Imagine That You Just Arrived At A Cafe, And You Noticed A Sign That Says “Free Wi-Fi.” Of Course, You Know That You Shouldn’t Really Trust Free Wi-Fi, But What’s Worst Can Happen?
So, You Open Your Laptop, Connect To It And Start Working. You Are Simply Connecting To An Open Network Is Already Potentially Dangerous. The Wi-Fi Protocol Cannot Check If You Are Really Connected To A Wi-Fi Access Point From A Cafe. Someone Else Can Create A Wi-Fi Network With The Same Name, And Then Your Devices Will Connect To It. This Is Due To The Fact That Devices Are Automatically Connected To The Strongest Of The Available Networks, And A Known Network Is Identified Only By Name.
You know, With A Device Such As WiFi Pineapple, An Attacker Can Only Do That By Setting Up A Fake Wi-Fi Network To Capture And Analyze Your Internet Traffic. But Let’s Ignore This Risk And Connect To Wi-Fi In Any Case, At This Point, Your Device Becomes Part Of The Cafe Network. This Means That Your Device Can See And Talk With All Other Devices That Are Connected To The Same Wi-Fi Network, But They Can Also Connect To You.
If You Use Outdated Software, You Can Be Hacked By Someone Who Sits At Several Tables From You, And This Is Not As Difficult As It Seems.
There Are Many Penetration Testing Tools, Such As Metasploit, Which Can Scan Any Device On The Network And Identify Vulnerabilities. Upon Completion, The Tool Returns A List Of Security Holes That Can Be Used To Gain Access To The Device You Are Using. So Always Keep Your Devices Up To Date, And A Firewall Should Be Mandatory.
Updates To Fix Recently Discovered Vulnerabilities And Firewalls To Prevent Users From Accessing Your Device Over The Network Without Any Restrictions. So With The Latest Installed Updates, You Continue To Work. But Now Imagine That You Are Connected To Public Wi-Fi Right Now. All Your Unencrypted Traffic Can Be Intercepted By Anyone On The Same Network. This Includes Things Like Unencrypted Email, FTP Connections, And Every Website Without HTTPS.
Sounds Pretty Bad, Doesn’t It ? Thus, You Decide To Keep It Safe And Instead Log Into Your Bank Account, Your Favorite Social Networking Site Or Intranet From Work. You Know That This Is Safe Because Your Browser Displays A Green PadLock Next To The Site Address. But, As It Turned Out, This Is A Common Misconception. Blocking Means That The Connection Between The Site Server And Your Computer Is Encrypted Using The TLS Or SSL Protocol. So No One On The Network Can See Your Username And Password For The Instance. You Can See This Because The URL Starts With HTTPS Instead Of HTTP Protocol. But The Lock Does Not Guarantee That You Are Reconnected To A Legitimate Website.
A Fake Or Malicious Website Can Also Get A Green Padlock Next To Its Name Without Any Problems. Attackers Can Take Advantage Of This By Trying To Redirect Your Bank Traffic For An Instance To Another Very Similar Domain Name. How To Switch From www.flipkart.com To www.flipcart.com Did You Notice The Difference? “k” Was Generally Replaced By The Cyrillic Alphabet. This Is Called An “IDN Homograph Attack”, And Browsers Now Have Special Protection That Will Warn You When A Domain Name Has A Combination Of Regular And Cyrillic Characters. However, The Technique Can Still Be Used With Spelling Errors. For Example, www.flipkart.com, Where K Has Been Replaced With A Capital Letter “K”. To Make Things Even Worse, A Fake Website Can Be Made To Look Like A Real One And It May Have A Green Lock.
So In A Way, The Lock Gives A False Sense Of Security. That’s One Of The Reasons Why Chrome And Safari Are Putting A Smaller Emphasis On The Lock. They Want HTTPS To Be Enabled By Default And Only Draw Attention When A Website Isn’t Using It. In Fact, That Move Is Also Making Another Type Of Attack Harder – SSL Stripping. In A Nutshell, An Attacker Can Try To Downgrade Your Secure HTTPS Connections To An Unsecured HTTP One. When Successful, The Data You Send Or Receive Over That Connection Won’t Be Encrypted, Allowing The Attacker To See What Sites You Visit Along With Your Username And Password.
However, Modern Browsers Are Now Warning You When You’re About To Login To A Website With An Insecure Connection. That Makes SSL Stripping Harder Because People Are Very Likely To Spot The Warning That Most Browsers Will Put Up. Right Now It’s Still A Small Warning, But Eventually, It Will Be A Bold Red One. But SSL Stripping Can Also Be Prevented If A Website Owners Implement HSTS Or HTTP Strict Transport Security. This Allows Them To Say That Their Website Should Only Be Loaded Through A Secure Connection. If Someone Tricks You Into Loading An Insecure Version Of A Website, Your Browser Will Outright Refuse To Load It. The Only Downside Is That Website Owners Have To Explicitly Enable This Feature. If One Fails To Do So, You Could Be Vulnerable. A Solution To This Problem Would Be To Use A Browser Extension Like HTTPS Everywhere That Automatically Switches To HTTP If A Given Website Supports It. Wow, That All Sounds Pretty Bad.
Open Wi-Fi Is Completely Open. What If The Owner Of The Coffee Shop Puts A Password On His Network And Then Writes The Password Somewhere On A Wall? Would That Make A Difference? Well, Not Really. It’s Almost Like Locking Your Front Door But Leaving The Key On The Outside. The Password Only Prevents People From Joining The Network If They Haven’t Been Inside To See It Written On The Wall. If You Know The Password, However, You Can Join The Network, Become A Part Of It And Perform All The Attacks We Just Discussed. Always Try To Protect Yourself & Your Privacy Over The Internet, Enough With All The Possible Ways You Could Be Hacked On Public Wi-Fi.
How Can You Protect Yourself From It? The Most Obvious Answer Is To Avoid Public Wi-Fi Networks At All Costs. But That Is Pretty Difficult With Us All Depending More And More On Having An Internet Connection. A better, But Potentially Expensive Solution Would Be To Invest In A Good Mobile Data Plan And Use A Mobile Hotspot Whenever You Don’t Have A Trusted Wi-Fi Network. The Connection Between Your Computer And The Hotspot Is Encrypted And, In Theory, Can’t Be Intercepted.
There Is Another Way If You Want To Use The Public Wi-Fi Anyway Then Use A VPN To Secure Your Traffic. VPN Is Short For “Virtual Private Network” And It Creates A Secure Connection, Also Called “Tunnel” Between You And The VPN Server. All Your Internet Traffic Is Then Sent Through This Tunnel And Encrypted In The Process. That Way Nobody On The Public Wi-Fi Can See Your Traffic Or Mess With It. However, There Is A Catch. If You Can’t Set Up Your Own VPN Server, You Have To Use A Third-party Service, Which Will Cost A Bit Of Money And Secondly, The VPN Provider Can See All Your Unencrypted Traffic, So You Should Pick A Service From A Vendor Or Brand That You Trust Or Has A Good Reputation When It Comes To Privacy.
However, You Don’t Have To Feel Bad If You Use Free Wi-Fi Without Thinking About The Security Risks. According To A 2017 Study From Symantec, 75%of The 15,000 Participants Don’t Use A VPN When Connecting To An Open Wi-Fi Network. It Also Revealed That 60% Of Participants Felt Safe Using Public Wi-Fi, Even Though It’s Anything But Safe And 87% Even Admitted To Accessing Their Personal Emails Or Even Bank Accounts Using Free Wi-Fi.
Conclusion
Free Wi-Fi Hotspots Are Potentially Very Dangerous And Few People Really Understand The Risks. As I Mention Before, There Are A Bunch Of Security Features On The Web And On Our Computers That Protect Us. But Unfortunately, The Bad Guys Are Pretty Clever In Finding Ways Around Those So, Here Is A Simply Advice From Me Keep Your Devices Up-to-date And If You Must, Use A VPN When Connecting To An Open Wi-Fi Network. Whether You Want To Use An Existing Service For This Or Set One Up Yourself Is Up To You.
0 Comments