While enjoying a beverage at Tim Hortons, waiting in the emergency at the hospital, or even during a long bus ride to another city; Wi-Fi has become a service we all expect. A simple entry of a username, password, and a click of the “accept” button to indicate you’ve read and accepted whatever terms of use are listed, and voila!

The above is the typical scenario we’ve all experienced at one point, not thinking twice about connecting to an openly available Wi-Fi connection. In fact, according to a study performed by Norton by Symantec in 2017, approximately 55% of consumers globally admitted to connecting to any available Wi-Fi signal. How can you blame them? Costs for data overages can be expensive; On average you could be paying around $10 for every 100MB you go over your data limit. Public Wi-Fi offers convenience and savings to your wallet, but have you ever thought about what kind of security is on these public connections? To be completely honest, there may be very minimal to no security at all. Often times public Wi-Fi connections are provided without any type of encryption, despite having you enter your username-password combination to access. This can leave your device and the personal information stored on your device at risk to attacks like identity theft.

Before you go beating yourself over your head, just know that you’re not alone. In the same report by Norton, they indicated that 60% of those surveyed felt their personal information was safe when using public Wi-Fi. But why is public Wi-Fi unsafe? There are 2 main reasons:

  1. Anyone can connect to a public Wi-Fi connection; therefore, it is impossible to know who else is using the signal
  2. How do you know who set up the Wi-Fi connection?

To expand on these points, there are great videos on Youtube where security experts demonstrate three different methods of how an attacker could access your browsing information or your personal information off your devices.

The first example is simple. An attacker will connect to the public Wi-Fi network and using a “sniffing” program that captures, collects and analyzes data that was sent from a device: website URLs, emails, messages, pictures, etc. However, this method isn’t as practical since the introduction of browse site lock requirements (which I’ll review later in the article).

The second method that an attacker can expose on a public network is called “arp spoofing”, this is an intricate method to explain and involves two components. The first component is called a Media Access Control address (MAC address), this is a unique physical address that is assigned to the network adapters on a computer at the manufacturer, you can relate these addresses to your house number. The second component is called an Internet Protocol address (IP address), this is like your houses phone number on the internet. So how does an attacker exploit these 2 components? All networks keep what is called an “arp table” this table records what MAC address is associated with what IP address, kind of like a telephone book. So, when your computer sends out a request asking what MAC address is linked to an IP address, our attacker’s computer can respond with spoofed information that they can either forward or redirect them to a malicious websites or server.

The third method is where an attacker uses their own rogue Wi-Fi antenna and broadcasts their own public Wi-Fi connection. This connection name can be similar to an existing name or branded to the local establishment if none actually exists. Once people connect to their rogue network, everything a person does from their device is sent to the attacker’s computer. Now the attacker can store, relay or possibly alter communications between their device and another party; This is also known as the “Man In The Middle” attack.

Using the above methods attackers can easily gain access to your devices, access the information they hold, as well as intercept and redirect your internet activities. So how can you ensure your connecting to a legit public Wi-Fi network, and protecting yourself while joined to these networks? Let us tell you.

Guidelines for Using Public Wi-Fi

Despite the dangers of using public Wi-Fi, realistically in our digitally connected world, the urge to want to post your latest interesting foody photo or to open that important word document that was emailed to you is going to overshadow these risks. The best advice we, and other security experts around the internet recommend, is to limit the use of public Wi-Fi in the first place.

These are some guidelines to follow while connecting and using public Wi-Fi:

  • Stick to Wi-Fi networks that do not post their passwords openly.
  • Ensure the websites you visit have the browse site lock. This is the green lock that appears on your web browser’s address bar. This ensures that the site you are visiting is encrypting your session and your activity on the site cannot be read by an attacker
  • Avoid accessing/inputting personal information like emails, banking details, financial information for online shopping, and government identification like your Social Insurance Number (SIN).
  • Turn-off functions that provide seamless access to your devices like Bluetooth, auto-joining wifi connections, Airdrop, or other file sharing services
  • Look for signs that you are connected to a malicious signal like being told you have connected to your “home” network when you are clearly using a public network
  • Ensure the connect/acceptance pages are using a valid SSL certificate that is not expired or self-signed

The best way for keeping your information safe while using public Wi-Fi connections is to use a Virtual Private Network (VPN). A VPN encrypts data traveling to and from your devices through a secure server. This encryption obscures your activities to whomever setup the network and those people also using the public Wi-Fi.

We hope these tips help you understand the risks of using public Wi-Fi, and provide a strategy for connecting safely should the need arise. During the next issue, we’ll be digging even deeper into the world of cybersecurity, where we’ll cover topics like password and email security!

If you enjoyed this article, or would like to learn more about how to protect your devices, please visit our website www.onepiece-it.com, or contact us for a free consultation at 403.775.1761.