Subscribe

Public Wi-Fi: your security questions answered


Cape Town, 18 Jan 2016

There are expected to be 350 million WiFi hotspots around the world by 2018. While this brings with it a high level of convenience, there are significant security risks as well. With that in mind, ESET Southern Africa looks at the five top questions you should be asking before connecting to public WiFi.

How does WiFi work?

The term WiFi is short for 'Wireless Fidelity'. It was coined by the trade body WiFi Alliance, which certifies products as conforming to their standards and interoperability. This means that no matter what brand our router, access point or wireless card you're using, they all usually 'play nice' and work with one another.

WiFi creates a localised network so that devices within this area can access broadband Internet. WiFi makes use of radio waves to transmit information across a network, much like TVs and mobile phones, and from your device to the router.

A WiFi hotspot, meanwhile, is simply a public space where you can connect your computer or handheld device wirelessly to the Internet.

What are the security risks?

Cyber criminals often target public WiFi users because, quite often, these networks tend to be open and are therefore easy to exploit.

For example, an attacker may look to carry out a man-in-the-middle attack, putting themselves between the user and supplier by intercepting data sent in transit from the device to the open public WiFi hotspot.

They may also create their own rogue network, sporting an ordinary name like 'Free Wi-Fi'. The hope is that unsuspecting users will connect to it, or launch a brute force attack on the password of a genuine hotspot.

Once they have compromised that Web connection, there are a number of devious ways to develop the attack. Some cyber criminals will direct users to malicious Web sites for drive-by-download malware attacks. While others could look to create spoofed banking login pages to capture sensitive information entered onto that page.

All of the above highlight the importance of making sure that you are logging into an authentic, secure and trusted network, while also making sure your own security is in good order.

What should I not send over public WiFi?

Some online activities shouldn't be done through public WiFi - instead, they should be carried out at home, which tends to be a safer and more secure environment (as long as you are following best practice).

Most of all, you should avoid carrying out banking transactions, logging into social media sites or carrying out other activities over open and unsecured WiFi, especially if you have got no additional security in place like VPN or two-factor-authentication (2FA).

This is because attackers could be looking at your accounts and, unbeknownst to you, stealing your credentials and details as you go about your business.

What can I do to be safer?

You should always start by ensuring that you have done the basics on your computer, such as keeping the operating system and all the software up-to-date and installing a security software solution. After that, it's worth looking at using virtual private networks (VPNs), password managers and 2FA for safer browsing and password management.

VPNs are useful because they encrypt your Web connection from end-to-end, making it harder for cybercriminals to intercept while 2FA makes passwords guessing almost impossible for attackers to infiltrate.

Further, make sure your laptop, tablet or smartphone is set to manually select any WiFi network; try and use HTTPs Web sites to encrypt the web connection from end-to-end where possible and log out from public WiFi when not in use.

What should I look out for when connecting to public WiFi?

You should always look to connect to hotspots that are secure - either via password or online login - and that the WiFi in question is managed by a trusted supplier (in this case, it is always worth asking the venue for login details).

Share

Editorial contacts

Bianca Gardella
OFyt
bianca.gardella@ofyt.co.za