Interviews

Never trust a WiFi network

by Mark Rowe

We’ve all been at an airport or coffee shop and checked our phone to see that our internet connection is incredibly slow. You curse and then you notice that they offer free WiFi, writes Ryan O’Leary, pictured, Senior Director of the Threat Research Center at WhiteHat Security.

“What fortuitous circumstances!” you think. You look on your phone for what networks are available around you and you see:

Starbucks

FREE_Starbucks

Public-Starbucks

Uh……. ok…… which one do you choose? They all seem like Starbucks owns all of these so you go ahead and connect to the first one. After a few days you notice your credit card has some weird unauthorised charges. “That’s odd” you think, “maybe it had something to do with that free WiFi I connected to …. While connecting to free WiFi networks seems like a good idea, it can be extremely dangerous. The danger is that it is incredibly easy to set up your own WiFi network at these locations. An attacker buys a relatively inexpensive tool, which he can set up at any location and give it any name they like. Victims will think that the network is legitimate and connect to the attackers WiFi network. After connecting, the attacker can now see the traffic going between the victim and the internet, effectively spying on all the traffic going back and forth between the victim and any site they are browsing. This is what is known as a ‘man in the middle’ attack. So how do you protect yourself from being a victim?

1) I always like to turn off WiFi if it’s not being used. This serves two nice purposes. It saves your battery, which is always nice, and it protects you from having your device connect to an undesirable WiFi network without you knowing it.

2) If you need to connect to a WiFi network confirm the name of the network with someone at the business. Often in airports there will be official signs with the networks name on them hung throughout. Smaller locations are tougher because attackers can make very convincing fake signs and sprinkle them throughout the business. In these cases I like to ask someone working there what the network name should be.

3) Never trust a WiFi network. I never do any banking, purchasing or sensitive transaction while connected to a public WiFi network. Save that for home or a WiFi network you know and trust. It’s just not worth it. If you absolutely have to, make sure the site is using “https” in front of the URL.

4) If you do connect to a public network, use your phone or computer’s ‘forget network’ feature after you’re done. Your phone will have a list of all networks it’s connected to in the past somewhere within your WiFi settings panel. If WiFi is enabled your phone will automatically connect to these networks. To prevent it from doing that, always go into this settings and either long hold them or select the options menu and select ‘forget network’. This will prevent your phone from automatically connecting.

Related News

  • Interviews

    Euro cyber centre

    by Mark Rowe

    A European Cybercrime Centre (EC3) at Europol has opened. It’s tasked with tackling organised crime groups doing online fraud; online child sexual…

  • Interviews

    Crisis comms

    by Mark Rowe

    Persistent crisis communications is not a contradiction in terms, writes Nigel Jones. Traditional approaches to crisis communications envisage a beginning, middle, and…

  • Interviews

    Data destruction website

    by Mark Rowe

    S2S Group, the Rotherham based data destruction and Waste Electrical and Electronic Equipment (WEEE) recycling company has launch its new website. The…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing