Nick Shaw, vice president and general manager of Consumer Business Unit at Symantec reveals how to stay safe on public Wi-Fi in an exclusive Q&A with PCR.
How secure are public Wi-Fi networks?
Public Wi-Fi networks are, by nature, unsecure. Public Wi-Fi hotspots are open networks, which anyone (including cybercriminals) can access. The issue with public Wi-Fi hotspots is that many do not encrypt the information being sent across the network, which means that anyone on the network is able to see what you’re doing and accessing while connected. For example, a ‘sniffer’ can monitor traffic over public Wi-Fi networks to snoop on your browsing sessions and capture your information. Unfortunately, even supposedly ‘secured’ public Wi-Fi networks that require a password, aren’t necessarily safe. There’s no guarantee that the person who set up the Wi-Fi network turned on all the security features or regularly updates patches, and anyone with access to the password can connect to the network and see what you’re doing. There are also more nefarious techniques such as fake public Wi-Fi networks, which can be set up with ease by anyone, including a sniffer. These networks are designed to intercept information, log keystrokes and carry out attacks.
What are the security risks around sharing data over public Wi-Fi?
There are a number of security risks associated with sharing personal data and accessing personal information over public Wi-Fi networks. Such activity on public Wi-Fi is just the same as broadcasting your personal smartphone, tablet, or laptop screen on a billboard – everything you do on a website or through an app can be seen by someone using the right tools and techniques to eavesdrop on your browsing session and capture your information. Cybercriminals can also use spyware technology and activity trackers to feed advertisements. But, some of the more serious risks and consequences of sharing data over public Wi-Fi include identity theft and unauthorised access to sensitive information. If a cybercriminal can intercept any piece of information and data you sent via an unsecured Wi-Fi network such as account credentials when you log in, credit card information when making an online purchase, and even security credentials for online banking, they can then access your accounts as they please.
How does a hacker access somebody’s data via public Wi-Fi?
There are a number of ways an attacker can access your data on unsecure public Wi-Fi networks. The most common way a cybercriminal can access your personal information is by using a ‘Man in the Middle’ attack to eavesdrop on your data as it travels from point A (your device) to point B (a website). This kind of attack is made possible when a cybercriminal has access to the same Wi-Fi network as you. They use special tools to scan the network’s router looking for vulnerabilities such as default or weak passwords, or even security holes due to the router being set up without basic security. When the hacker finds a vulnerability, they will then use widely available tools to get in between points A and B to intercept any information — such as your bank account credentials, credit card numbers, or social media logins — that passes between the two. Another tactic cybercriminals have been known to use is creating fake and illegitimate public Wi-Fi networks, usually with a name similar to the legitimate one you are trying to connect to, to lure you to connect to their Wi-Fi network. Once you do, cybercriminals can then intercept data and even inject malware into the device connected to the Wi-Fi network.
What are the risks of accessing a public Wi-Fi on a mobile device?
The risks of using an unsecure public Wi-Fi network are the same, regardless of the device. Any information shared using the public Wi-Fi network, whether through your mobile device’s browser or apps on your smart phone can be monitored by someone on the same network.
How can consumers protect themselves when using public Wi-Fi?
Firstly, consumers should be vigilant and avoid connecting to fake networks that masquerade as legitimate hotspots. When you arrive at a café or airport, for example, double check the name of the network with an employee or through official signage to confirm the network’s legitimate name and connection process. Secondly, consumers shouldn’t allow their wireless connection to automatically join the nearest network. Instead, they should always manually select the hotspot that they would like to join. However, even on legitimate public Wi-Fi networks, attackers can still access their information. Therefore, the best way to ensure that their personal and sensitive information remains private and doesn’t fall into the hands of a ‘sniffer’ is to use software which provides a Virtual Private Network (VPN), a kind of secure ‘tunnel’, when on a public Wi-Fi network.
What is the benefit of using a VPN?
A VPN is an easy way to protect your data as it’s transmitted. Consider it a ‘secure connection’ through which all your data is sent and received between you and the internet, but without interception by sniffers. Anything that comes in or out of your device as a result of your online activity is encrypted – almost like a secret code that only you and your VPN share – to prevent hackers from hijacking your accounts, no matter what type of network you're on. The encryption from the VPN masks your identity, location, data, and provides an effective extra layer of security over everything you do online.
Any additional comments?
The key lesson is this: the same features that make public Wi-Fi networks so easily convenient and accessible to you can also make them equally accessible to cybercriminals.