Public Wi-Fi – is it safe?

Public Wi-Fi – is it safe?

Stuck without a data connection while you’re out and about? Free public Wi-Fi offers you quick access to the internet in airports, cafes, hotels, main street hotspots, even fast food chains. Burger, fries, and Wifi password please! You can work or play while you wait and, best of all, it’s free. But is it secure? The clue is in the name – ‘Public’ not ‘Private’ Wifi.

When you access a website, it usually needs 10-30 computers in-between to send the data. A typical route is that you connect to your router, your router connects to your Internet Service Provider’s (ISP) main router. That router connects to an international overseas router, then that one to the main datacenter core router, and finally to the destination webserver.

It sounds complicated, but basically, each of those machines, or hops, processes your website request and passes it along until it reaches the destination server, or website, you were accessing.

blog_main_public_wifi

So, what’s the danger?

At each one of these hops, your data is received and moved along. If this data is unencrypted, each hop can also log in and watch it. So, you should automatically assume that everything you do while connected to a public Wifi network is able to be seen. Further, cyber-crime is ever-changing but there are three very specific recurring threats facing public Wi-fi users.

Man-in-the-middle attacks

This is where someone on the same public network is able to get their PC between you and the destination webserver (the website). If positioned correctly, a web pickpocket can simply pluck your passwords, emails, documents, even your logins, from the air. Instead of skulking in back alleys, now the Artful Dodger sits comfortably with a laptop, software and a cup of coffee while you pay your bills online as they watch. If they are able to  intercept passwords and usernames, these elusive men-in-the-middle can also do some amateur theatricals known as spoofing.

Spoofing is when a con artist impersonates someone else and starts a conversation with you. They can even impersonate you to someone else at the same time and be in the middle of a correspondence, opening up all sorts of nasty possibilities. For example. Any router hop (one of the ten to thirty computers we mentioned before) between source and the destination computer may ‘pretend’ to be the destination computer for say, PayPal.com. When your browser connects to the this hop, it expects that the response is actually coming from PayPal. It checks the server certificate to see if it is from a Trusted Root Authority such as Verisign. But if someone has hacked the certificate authority, when you arrive at this hop, your computer may be infected with malware that makes your computer believe it that the Server Certificate is Authentic when it isn’t. It will show green and away you go with your credit card details only to have them sent straight to a cyber-criminal.

Sniffing

Sniffing involves similar technical access, but is instead the constant monitoring of public network traffic, grooming for passwords and interesting data. It’s electronic snooping that needs only some software on a laptop and a certain lack of morality. Just one of the things they can steal is the session cookies that keep you logged on to  websites that retain passwords and credit card information, such as Ebay, Mail and Amazon. A bloodhound is sniffing and stealing your private data. That person with the laptop in the corner might not be on Facebook after all.

Malware Invasion

Malware is malicious software downloaded to your PC over a network. It gives someone access to your computer without you even knowing it. For instance a hacker can set up a Wifi network with a name just like the one you’re expecting.  You look up ‘Joes Cafe’ instead of ‘Joes,’ innocently log on and now the hacker can access your computer and install their malware to record your passwords, send you to unsafe websites or send 1000 spam emails from your Outlook account.

Though the threat landscape is rapidly changing, there is some good news. You can prevent Malware invasion with a top grade anti-malware program.

Emsisoft Anti-Malware
Emsisoft Anti-Malware

Let’s look at what you can do to get some protection from man-in-the-middle and sniffing attacks too.

How do you protect yourself?

  • Small settings changes: Select the option to use authentication and SSL in Outlook’s advanced email settings. This creates an encrypted link to help keep your emails private. If you’re using a webmail service check with that service how to add SSL encryption or look for HTTPS in the web address, a standard encryption protocol that delivers your information privately.
  • Turn file sharing off in the advanced network and internet settings. If you’re usually working in an office where you share files then turn this off when out and about – it’s an open invitation for sniffers!
  • Turn your Wifi off when you don’t need it.
  • Check the name of the network is correct. Sniffers set up their own hotspots hoping you’ll log in and show them everything.
  • Only use https websites for secure information. The ‘s’ added to the http shows that the connection is delivering the data securely by using SSL – a secure encryption protocol. Any website that requires sensitive information should use SSL and be identified by the https: at the start of the website address,  like our License Centre:https_emsisoft
  • Use cell data for sensitive browsing. If you’re doing anything you wouldn’t want someone snooping on, such as internet banking or online shopping where your credit card details are required, use your own laptop data, or your cellphone’s personal hotspot.

Extra security measures you can take

Software – keep your software up to date so you don’t get download requests on the move. If you do get requests be very very suspicious. Ensure you are running, and regularly update quality anti-virus software.

VPN  – a Virtual Private Network service channels your data through their encrypted tunnels so it is secured from prying eyes. Do some homework first. Learn what suits your needs best and understand how it works. It isn’t a complete solution, and they’re still susceptibilities, but it does help.

Firewall – your built in Windows firewall can help stop others accessing your PC, which is good. But it won’t protect the data you are transmitting over the public wifi. Still, it adds an extra layer of protection.

A word on Encryption

Public Wifi often boasts localized encryption. Additionally, you can run an encryption programme on your laptop to encrypt data transfers. But what do these two options actually offer?

Many public Wifi networks now use WPA2 encryption. This secures the wireless transfer from your computer to the local router at the heart of the Wifi hotspot. That’s good, but what happens next isn’t. The router then sends your data to the internet with no encryption. It’s at this point someone can sniff or record it. Unfortunately, our data is still not safe.

You can also use various encryption tools on your laptop. For instance you can encrypt a folder or file in the advanced tab of its properties. You can also set Outlook to encrypt emails which can then only be read by someone with whom you have shared certificates. Microsoft’s BitLocker is built in to Windows and can encrypt your whole hard drive. Additionally, you can use browser based tools to encrypt online email clients.

But all of these tools needs a good level of knowledge and experience to use effectively and without that they may provide a false sense of security. Like some of those electrical goodies you buy really cheap online with an instruction manual of 100 pages of incomprehensible English, it simply is just not that easy. If you don’t know how it works, you won’t know if it’s even working. Our sage advice is not to use them.

blog_content_breaker_public_wifi

The last word on keeping safe

We’ve discussed some settings you can adjust on your laptop, and some simple things you can do to help keep your data safe.

If you still really need to use public Wifi for everything we’ve suggested three security measures you can take.

But ultimately the four things that will keep you safe on public Wifi networks are:

  • Don’t use public Wifi for any sensitive information. Turn it off and use your own mobile broadband.
  • Have the latest and best anti-virus and anti-malware protection installed and regularly updated, such as Emsisoft Anti-Malware.
  • Install and run Emsisoft Internet Security. Its firewall helps to keep your PC invisible to others on public wifi.
  • Clean your computer regularly with the Emsisoft Emergency Kit which can be used without installation.

Have a happy (malware-free) day!

Your Emsisoft Team.

 

  • cat1092

    One gets what we pay for, in this case, that ‘free’ wireless hotspot may end up costing much more than we think. If on the go a lot with a mobile computer & have a smartphone, there’s ways to tether with some. There’s also ‘pay as you go’ wireless cards that cell based, as well as monthly plans to fit any need or budget.

    For example, one that offers 10GB of ‘4G’ data per month. We can perform Windows Updates (all except ‘out of band’ critical) at home, and if we have Windows 10 Pro, there’s an option to defer updates, one reason alone to consider Pro in this situation. 10GB should be sufficient to perform most business/school use with in a month’s time, and if not, many plans simply rolls back to the slower ‘3G’ data, still plenty fast for email checking/transactions.

    It’s not safe to even use Linux OS’s on these hotspots for anything other than check the news or weather, because once the data is on the network, it’s out of the secure OS’s hands. While it’s harder to break into a Linux computer, these aren’t bulletproof OS’s, there’s no such thing. The data, once sent, travels through the same highways others OS’s. A VPN won’t help here, because to have the service, one still has to connect to the hotspot.

    So the best policy is if one cannot afford a cell based wireless card, then use a smartphone (many are prepaid & has lots of included data), there are low cost ones in the $100 range, though one gets more for another hundred. And as stated above, if one cannot directly tether, there’s a way to make many smartphones operate as a wireless hotspot, an included feature of the device. Just as like home, create a secure passphrase & we’re good to go.

    While back in the day, free wi-fi was great, and many, including myself, didn’t pay for Internet service for years. If one doesn’t do any online transactions nor banking, it still may be OK, as long as one has Emsisoft Anti Malware or Internet Security covering our backs. Just be sure to pick your hotspot carefully, for example many public libraries has content filtering on the network, making these a lot cleaner, though one is still open to ‘man in the middle’ attacks, as discussed in the articles.

    The bottom line is that no ‘free’ wireless hotspot is as secure as that of a well secured home network. By that, I don’t mean just to plug the router in & set a password, rename your network, create all new passwords, disable remote administration & UP&P (unless needed), make sure that the NAT Firewall is enabled and use guest networking for when family/friends comes over. This password is easily changeable after the guests departs & a good thing to do, don’t let your guest network become another free hotspot, some will park within range & commit illegal activities & the consequences are on the subscriber. Plus it doesn’t cause infections to spread to our computers, having guests on a dedicated network.

    Cat