Surf Safely: Armoring Your Digital Life on Public Wi-Fi Waves
Protecting one’s data and devices on public Wi-Fi goes beyond protecting oneself on just the Wi-Fi aspect. Cyber security is holistic in its nature, meaning the devices hardware, software, and various forms of access control all need consideration.
I hear all the time that criminal hackers are so “sophisticated”. I suppose they are, but what they really are is organized, and they treat fraud like a business. Do you know who’s really sophisticated? White hat hackers also known as penetration testers. These are the security experts deployed to seek out vulnerabilities in your networks and to offer recommendations to tighten them up.
And for you laypersons, I’m going to let you in on a little secret that both criminal hackers, and the good guy hackers know: there are very basic, user-friendly tools that hackers on both sides of the fence use to “hack us” on public Wi-Fi:
The top three software tools that penetration testers commonly use to infiltrate and test the security of insecure Wi-Fi connections are:
- Aircracking: This is a comprehensive suite of tools for auditing wireless networks. It can monitor traffic, crack WEP and WPA/WPA2-PSK keys after capturing data packets, and check for vulnerabilities in wireless access points.
- Kismet: A wireless network detector, sniffer, and intrusion detection system. It can passively collect packets from both hidden and non-hidden networks, detect wireless access points and associated clients, and identify networks by probing them.
- Wireshark: A popular network protocol analyzer that can capture and inspect wireless traffic. It helps identify potential security issues by analyzing the data packets traveling over the Wi-Fi network.
These tools allow penetration testers to scan for and identify nearby wireless networks, capture network traffic, crack encryption keys, and exploit vulnerabilities in wireless access points and devices connected to the network. They are essential for comprehensively assessing the security posture of Wi-Fi networks during penetration testing engagements.
Keep in mind, anyone, and everyone, both good and bad have access to these software programs.
There are a number of vulnerabilities requiring consideration including:
Man-in-the-Middle (MITM) attacks: Hackers can position themselves between your device and the network, intercepting all your internet traffic to steal sensitive data like passwords, financial information, etc.
Malware distribution: Public Wi-Fi can be used to spread malware that infects connected devices, allowing hackers to access files, spy on activities, or render devices unusable.
Unencrypted connection: Many public Wi-Fi networks lack encryption, allowing anyone on the network to easily snoop on your online activities and data transmissions.
Rogue hotspots: Cybercriminals can set up fake Wi-Fi access points with legitimate-sounding names to lure users and monitor their traffic.
Snooping and sniffing: Hackers can use tools to eavesdrop on Wi-Fi signals and capture data like webpages visited, login credentials, and more.
Malicious hotspots: Hackers create malicious hotspots with similar names to legitimate ones to trick users into connecting, enabling MITM attacks.
Lack of authentication: Most public Wi-Fi is open with no authentication required, allowing anyone to join and potentially launch attacks.
The key risks involve exposing your private data and online activities to malicious actors exploiting the lack of security on public wireless networks.
Here are 10 ways to lock down your data and prepare yourself on free open public Wi-Fi:
- Verify the wireless network is in fact legitimate. Confirm the network name with staff at the municipality, airport, or wherever, or seek out posted signage before connecting. Wi-Fi hackers can create fake hotspots often known as “evil twins” with similar names to trick Wi-Fi users.
- Avoid accessing sensitive information. If possible, avoid logging into sensitive accounts such as online banking or entering passwords on public Wi-Fi as your data can be intercepted. Save the critical and sensitive data processing for at home or at work on a secure Wi-Fi connection.
- Use a VPN. A virtual private network encrypts your internet traffic, protecting it from snooping on public networks. The VPN software is free to a small fee, and is your best defense against digital Wi-Fi snooping.
- Enable two-factor authentication. Any and all Critical accounts need additional password protection and this is done generally via your mobile phone as a second form of authentication receiving a one time pass code via text. This extra login step code sent to your phone for accounts that offer it, prevents unauthorized access even if your password is compromised.
- Keep software updated. Install the latest operating system and software app updates which often include security patches to protect against vulnerabilities. Outdated software creates vulnerabilities that Wi-Fi hackers can seek out.
- Use antivirus software. Paid antivirus comes with antivirus, anti-spyware, anti-phishing, and a firewall. Antivirus programs are designed to detect and block malicious software that spies on you and can infect your device on unsecured public Wi-Fi networks.
- Log out after use. When finished on critical websites, log out of websites and shut down tabs or even your whole browser, and disconnect from the Wi-Fi network to minimize exposure.
- Enable firewall. By default, your firewall should be turned on. Keep your device’s firewall enabled to block unauthorized access while on public networks. The devices operating system should come equipped with a built-in, firewall, or do a search engine query for the name of the operating system in the word firewall for instructions on how to enable it.
- Avoid auto-connecting. In your devices Wi-Fi settings, you should be able to toggle off various known Wi-Fi hotspots. Disabling automatic Wi-Fi connection on your devices prevents joining rogue hotspots that may be set up as “evil twins”.
- Browse securely. By default, your browser should let you know if a particular website is at risk. Only visit HTTPS encrypted websites which are more secure than unencrypted HTTP sites when on public Wi-Fi.
Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.