The Dangers of Using Unsecured Wi-Fi

finjanmobileBlog, Mobile Security

Unsecured Wi-Fi

Mention the words “public Wi-Fi”, and one of two things will probably happen – possibly, both.

One: There’ll be a mad stampede of any mobile device users in the area to log in and pig out on the toll-free internet access.

And, two: There’ll be a collective groan and shaking of heads, as any security professionals in the area contemplate all the damage that’s potentially about to occur.

We’re continually being warned in the technology press, about the dangers of using public, unsecured Wi-Fi. But how bad is it, really? In this article, we’ll be considering just that.

With Unsecured Wi-Fi, the Keyword is “Unsecured”

In and of itself, a wireless access point (WAP) or wireless network connection isn’t inherently dangerous. It becomes so if it’s unsecured – allowing the movement of data across its airwaves without any form of encryption or security protection.

Formally speaking, Wi-Fi hotspots are considered to be “secured” if access to them requires users to input a password that conforms to the WPA or WPA2 standards for security codes. Networks unsecured due to the absence of strong password validation procedures and encrypted data connections are just the first of the dangers lurking for the unsuspecting user.

Unsecured Wi-Fi and the Danger of Ignorance

According to a survey of 1,025 people conducted by Symantec in May 2016, of the 60% of American consumers who believe that their information is safe when using public Wi-Fi, only 50% believe that they bear any personal responsibility for ensuring that their data is secure. 17% of those surveyed believe that individual websites are responsible for making sure that visitor data is secure, while the same percentage think that this duty falls to the Wi-Fi network provider.

With these alarming statistics in mind, it’s little wonder that the public at large still fall victim to the many ruses and ploys that hackers and cyber-criminals have at their disposal on unsecured public – and even private – wireless networks.

Are You and Your Family Protected When You Are On Public Wi-fi?
Get InvinciBull™ now to get unlimited safe-browsing for all of your devices now!

Beware Wi-Fi Honeypots

Take the time to ask staff or management at the location of your hotspot (airport, hotel, food court, etc.) some vital questions:

  • What’s the exact name of the network?
  • What’s the procedure for logging in?
  • Anything else that visitors should know about?

Otherwise, you run the risk of being victimized by cyber-criminals who may have set up a fake wireless access point, or Wi-Fi “honeypot” to trap unsuspecting visitors at that location.

The fake hotspot may look just like what you’d expect – down to the name and logo of the establishment. But the Wi-Fi network is one owned and operated by hackers or cyber-criminals. And logging into it through a lack of due diligence could expose you to any number of dangers they might impose.

Intercepting Your Login Credentials

Even if the hotspot you’re using isn’t a spoof but is just simply unsecured, hackers nearby can eavesdrop on your connection to gather useful information from your activities. Data transmitted in an unencrypted form (i.e., as plain text) may be intercepted and read by hackers with the correct knowledge and equipment. This includes data from any services which require a login protocol.

With the 2016 survey suggesting that 58% of public Wi-Fi users typically log into a personal email account, 56% access social media, and around 22% actually ignore all conventional wisdom and visit banking or financial websites, that’s a lot of login credentials, ripe for the picking. And cyber-criminals can use captured login information directly, to gain access to your personal accounts, or indirectly (selling credentials on to third parties, wider scale identity theft, etc.).

Interception of Data In General

Clear text transmission of data over unsecured Wi-Fi channels leaves other kinds of information open to interception, modification, and theft. This would include corporate data, intellectual property, images, media files, and the content of unencrypted email or instant messages.

Spreading Infections

Having a captive audience of unprotected users linked to the same network enables cyber-criminals to quite easily distribute malicious software such as malware and viruses.

It’s a great way for them to lay the groundwork for a botnet of devices prior to staging a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack on a targeted website or network. Being able to relay a malicious package to several victims in one sitting is also a fine opportunity for the distribution of ransomware.

Stealing Your Bandwidth

Users and administrators of unsecured corporate wireless networks may rest complacently in the mistaken belief that they’re safe from the attentions of malicious outsiders. But the truth of the matter is that anyone who gains knowledge of an unsecured private/corporate Wi-Fi network’s existence (and is close enough to connect) may “piggyback” on the hotspot for their own purposes.

At a basic level, this may just be for personal gain, with unwanted visitors capitalizing on the free bandwidth. On a more sinister level, multiple sign-ons from unauthorized visitors could potentially overload the system by exceeding bandwidth limitations or the capabilities of network hardware, in a form of DoS attack.

Using Your Network for Illegal Purposes

By the same token, intruders gaining access to unsecured Wi-Fi may use the network’s bandwidth and resources for transactions and processes that may not damage the network of themselves but could have legal repercussions for the network hosts.

For example, the use of a network for the transmission of hate speech, illicit materials such as child pornography, or the movement of stolen documents and intellectual property could be going on without the knowledge or endorsement of the network administrators – but if the practices come to light, it’s the Wi-Fi providers who could end up paying the consequences.

Though clearly, the dangers of using unsecured Wi-Fi are many, there are some measures that users can take to ensure their safety.

Managed Privacy

Keeping in mind that identity theft is one of the prime movers for Wi-Fi hacking, take steps to broadcast as little information about yourself and your resources, as possible.

Check the privacy settings on your device, and turn off any file sharing features that could give cyber-criminals free access to your public folders. You should restrict the kinds of information you keep in such folders, in any case.

Restricting Device Transmissions

Beyond turning off file sharing, you should make sure that any “Network Discovery” type settings on your device are turned off. Typically used for identifying compatible printers nearby, these settings also allow any devices (including those of snoops and hackers) on the network to locate yours.

Using Secure Connections

Set your browsing preferences to access websites that use secure transmission protocols like SSL (Secure Sockets Layer) and TLS (Transport Layer Security). These are the sites that display an https:// prefix before the web address, and a locked padlock symbol on your browser or app window.

There are options that may be set on a site by site basis (look out for Facebook, as sessions may start with HTTPS but switch to open transmission unless you specify Secure Browsing in your security options). There are also dedicated browser extensions (“HTTPS Everywhere”, and the like) that attempt to force a secure web connection with every site, even if this isn’t their default option.

Virtual Private Networks (VPNs)

A Virtual Private Network (VPN) service or app is the centerpiece of your defenses against unsecured Wi-Fi. A VPN imposes strong encryption on all data moving to and from your device during each session – so even if a hacker were to intercept your connection, they’d be hard pressed to decrypt any data they find, and much more likely to discard it in favor of easier pickings from unprotected users.

Security Barriers

Finally, the age-old wisdom of having a well-configured firewall (corporate or personal) filtering transmissions to and from the network, and an up to date suite of security software (anti-malware, anti-keylogger, etc.) still holds.

With free public Wi-Fi access now a common feature at a range of gathering places – and Wi-Fi networks providing a boost to cellphone coverage in many problem areas – the dangers of unsecured wireless connections will continue to be a concern. But knowing the risks and the steps you can take to eliminate them will help you negotiate safe passage through any hotspot.

Secure All of Your Devices for One Low Monthly Fee!
Get InvinciBull™ now!

Share this Post