Wi-Fi is inherently flawed. Wi-Fi was born convenient, not secure. It is likely that you have heard about how dangerous it is to use an unsecured public Wi-Fi connection, and one reason is because a scammer can easily snoop. It is easier than you might think for a person to hack into your device when it is connected to a public Wi-Fi connection. In some cases they may be able to read your emails and messages, access your passwords, or even get personal information like your bank account number.
It’s possible that your router or any router you connect to has been hacked and you won’t know it. A known tactic called DNS (Domain Name Server) hacking or hijacking, skilled hackers, (both black-hat and white-hat) can crack the security of a business or your home Wi‑Fi resulting in a breach. From there, if they are savvy, they’d set up a spoofed website (like a bank, or ecommerce site) and redirect you there. From here the goal is to collect login credentials or even monitor or spy on your transaction’s on any website.
Think about this too; you are sitting in a local coffee shop working on your laptop while connected to the shops Wi-Fi. Someone sitting near you could easily download a free wireless network analyzer, and with some inexpensive hardware and software (google “Wifi Pineapple”), they can see exactly what you are doing online…unless your device is protected. They can read emails that you are sending and receiving, and they can do the same with texts.
Using a Wi-Fi Hotspot Safely: Tips
Knowing what can happen when you are connecting to a public Wi-Fi spot, you want to know how to use them securely. Here are some ideas:
- Don’t automatically connect to Wi-Fi networks. When initially connecting to a wireless network, we are often faced with a checkbox or option to “automatically connect” to the network in the future. Uncheck this and always manually connect. For example, if your home network is “Netgear” and you are somewhere and your device sees another network named “Netgear,” your device may connect to its namesake—which may not necessarily be as safe, potentially leaving your device vulnerable to anyone monitoring that new network.
- When setting up a wireless router, there are a few different security protocol options. The basics are WiFi Protected Access (WPA and WPA2) is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP), was introduced in 1997.
- Confirm the network you are connecting to. Granted, this is easier said than done. There are rogue networks called “evil twins” that criminals set up; they are designed to lure you into connecting by spoofing the name of a legitimate network. For example, you may use what you see as “Starbucks Wi-Fi” to connect while you’re sipping your latte, but you may also see a listing for “FREE Starbucks Wi-Fi.” Or “ATT WIFI” might be real, but a hacker might have “Free ATT WIFI” as a fake network. Which one—if either—is for real? Such setups are designed to lure you in—and once connected, your data might get filtered through a criminal’s device. If you don’t know if a network is safe or not, feel free to ask.
- This is a bit 101, but when you log into any website, make sure the connection is encrypted. The URL should start with HTTPS, not HTTP. Most sites today encrypt your session automatically.
- Use a VPN when you connect to a public Wi-Fi connection. A VPN is a technology that creates a secure connection over an unsecured network. It’s important to use because a scammer can potentially “see” your login information on an unsecured network. For instance, when you log in to your bank account, the hacker may be able to record your information, and even take money from your account. VPNs are free to a monthly/annual fee or a lifetime license.
- If you are using a private network, make sure that you understand that they, too, are vulnerable. Anyone who has some knowledge can use these networks for evil. Always use a secure connection, and seriously, consider a VPN.
Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.