WiFi – The Dangers of Connecting to “Free” Public Networks
We’ve all been there… airport lounge, coffee store, shopping mall, sports event…we want some wifi access to get onto the internet so we open our phone settings and see a “Free Wifi” access point.
It may seem legit, a store name or a business name and it has public access. BUT, are they who they say they are?
Is it real or is it a bogus access point set up by hackers to lure you in and steal your data?
How do Cybercriminals use Wi-Fi Pineapple, for example, to Steal Our Info? There are three primary ways that cybercriminals use Wi-Fi Pineapple to commit cyber attacks:
Man-In-The-Middle Attack: The Wi-Fi Pineapple is used to eavesdrop on people using public Wi-Fi. The Pineapple is configured to act as the Wi-Fi network that people believe they are connecting to. But instead, they’re connecting to a fake network that allows cybercriminals to easily access and capture all shared data on the network. There is no way to know if you’re connected to a legitimate public Wi-Fi network or a Pineapple network.
Evil Portal:To take the man-in-the-middle attack to the next level, cybercriminals create websites that look legitimate, and when people attempt to connect to the actual site, they are redirected to the faked website. This setup makes it easy for criminals to capture login information, credit card data, and any other information you provide to the website. For example, a faked Amazon website can be used to steal credit card data, addresses, phone numbers, passwords, etc.
Fake HTTPS: HTTPS is used to secure websites and encrypt data. This reality gives website users protection by providing a secure layer of communication. Websites that collect personal and confidential information, such as ecommerce sites, government websites, or videoconferencing, must use HTTPS. Cybercriminals use the Wi-Fi Pineapple to direct HTTP requests (most people do not use HTTPS when typing URLs) from the real HTTPS server to their Pineapple so they can remove the secure layer protecting and encrypting data. The only noticeable difference for the website user is the missing “lock” icon in the left corner of the URL bar.
Before we move ahead to ways we can protect ourselves, take a look at this short video showing how easy hackers can steal our data in a real time simulated attack…
How Can We Protect Ourselves?
AlwaysUse VPN services on public Wi-Fi networks
Never connect to open unsecured public Wi-Fi. Even if this is the only Wi-Fi available, do not connect to it. Providing your email address and accepting the terms and conditions of the Wi-Fi owner does not mean you are connecting to a secure Wi-Fi.
Only use HTTPS-protected websites. In the URL address bar, check to ensure the URL uses HTTPS and that the green lock icon is present. Never provide personal confidential information such as passwords, credit card details, or bank information on a website that does not use HTTPS.
Turn off auto-connect. Ensure your mobile devices are not configured to connect to public Wi-Fi that is not password protected automatically.
Configure your mobile devices and laptop to “forget” public Wi-Fi network connections. This prevents you from telling cybercriminals that you have used this public network in the past, making it difficult for them to trick you into connecting to a fake network.
Disable Bluetooth auto-discovery. Cybercriminals listen for Bluetooth signals that they can hack to connect to mobile devices.
Be aware of your surroundings. Do not leave your laptop open on a coffee shop table or leave your mobile device unattended at the charging station. Do not ask someone to “watch” your laptop while ordering a coffee or going to the bathroom. Be aware of people sitting too close who may be listening to your conversations or looking at your screens.
Always install the latest updates, patches, and versions. Ensure your computer and mobile devices have the latest applications, operating systems, network tools, and internal software installed. Ask the IT/support team to verify that your devices are up to date.