As the demand for digital connectivity grows and mobile devices become increasingly data-hungry, it has become common to be able to access some form or other of free Wi-Fi at many locations. Some individual retail outlets offer this service and at another end of the spectrum some entire shopping complexes offer free Wi-Fi as well.
This is so much so that it’s so easy and natural for many people to simply whip out their phones or tablets and connect to a public Wi-Fi point. A point which allows free Internet surfing, but which is not safe nor secure. In fact, everything you do while you’re connected to that public Wi-Fi can be seen by anyone who’s looking.
Still think hooking up on that free connection is great?
According to LE Global Services (LGMS) executive director Fong Choong Fook, it is extremely difficult even for experienced IT people to know if the public connection they are on is being monitored or not. Even worse is the possibility that the network is not really a public Wi-Fi spot, but rather a spoof set up by a hacker to trick people into using that Wi-Fi point.
“The one watching is not usually actively doing anything except just that; watching, so you will never know they’re there. But as they watch, note is being taken of any sites you access, along with usernames and passwords,” says Fong.
Research has shown that Fong’s opinion is backed by solid fact and made even more frightening that these kind of snooping tools are readily available for free.
Primary dangers when on free Wi-Fi
- Main-in-the-middle attacks: This is where attackers set up a system specifically to act as a conduit between users’ systems and the information they’re trying to access. By employing this method, all information that is transmitted is captured by the attackers automatically. This is one of the most potentially dangerous methods, since the security of the site you’re trying to access isn’t taken into account.
- Malware: Very common and with the potential to be deadly, Malware can give an attacker access to everything on your device. Not only can they steal your data, but they can also remotely turn on your camera or microphone. If you’re on free Wi-Fi, attackers can easily slip one of these into your system. Thankfully most malware can be protected against by almost any reputable anti-malware program.
- Wi-Fi sniffing: As mentioned, monitoring data traffic is almost ludicrously easy on public Wi-Fi. Using this method, attackers can record massive caches of data as it goes through that network channel, to be analyzed for later use. So much for that secure password.
Evolving security needs
Public Wi-Fi was not originally designed with the 21st century in mind. These networks did not anticipate the explosion in growth of mobile devices as well as ever evolving security demands. Yet Fong said this had been going as early as the 1990s.
Most experts suggest that users who wish to use public Wi-Fi at least secure themselves by using a Virtual Private Network (VPN). VPNs allow all data traffic from your device to be encrypted, so it doesn’t matter if the network you’re on is secure or not since nothing you transmit can easily be unscrambled. VPNs also do not use the public Wi-Fi connection’s DNS setting, so the usual hacker sneak peeks won’t work.
“In a purely Malaysian context, so far this year Cybersecurity Malaysia has knowledge of eight instances where private Wi-Fi networks were hacked and 1,462 cases of online intrusions. This is more than twice all the incidents over the same period last year,” said Fong.
Security experts at LGMS help major banks in the country test their network security, so they are some of the best in the field. For the public, aside from using VPNs, Fong advises them to keep their Internet browsers updated and to ensure that their password saving in cache is disabled.
Other tips for securing your digital safety
- Make sure to always keep an updated mobile antivirus and security app on your device
- Try to keep to apps that use encryption or are at least in widespread use and well rated in the app store.
- Use strong passwords and avoid using the same password for all your different services.
- Ensure your Web-based email is secure. Even if connections are secure, some emails are transmitted without encryption.
- Double check to ensure that connections you’re logging on to are authentic. Be cautious of spelling errors or such other tell-tale giveaways. When in doubt, ask.