«

»

Sep 04 2013

Print this Post

Wireless hotspots – convenience or curse?

Wireless hotspots are incredibly convenient, but they are also terribly insecure. Understand the risks and learn how you can protect yourself.

Wi-fi Zone by Salvatore Vuono (FreeDigitalPhotos.net)

Wireless Hotspots – those places that offers wireless Internet access to the visitor or weary traveller. They are often found in coffee shops, bistros, restaurants, and well, almost anywhere. Some of those hotspots, you either have to pay to use, or patronise the establishment, but many are also free.

Hotspots are convenient: a way to get connected, when you aren’t already always connected. It offers a quick respite from the Facebook or Twitter cravings, and can be a life-saver when you need to send an email to your boss. It is also nice to have when you’re working from “home” but actually on the beach (hey, as long as the work is done!).

Many people can be seen pecking away at laptops, or have their faces buried in their tablets or mobile smartphones while connected to these hotspots. But, are wireless hotspots safe?

The simple answer is no. Wireless hotspots are not safe.

Don’t get me wrong, I’m not saying to not use hotspots; besides, I use them all the time. Hotspots are like public pools – it’s okay to have fun in it, just don’t drink the water. That is, take some time to understand the risks, and make some effort to protect yourself.

So what are the risks?

Most hotspots are open, that is, they are unprotected and unencrypted, and anyone can access them. Even hotspots that either require an access-code or username/password are open, but just have a gateway device in-between the wireless network and the Internet to regulate access. All the traffic between your device and the access-point (the wireless transmitter/receiver) is unencrypted. This means that anyone within the vicinity can “see” your traffic, and someone with some know-how can read it.

Another risk that’s gaining popularity is the Man-in-the-Middle attack (MITM). The attacker uses a device that presents itself as a wireless hotspot, but in reality, is an access-point engineered to capture all traffic that passes through it. MITM attacks have been around for years, but because of the power of mobile chips, those devices have become smaller and more portable. An attacker can leave the device hidden at a location and then return later to collect it with all the data stored on it.

What’s more with the MITM attack is that the attacker has full control over the network, unlike the hotspot at a coffee shop. This means, he or she, can direct you anywhere they want. They can issue fake websites, or route you to infected ones, where they can phish your personal details or infect your computer. For example, when you type ‘google.com’ or ‘yourbank.com’, you can be sent to a website that looks like the real Google.com (or yourbank.com), but is really a fake site set up to look like it.

So, knowing some of these risks, how can I protect myself?

  1. Use hotspots only when necessary. The less you use it, the less risky it becomes.
  2. Don’t make assumptions about the availability of a hotspot at a site. Ask the store workers whether they indeed have a hotspot and what is the name. If you see more than one, ask if they do have more than one access-points (sometimes they do if the site is big); of the answer is no, do not connect.
  3. Only visit secured sites, that is, sites that start with HTTPS. If your browser gives any warnings about the site certificate such as a name mismatch, or certificate expiration, disconnect immediately.
  4. Avoid using native apps on phones or tablets, unless you are positive that the apps encrypt all their communications. Some apps do not encrypt all the data transmissions and can therefore be seen by third parties.
  5. Use a VPN (Virtual Private Network). VPNs usually encrypt data so that they are securely transmitted, and safe from prying eyes. Your company may have VPN services, so ask your IT department about it. If you have a company that does not already have VPN services, then consider implementing it. You can also consider  trusted 3rd party VPN providers. These are usually paid services, but can be worth the investment to protect your data.
  6. Use a personal firewall and an updated anti-virus software. This will help protect your device from unauthorised access and drive-by infections. Drive-by infections are where your computer can be compromised by simply visiting a malicious or infected site.
  7. Configure your computer, tablet or phone to not automatically connect to an open network. Also, when you are done using a hotspot, delete the profile from your device to prevent it from remembering the connection and automatically connecting the next time.
  8. And lastly, know that not all risks are high tech. That guy sitting next to you may be more than just a customer, and may be looking at everything that you are doing. Be aware of those around you and install a privacy screen on your laptops and tablets. Don’t forget those CCTV cameras as well; you never know who’s watching.

In conclusion

Wireless hotspots have allowed us to stay connected and get more done, and with some precautions you can use it safely. However, in a world where it is now easy to become engrossed in your virtual life, perhaps it might be nice to disconnect from the electronic devices and connect to the people around you instead.

Stay safe out there.

 

Image credit:  Salvatore Vuono (FreeDigitalPhotos.net)

_________________

About the author

Sachin Ganpat

Sachin Ganpat is the founder of Interxect Services Limited, a company dedicated to helping Caribbean organisations and businesses do more with information technology. Follow him on twitter @sachin_ganpat or email him at sganpat@interxect.com.

Permanent link to this article: http://www.ict-pulse.com/2013/09/wireless-hotspots-convenience-curse/