Imagine You Just Arrived At A Coffee Shop And You Notice A Sign That Says “Free Wi-Fi” Of Course, You Know That You Shouldn’t Really Trust Free Wi-Fi, But What’s The Worst That Could Happen ?
So You Open Up Your Laptop, Connect To It, And Start Working. Simply Connecting To An Open Network Is Already Potentially Dangerous. The Wi-Fi Protocol Cannot Verify That You Are Actually Connected To The Wi-Fi Access Point From The Coffee shop. Someone Else Can Create A Wi-Fi Network With The Same Name And Then Your Devices Will Connect To It Instead. That Is Because Devices Automatically Connect To The Strongest Known Network Available And A Known Network Is Only Identified By Its Name.
You Know With A Device Like A WiFi Pineapple, An Attacker Can Do Just That Set Up A Fake Wi-Fi Network To Capture And Analyze Your Internet Traffic. But Let’s Ignore That Risk And Connect To The Wi-Fi Anyway At This Point, Your Device Becomes A Part Of The Coffee Shop's Network. This Means Your Device Can See And Talk To All The Other Devices That Are Connected To The Same Wi-Fi Network, But They Can Also Connect To You.
If You’re Running Outdated Software You Could Be Hacked By Someone Sitting A Few Tables Away From You And It’s Not As Difficult As It Sounds.
There Are Plenty Of Penetration Testing Tools Available Like Metasploit, That Can Scan Any Device On The Network And Identify Vulnerabilities. Once complete, The Tool Returns A List Of Security Holes That Can Be Abused To Get Access To The Device You Are Using. So Always Keep Your Devices Up To Date And Having The Firewall Enabled Is A Must.
Updates To Fix Newly Discovered Vulnerabilities And The Firewall To Block People From Accessing Your Device Through The Network Unwontedly. So With The Latest Updates Installed, You Continue Working. But Now Imagine You Are Connected To Public Wi-Fi Right Now All Of Your Unencrypted Traffic Can Be Intercepted By Anyone Whose On The Same Network. That Includes Things Like Unencrypted Email, Ftp Connections, And Every Website Without HTTPS.
It Sounds Pretty Bad, Is Not It? So You Decide To Keep It Safe And Instead Log In To Your Bank Account, Your Favorite Social Media Website, Or The Intranet From Work. You Know That These Are Safe Because Your Browser Shows A Green Lock Next To The Website’s Address. But As It Turns Out, That’s A Common Misconception. The Lock Means That The Connection Between The Website’s Server And Your Computer Is Encrypted With The TLC Or SSL Protocol. So Nobody On The Network Can See Your Username And Password For Instance. You Can See This Because The URL Starts With HTTPS Instead Of HTTP. But The Lock Doesn’t Guarantee That You Are Reconnected To A Legitimate Website.
A Fake Or Malicious Website Can Also Get A Green Lock Next To Its Name Without Any Trouble. One Way Attackers Can Take Advantage Of This Is By Trying To Redirect Your Bank Traffic For Instance To Another Very Similar Domain Name. Like Going From www.flipkart.com To www.flipcart.com. Did You Spot The Difference? The “k” In General Was Replaced By A Cyrillic Character. This Is Called The “IDN Homograph Attack” And Browsers Now Have Special Protection Onboard That Will Warn You When A Domain Name Has A Mix Of Regular And Cyrillic Characters. However, The Technique Can Still Be Used With Misspellings. Like www.flipkart.com Where The "k" Was Replaced With A Capital "K". To Make Matters Even Worse, The Fake Website Can Be Made To Look Almost Identical To The Real One And It Can Have A Green Lock.
So In A Way, The Lock Gives A False Sense Of Security. That’s One Of The Reasons Why Chrome And Safari Are Putting A Smaller Emphasis On The Lock. They Want HTTPS To Be Enabled By Default And Only Draw Attention When A Website Isn’t Using It. In Fact, That Move Is Also Making Another Type Of Attack Called SSL Stripping. In A Nutshell, An Attacker Can Try To Downgrade Your Secure HTTPS Connections To An Unsecured HTTP One. When Successful, The Data You Send Or Receive Over That Connection Won’t Be Encrypted, Allowing The Attacker To See What Sites You Visit Along With Your Username And Password.
However, Modern Browsers Are Now Warning You When You’re About To Login To A Website With An Insecure Connection. That Makes SSL Stripping Harder Because People Are Very Likely To Spot The Warning That Most Browsers Will Put Up. Right Now It’s Still A Small Warning, But Eventually, It Will Be A Bold Red One. But SSL Stripping Can Also Be Prevented If A Website Owners Implement HSTS Or HTTP Strict Transport Security. This Allows Them To Say That Their Website Should Only Be Loaded Through A Secure Connection. If Someone Tricks You Into Loading An Insecure Version Of A Website, Your Browser Will Outright Refuse To Load It. The Only Downside Is That Website Owners Have To Explicitly Enable This Feature. If One Fails To Do So, You Could Be Vulnerable. A Solution To This Problem Would Be To Use A Browser Extension Like HTTPS Everywhere That Automatically Switches To HTTP If A Given Website Supports It. Wow, That All Sounds Pretty Bad.
Open Wi-Fi Is Completely Open. What If The Owner Of The Coffee Shop Puts A Password On His Network And Then Writes The Password Somewhere On A Wall? Would That Make A Difference? Well, Not Really. It’s Almost Like Locking Your Front Door But Leaving The Key On The Outside. The Password Only Prevents People From Joining The Network If They Haven’t Been Inside To See It Written On The Wall. If You Know The Password, However, You Can Join The Network, Become A Part Of It And Perform All The Attacks We Just Discussed. Always Try To Protect Yourself & Your Privacy Over The Internet, Enough With All The Possible Ways You Could Be Hacked On Public Wi-Fi.
How Can You Protect Yourself From It? The Most Obvious Answer Is To Avoid Public Wi-Fi Networks At All Costs. But That Is Pretty Difficult With Us All Depending More And More On Having An Internet Connection. A better, But Potentially Expensive Solution Would Be To Invest In A Good Mobile Data Plan And Use A Mobile Hotspot Whenever You Don’t Have A Trusted Wi-Fi Network. The Connection Between Your Computer And The Hotspot Is Encrypted And, In Theory, Can’t Be Intercepted.
There Is Another Way If You Want To Use The Public Wi-Fi Anyway Then Use A VPN To Secure Your Traffic. VPN Is Short For “Virtual Private Network” And It Creates A Secure Connection, Also Called “Tunnel” Between You And The VPN Server. All Your Internet Traffic Is Then Sent Through This Tunnel And Encrypted In The Process. That Way Nobody On The Public Wi-Fi Can See Your Traffic Or Mess With It. However, There Is A Catch. If You Can’t Set Up Your Own VPN Server, You Have To Use A Third-party Service, Which Will Cost A Bit Of Money And Secondly, The VPN Provider Can See All Your Unencrypted Traffic, So You Should Pick A Service From A Vendor Or Brand That You Trust Or Has A Good Reputation When It Comes To Privacy.
However, You Don’t Have To Feel Bad If You Use Free Wi-Fi Without Thinking About The Security Risks. According To A 2017 Study From Symantec, 75%of The 15,000 Participants Don’t Use A VPN When Connecting To An Open Wi-Fi Network. It Also Revealed That 60% Of Participants Felt Safe Using Public Wi-Fi, Even Though It’s Anything But Safe And 87% Even Admitted To Accessing Their Personal Emails Or Even Bank Accounts Using Free Wi-Fi.
Conclusion
Free Wi-Fi Hotspots Are Potentially Very Dangerous And Few People Really Understand The Risks. As I Mention Before, There Are A Bunch Of Security Features On The Web And On Our Computers That Protect Us. But Unfortunately, The Bad Guys Are Pretty Clever In Finding Ways Around Those So, Here Is A Simply Advice From Me Keep Your Devices Up-to-date And If You Must, Use A VPN When Connecting To An Open Wi-Fi Network. Whether You Want To Use An Existing Service For This Or Set One Up Yourself Is Up To You.
0 Comments