malicious.
These recommendations may just prevent you from falling short to an attacker and exposing vital information which could lead to data loss. We want to help WiFi users understand and acknowledge the potential dangers of connecting to any public WiFi.
So please ‘THINK TWICE, BEFORE CONNECTING TO ANY PUBLIC WIFI’.
Words by Darius Sebastian
Creative Marketing Designer at Dufeu IT | Wife to a tech genius | Mother of two little princesses