Sometimes, we find ourselves in a situation where we urgently need an internet connection, but we are not at home or at work. We might want to do some online tasks, such as checking our email, browsing social media, or streaming our favorite show. However, what if the only available option is a public Wi-Fi network that we are not familiar with? How can we use it safely without exposing our privacy and security?
This is a dilemma that many people face, even those who are experts in cybersecurity. Case in point, Blackhat, the world’s largest hacker conference held annually in Las Vegas, brings together thousands of cybersecurity professionals from all over the world. They attend the conference to learn about the latest cyberthreats and solutions. But even these skilled professionals can fall victim to the hazards of public Wi-Fi.
The event organizers have a playful way of exposing this vulnerability. They monitor the network traffic and display the names of those who have been tricked by a fake or compromised Wi-Fi hotspot. This is the notorious “Wall of Sheep.”
The Wall of Sheep showcases the unfortunate consequences of network security negligence. The people on this wall are not willing participants, but careless attendees whose private data was captured and revealed to everyone.
These stories should serve as a stark warning to anyone who is concerned about the potential pitfalls of using public Wi-Fi. Even the most experienced cybersecurity professionals can be vulnerable to unsecured networks.
Real-life examples of hackers’ victims at Blackhat
You may wonder what the big deal is about ending up on the Wall of Sheep, but it can be far worse. Some of the horror stories include:
The hotel hotspot trap
One attendee checked into a nearby hotel during Blackhat week and decided to catch up on work using the hotel’s open Wi-Fi network. Unbeknownst to them, a hacker had set up a rogue hotspot, mirroring the hotel’s official network. The hacker intercepted the attendee’s login credentials and gained access to sensitive work emails and confidential documents.
The overconfident developer
A seasoned developer known for his coding skills headed to Blackhat thinking he was invincible. He ignored warnings and connected to a rogue network named “SecureConferenceWiFi.” Confident in his skills, he used the same weak password for all his accounts. Little did he know that his email and social media accounts were compromised. This turned out to be an embarrassing leak of sensitive project data and personal conversations.
The crypto investor’s nightmare
There was also a crypto investor who attended to participate in discussions about blockchain technology. During the conference, he went to access his online wallet and entered his passphrase on an unsecured network. Within minutes, a hacker intercepted his credentials and emptied his wallet, leaving him penniless and devastated.
You become sitting prey the moment you connect to a typical public Wi-Fi hotspot
Unless you’re using a VPN service, even locked or secured public Wi-Fi networks are not completely safe. Public Wi-Fi hotspots are usually free or secured Wi-Fi networks available in public spaces like shopping malls, libraries, coffee shops, airports and hotels, to name a few.
Scam hotspots are historically easily identified by generic names like “Free Wifi” to lure people to connect to their networks. Cybercriminals have gotten savvier by using similar names of popular legitimate hotspots. If you aren’t paying close attention, you will be the next victim.
Preventative tactics for avoiding bad public Wi-Fi hotspots
- Most public Wi-Fi hotspots in the US don’t require payment information, so that’s a red flag that a hacker might be trying to steal personal and financial information from you.
- Regardless of how it is named, most closed networks have a lock symbol indicating a Wi-Fi network that is more secure with the password available for patrons or provided by the establishment.
- Usually, legitimate public networks have a prompt that shows up in your browser that asks you to agree to terms and conditions of use while on their network too.
- Pay attention to the website address you’re going to:
Most websites, especially those with sensitive data, usually employ their own encryption techniques, so they will likely have HTTPS in the web address so you can always check your URL before logging in.For example: HTTPS://www.paypal.com not HTTP://www.paypal.com. Sometimes browsers autofill commonly visited sites, but you can then click on the web address bar at the top or bottom of your browser and read how the URL is actually showing up once you are directed there.
Pay attention to the spelling of the website – there can be similar sites made to look like official sites. Could be ‘bannkofamerica’ instead of ‘bankofamerica.com’
- Most websites, especially those with sensitive data, usually employ their own encryption techniques, so they will likely have HTTPS in the web address so you can always check your URL before logging in.For example: HTTPS://www.paypal.com not HTTP://www.paypal.com. Sometimes browsers autofill commonly visited sites, but you can then click on the web address bar at the top or bottom of your browser and read how the URL is actually showing up once you are directed there.
- For example: HTTPS://www.paypal.com not HTTP://www.paypal.com. Sometimes browsers autofill commonly visited sites, but you can then click on the web address bar at the top or bottom of your browser and read how the URL is actually showing up once you are directed there.
- Pay attention to the spelling of the website – there can be similar sites made to look like official sites. Could be ‘bannkofamerica’ instead of ‘bankofamerica.com’
Of course, you don’t have control over every scenario, and maybe using a public Wi-Fi hotspot is your last but necessary resort, especially while traveling. With a secure VPN service, you connect to a public Wi-Fi network without much worry. See my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices.
5 common attacks on people using public Wi-Fi
1) ‘Evil twin’ attacks
Imagine being at your favorite coffee shop and connecting to what appears to be their free Wi-Fi network. When you begin to browse the web, you are completely unaware that you’ve fallen victim to an “evil twin attack” as hackers have set up a malicious hotspot with the same name as a legitimate network. The attacker is now able to intercept data, steal your login credentials, and launch further attacks.
When you use a VPN service, it establishes a level of encryption between the end-user and a website regardless of what network you join, so any intercepted data cannot be read by the hacker without a correct decryption key.
2) ‘Man-in-the-middle’ attacks (MITM)
“Man-in-the-middle” attackers position themselves between your device and the intended server. Unbeknownst to you, this allows them to intercept all data traffic, including every email, chat message, or login attempt. Your sensitive data, private conversations, and financial transactions are now all available to them.
Because VPN services encrypt your data, even if hackers intercept your data, it isn’t accessible to them. VPN services work both for your personal computer and mobile devices, which means the protection of a VPN service can travel anywhere you go.
3) The ‘packet sniffing’ hack (Software reads your data)
Whenever you connect to any network, your devices send data packets that can be read by free software, such as Wireshark. When you’re on an unencrypted network, hackers can use free software, such as Wireshark, to read those data packets. Ironically, with such software, you can analyze web traffic to find security problems and vulnerabilities that need to be fixed or exploited.
Even though hackers can still see that there are data packets being sent, if you’re using a VPN, your data is traveling through a secure and encrypted tunnel, protecting against exposure and use by hackers. Because your data is encrypted, it renders your information virtually useless to hackers. And because they can see that you’re connecting via a VPN service, hackers can see that you would be harder to hack.
4) The ‘sidejacking’ hack
When a hacker employs the sidejacking technique, they essentially take the information gleaned from packet sniffing to be used in real-time, usually on-location, to exploit its victim. Once intercepted, the data is then used to gain access to the original destination website or app.
The hacker uses packet sniffing to read network traffic and ‘steal cookies.’ Cookies are files that a website stores on your mobile phone, tablet, or computer as you browse the web. Cookies store a variety of information, from language preferences to personal data such as name, physical address, or email address.
This allows websites to customize your experience. Once hackers find nonsecure socket layer cookies (just HTTP:// not HTTPS://), the information sent to the website or app by you is then captured. This allows the hacker to use what is captured to exploit private information and gain access to this and other sites.
Hackers scan web traffic to spot unencrypted or exploitable encrypted data, so having a secure VPN service most likely takes your data ‘out of the running’ for most hackers as they can see it is encrypted. And even if they do try, information going from and to your device is encrypted, so they will likely be unable to access the information itself.
5) Malware infection
Public Wi-Fi networks are often secured poorly or entirely unsecured. This allows cybercriminals the ability to infect your device with various forms of malicious software, including spyware and ransomware. Once infected, your data is at risk of theft or encryption. Your device can also be turned into a puppet for remote control.
If you forget to turn on your VPN service while out and about, you might panic at the thought of all the potential compromises outlined above. If, however, you’re running an antivirus program in the background of your device, you’d still be protected should a hacker infiltrate your device. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links, which may install malware on your devices and allow hackers to gain access to your personal information. Find my review of Best Antivirus Protection here.
Kurt’s key takeaways
Understanding the risks and taking precautions while using public Wi-Fi can protect you and your data. Keep in mind that using your cell phone and its data network should be your preference if a login is required or if you will be sharing personal or financial data. Remember that unless you are in Las Vegas at Blackhat, you won’t find yourself on a “Wall of Sheep,” but it could be something much worse.
Have you ever encountered a risky situation while using public Wi-Fi? If so, how did you handle it? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.