Connecting to a Wi-Fi network in a cafe, hotel, airport or subway, you actually propose your data for all to see. Any student can intercept your traffic going through the public network. To do this, he just needs to download one of many “hacker” programs and carefully read the instructions. It is strongly recommended that you familiarize yourself with the rules of safe behavior when connecting to public networks and, of course, follow them.
There are three main types of attacks that an attacker can carry out when somebody is using public Wi-Fi. The easiest and most common is sniffing. Open access points do not encrypt packets in any way, and therefore anyone can intercept them. There are a lot of sniffer programs, not only for desktop operating systems but also for Android smartphones.
During the US presidential election, Avast employees decided to test how much American politicians care about their security on the Internet. Several open access points were located at the venue in Cleveland where the Republican Party was having a meeting. Traffic passing through theses access points was analyzed by security experts. There were about 1,200 participants in the experiment. Avast security experts were able to reveal the identity of 68.3% of Wi-Fi users and find out which applications they launched and which sites they visited.
The second possible vector is the MitM attack (man in the middle), for which ARP spoofing is often used. ARP is designed to map IP and MAC addresses of devices inside a local network, and it does not provide packet authentication. This gives the attacker the opportunity to send packets with spoofed MAC addresses to the attacked machine and router. As a result, the device will consider that the IP address of the router corresponds to the MAC address of the hacker device and will send all the information to the latter. The router will also send replies to the hacker instead of the real client.
The third attack type involves a portable access point (such devices are usually made compact and autonomous). If next to the original access point a second access point with the same network name (SSID) appears and it provides a stronger signal, the surrounding devices will most likely start connecting to it. SSIDs should not necessarily be the same. Sometimes the new rogue network can simply be called in a similar manner, relying on the inattention of users. And although the second method is not very reliable and is used infrequently, it is still good to contact the original network owner in case of the slightest doubt about the authenticity of the network found by your gadget.
Of course, there are many other different types of attacks. We have listed only a few of them. A normal user can hardly detect wiretapping, so security measures should be taken care of in advance.
It is enough to follow a number of simple rules.
Secure encrypted connection
The main rule that must be followed always and everywhere is not to transmit data on untrusted networks (and also on trusted networks) using unsafe protocols. More and more websites, especially social networks and various services that require an authorization, are switching to the secure HTTPS protocol using SSL / TLS encryption. The data transmitted over HTTPS is encrypted, which makes it very difficult to use the intercepted information. But still, this does not make it completely impossible. All modern browsers mark HTTPS tabs with a special icon in the address bar. You should always pay attention to this.
It will also be useful to use the HTTPS Everywhere extension, which is available for most desktop browsers. When this plugin is enabled, all requests on HTTPS-enabled sites are carried out using an encrypted protocol. In other words, the extension allows you to get rid of webmasters’ errors who do not include HTTPS support for all pages of their site or place regular HTTP links on secure pages.
Secure authentication and payment
HTTPS helps keep data safe in most cases. However, even when you connect to the site using a secure protocol, you should use two-factor authentication. This will minimize the likelihood of an account being hacked if your data is still intercepted and decrypted.
Despite the fact that all payment systems now also use HTTPS, we recommend using a separate debit card for online purchases. It should be kept empty and money should be transferred from the main card to this special card immediately before purchase.
VPN is the most reliable protection
The most reliable way to protect when using public Wi-Fi is a VPN connection. Here it is important not to make the mistake of most inexperienced users. Please do not use dubious programs, dozens of which are available in app stores or offered through ads.
The problem of free VPN solutions have been talked about for a long time, but a recent study by the Australian organization CSIRO has given completely discouraging results. A number of applications do not encrypt traffic, and many non-commercial programs contain malicious code. If you still decide to use a free application for a VPN connection, then use only proven options, for example, ibVPN (that also offers discounts).
In contrast to non-commercial programs, paid solutions to offer higher speed, do not keep logs, have no restrictions on protocols and IP-addresses, and also provide additional options, for example, the choice of location of the output server.
Your own VPN
If you rarely access the Internet through unprotected networks and do not need anonymization, then setting up your own VPN server is a good solution. To do this, you can find a lot of instructions on the Web. Many routers allow you to set up a VPN server with just a few clicks.
Finish antivirus vendor called F-Secure was able to crack the confidential data of British politicians by analyzing the Wi-Fi traffic. Using the fake access point, the researchers were able to find out Gmail and PayPal login info of one of the political leaders. They also were able to listen to the VoIP call of another politician, and get access to one more politician’s Facebook account. In the first two situations, traffic sniffing was used, and in the third, malicious code was introduced onto a web page. Note that if an encrypted VPN channel was used, such attacks would not have been successful.
Please follow simple rules below so that your data does not fall into the hands of intruders or simply overly curious teenagers.
- Make sure that you are connecting to the original Wi-Fi network of the hotel or another establishment where you are located.
- Fake networks are an important reason to turn off Wi-Fi on your gadget when you don’t need it.
- Try to visit sites that do not require authorization.
- You can check mail or leave a comment on the forum, but only if the connection is made via the secure HTTPS protocol.
- Do not conduct any financial transactions if connected to the public network. If you still need to periodically make payments through public Wi-Fi, use a separate card with small deposited amounts.
- Use two-factor authentication where possible.
- Install a VPN client and be sure to enable it when connecting to public Wi-Fi.