The benefits of connecting to public WiFi hotspots could be significantly outweighed by the inherent dangers, if they’ve not been sufficiently protected.
This is a warning sounded by IT security firm Akita, which has urged anyone connecting to public WiFi to proceed with real caution.
The warning is especially pertinent during the current coronavirus pandemic, with remote working meaning that more people are connecting to networks outside of their home or office – and doing so on corporate devices.
One such danger Akita highlighted is the so-called ‘Evil Twin’. This is where cyber criminals set up a network alongside an existing, reputable one, claiming to be genuine. Users who are unaware of the duplication may connect to the WiFi spot thinking they’re connecting to a secure solution they’ve used before, when actually they’re opening up their data to hackers.
Another is the ‘Man in the Middle’ – which is particularly risky for open networks that aren’t password protected. Here, a third party intercepts data between it leaving the user and heading to the network, taking all the personal information with it. Should a user log into their online banking, for example, hackers could easily glean their username and password.
Even those who feel on top of cyber security could easily be hoodwinked, with techniques such as HTTPS spoofing. For this, hackers manage to create a fraudulent, duplicate site, and even trick the user’s browser into thinking the URL is secure. Seeing the small lock icon could put minds at ease when the reality is much more sinister.
Thankfully, there are a few simple measures that individuals can use to stop the hackers in their tracks. One is to tether laptops to mobile devices, connecting to the internet via a personal hotspot. The 4G and 5G connections used here are encrypted, so data will be much more secure.
Also, if a WiFi connection is password protected, it’s worth thinking carefully about what credentials to input when creating a new account. Anyone recycling a password that has been used elsewhere will effectively just be giving hackers a master key to numerous other accounts were it to be exposed. A unique one will make this impossible.