Public Wi-Fi networks can be met literally anywhere. You get your morning coffee in the nearest café – it has its own Wi-Fi, having lunch in a local fast-food restaurant – it has large labels on every table telling you that there is a public Wi-Fi connection in this building; even when you are riding home on a public transport – you can use Wi-Fi offered by a transportation company for every passenger.
We don’t even mind that public networks, like any other public place, is a perfect environment for cyber burglars. For last ones, such networks are something like Klondike, where they are able to get access to any information they want, and perform any other undesirable things with our devices. But first things first, let me explain why and how public networks can be exploited by criminals.
Public Wi-Fi and it’s poor security
First, let’s understand the initial reason for such an interest in public networks by cybercriminals. The majority of public Wi-Fi hotspots are not secured: proper network setup is not so easy to perform, so usually public Wi-Fi spots do not require any password to connect. In some cases, such connections are “secured” with WEP (Wired Equivalent Privacy) protocol, which is extremely easy to crack because of its low defensive capabilities. The reason is that WEP uses very similar encryption keys for all types of traffic. WPA (successor of WEP) is a much more efficient encryption protocol, however, it’s a little bit hard to set up this type of wireless network security. That’s why WPA protocol is rarely used in public Wi-Fi networks.
Every time you are attempting to open the website, or to refresh your feed in social media networks, your device sends a data packet to the server. In case if the network you use for this purpose has an encrypted connection, these packets will be encrypted, so it will be impossible to read them without the specific decrypting software. But if you use unencrypted connections (like public Wi-Fi hotspots), cyber burglars may easily intercept your data packets and grab the data they need – passwords, credentials, conversations, mobile banking login/password, and a lot of other information. Such a method of data theft called “Man in the Middle” or “MitM”.
Tricky tricks with public Wi-Fi
The separate case of MitM is network substitution fraud. Cybercriminals create a separate Wi-Fi access point, naming it closely to the name of a popular local public place, like a shopping mall, restaurant or hotel. Victims see a network with a familiar name (for example, DominoSPizza), and connect to it without any doubts, forgetting that the original network is named as Dominos_Pizza. As a result, criminals who have full control of this network, are able not only to intercept your data packets, but also to see the websites you visited and data you inputted on these websites.
But all situations mentioned above have no visible effects. If your Facebook account was stolen, you will discover this only after some period of time. However, cybercriminals can make money distributing different malware through public networks. Both network protocols and computer systems that are usually used by victims, have a lot of vulnerabilities1. Of course, these security breaches are known, and software creators are trying to close all of them in fresh updates of their products. However, the activity of such updates installation is relatively low, especially if we are talking about firmware updates for Wi-Fi routers.
If you are connected through a fake or unsecured public Wi-Fi network, criminals may easily scan your PC network software/hardware for available vulnerabilities, and then send you the virus they want as a part of an incoming data packet. The type of the virus, as well as its severity, depends only on the malware distributors wish.
How to stay safe in public networks?
It’s quite a complicated question, because there are a lot of possible solutions, but none of them can guarantee you 100% defense.
- Use virtual private networks with data encryption option. They create an intermediary that will secure your data of any kind of theft.
- Pay attention to the name of the network you are going to connect. Try to find a sign, where the correct name of the network of the hotel/restaurant who offers this network is specified.
- Prefer the WPA-encrypted networks to WEP-encrypted and unencrypted. The type of encryption can be checked in the network properties after the connection is established.
- If the usage of a public Wi-Fi network is unavoidable, try not to send any confidential data through this network.
- Vulnerability of Qualcomm and MediaTek Wi-Fi chips discovered several months ago