Public Wi-Fi can be very risky if users are not fully aware of it and could be used to steal private information from consumers, according to a leading IT expert.
“Cybercriminals are well aware and have developed techniques to steal information, identity or passwords and money from the users who use public or insecure Wi-Fi connections,” Mohamed Djenane, Security Specialist at ESET Middle East said.
- BSNL’s WiFi+ feature to allow free Wi-Fi hotspot access across 100 countries
- Google Station free WiFi moves to smart cities, 150 hotspots to go live in Pune
- Google’s Android 8.1 Oreo will now display public WiFi strength
- New Android spyware found to steal encrypted WhatsApp messages: Kaspersky Lab
- Most Indians on holiday can’t spend a day sans emails: Survey
- Wi-Fi vulnerable to hacks, as researchers find bug
The worst thing to do is assume without verification that a Wi-Fi network is legitimate and run by a trusted establishment, he said.
It might be a decoy deployed by a criminal! As a general rule, users shouldn’t connect to any network called, ‘Free Wi-Fi’- it could well be a way of getting them to sign up for a newsletter or endure adverts, even if the hotspot isn’t malicious, Djenane said.
The safer alternative is to connect via a 3G or 4G data package. If it is a public service such as a coffee shop, then double checking the WiFi name with a member of staff is advisable, he said.
“On-the-go access to the internet is all by unavoidable and the widespread Wi-Fi promised by smart cities will bring with it a wide range of benefits,” Djenane said.
“Knowing however that our lives today are heavily set in the digital domain, protecting our online presence must become an absolute priority. This might mean placing security over convenience and being smart, rather than sorry,” he said.
The hackers are monitoring network traffic and are looking for users who type in passwords to email accounts, social networks and banking websites. It is therefore best to limit activities to anything that does not require a username and password to log in, he said.
Noting that using email apps on a phone can leak data as there are plenty of free apps that hackers can use to extract this information, Djenane said using a secure HTTPS website, or better still encryption, was definitely the safer route.
Typically, attacks on Wi-Fi hotspots are ‘man-in-the- middle’ attacks where an attacker is able to access the user’s data as it travels. That means anything financial or corporate is out, he said.
Smart devices can give away a surprising amount of data from apps connecting to remote servers. It is always a good policy to police the list of ‘known’ networks thoroughly, he added.