Free public WiFi is now available in many places. Airports, hotels, and coffee shops all promote free internet connection as an added benefit of using their services. For many people, being able to connect to a free internet on the go seems ideal. This would be particularly useful for the traveling business person, now able to access their work emails or share documents online.
However, there are more risks to using public WiFi hotspots than many internet users might have realized, and most of those risks are related to Man in the Middle attacks.
Man in the Middle attack
A Man in the Middle (MitM) attack occurs when a malicious actor manages to intercept the communication between two parties. There are various types of MitM attacks, but one of the most common is to intercept a user’s request to access a website, sending back a response with a fraudulent webpage that looks legitimate. This may happen to pretty much any website, from online banking to file sharing and email providers.
Therefore, the Man in the Middle is a third party who is able to intercept the data sent between two points, pretending to be a legitimate intermediary. Usually, MitM attacks are performed to try and trick users into entering their sensitive data into a fake website, but they can also be used to merely intercept a private conversation.
WiFi eavesdropping is one kind of MitM attack where the hacker uses a public WiFi to monitor the activities of anyone that connects to it. The information intercepted may vary from personal data to patterns in internet traffic and browsing.
Typically, this is done by creating a fake WiFi network with a name that seems legitimate. The fake hotspot name is often very similar to the one of a nearby store or company. This is also known as the Evil Twin method.
For example, a consumer may enter a coffee shop and realize that there are three WiFi networks available with similar names: CoffeeShop, CoffeeShop1, and CoffeeShop2. The chances are that at least one of these is a fraudster’s WiFi.
Hackers may use this technique to collect data of any device that establishes a connection, which eventually allows them to steal login credentials, credit card information, and other sensitive data.
WiFi eavesdropping is just one of the risks associated with public networks, so it is always preferable to avoid using them. If you really need to use a public WiFi, make sure to check with an employee whether it is authentic and secure.
Sometimes, criminals make use of specific computer programs to intercept data. These programs are known as packet sniffers and are often used by legitimate IT professionals to record digital network traffic, making it easier for them to detect and analyze problems. These programs are also used to monitor patterns in internet browsing within private organizations.
However, many of these packet analyzers are appropriated by cybercriminals to gather sensitive data and perform illegal activities. So even if nothing bad appears to happen at first, victims may find out later that someone has committed identity fraud against them or that their company’s confidential information was leaked somehow.
Cookies Theft and Session Hijacking
Basically speaking, cookies are small packets of data that web browsers collect from websites as a way to retain some browsing information. These packets of data are usually stored locally (as text files) on the user’s computer so that the website recognizes the user when they return.
Cookies are useful because they facilitate communication between users and the websites they visit. For example, cookies allow users to remain logged in without having to enter their credentials every time they visit a particular webpage. They may also be used by online shops to record items that customers previously added to their shopping carts or to monitor their surfing activity.
If malicious actors are able to intercept and steal the cookies you are using to communicate with websites, they can use that information against you. This is called Cookies Theft and is often related to what we call Session Hijacking.
A successful session hijacking allows an attacker to impersonate the victim and communicate with websites on their behalf. This means they can use the victim’s current session to access personal emails or other websites that may contain sensitive data. Session hijacking occurs commonly at public WiFi hotspots because these are easier to monitor and much more vulnerable to MitM attacks.
How to protect yourself from MitM attacks?
Turn off any setting that allows your device to connect automatically to available WiFi networks.
Turn off file sharing and log out of accounts you are not using.
Use password-protected WiFi networks wherever possible. When there is no option but to use a public WiFi network, try not to send or access sensitive information.
Keep your operating system and antivirus updated.
- Avoid any financial activity while using public networks, including cryptocurrency transactions.
Utilize websites which use the HTTPS protocol. Keep in mind, however, that some hackers perform HTTPS spoofing, so this measure is not entirely foolproof.
Using a Virtual Private Network (VPN) is always recommended, especially if you need to access sensitive or business-related data.
Be wary of fake WiFi networks. Do not trust the name of the WiFi just because it is similar to the name of a store or company. If in doubt, ask a member of the staff to confirm the authenticity of the network. You may also ask if they have a secured network you could borrow.
Turn off your WiFi and Bluetooth if you are not using. Avoid connecting to public networks if you do not really need it.
Cybercriminals are always looking for new ways to access people’s data, so it is essential to inform yourself and stay vigilant. Here we discussed some of the many risks that public WiFi networks may present. Although most of those risks can be mitigated just by using a password-protected connection, it is important to understand how these attacks work and how you to prevent yourself from becoming the next victim.