What are you risking on public WiFi?

Originally posted on July 14, 2020 @ 7:23 pm

We’ve all been tempted at one time or another to connect to that public WiFi connection at the airport, Starbucks or the hotel. Whether it’s because you’ve reached your data plan limit, or the cellular signal is just too poor to get a decent data rate it; crosses everyone’s mind from time to time. That’s a dangerous decision that many people make every day without thinking of the potential consequences and inherent risks.

Public WiFi, by definition, is easy for the public to access and use. Because of that, administrators rarely put significant security in place to protect the users connecting to their networks.  The danger of connecting to the public WiFi is who’s listening.  The technical term is Man-in-the-Middle (MiTM) attack. A MiTM attack is where an attacker intercepts the communication between two parties and sometimes alters it or uses it (in the case of username and password) later. When connecting to your corporate WiFi network, there is generally more security including stronger passwords, and encryption for those who access the system. On your home network you are protected by the passwords and encryption you’ve setup on the network and the number of users who can physically connect to your network (based on proximity).  Of course, if you live in a Condo, TownHouse or Apartment, there are many more people who can receive the WiFi signal than if you live in a single family home, but I’ll discuss home/corporate WiFi security at another time.

A real world example of a MiTM attack was uncovered by Kaspersky Lab in 2014 called “Dark Hotel”.  Dark Hotel operated for more than seven years before being discovered and is believed to be a sophisticated economic espionage campaign by an unknown country. Dark Hotel targeted CEOs, government agencies, U.S. executives, and other high-value targets while they were in Asia. When executives connected to their luxury hotel’s WiFi network and downloaded what they believed were regular software updates, their devices were infected with malware. This malware could sit inactive and undetected for several months before being remotely accessed to obtain sensitive information on the device.

This all sounds terrible and I HIGHLY recommend, NEVER connect to a public WiFi. But I know that sometimes it is just impractical to do anything else.  So if you must connect, here are some precautions and recommendations:

  1. Don’t do online shopping, log into your financial institution or other sensitive activities on public networks.
  2. Use 2-factor authentication when logging into sites when possible (including Gmail).  2-factor authentication ensures that malicious users cannot log into your account at a later time without both authentication mechanisms (like your password and cell phone)
  3. Whenever possible, use HTTPS for websites.  It encrypts the data and makes you a harder target.
  4. Turn off File sharing, automatic connections, and other services that would transmit your password or open you up to an attack.
  5. Use a Virtual Private Network (VPN) service.  This encrypts your data from the computer to another device on the Internet and ensures that no one connected to the local network can eavesdrop on your communications.

Even doing all of these steps could still result in a compromise when connecting to a public network if someone is determined to attack your device.  Implementing these steps will ensure that you’re more protected and a harder target than the guy sipping the latte next to you and hopefully, the attacker will go after them instead. Your best bet is to buy a MiFi, implement personal hotspot capabilities on your cellular phone or buy an unlimited data plan so you don’t have to use someone else’s network to get to the Internet or other online resource.