The fact is, if you use a laptop or any kind of WiFi-enabled mobile device away from home, it's next to impossible to pass up the ease and convenience of connecting to a Public WiFi network every now and again. Unfortunately, not all hotspots are safe for you to do so. As the number of hotspots grows exponentially, so do the security risks for their users. The reason is simple: Because WiFi signals are radio waves, anyone within range of a public WiFi network can listen in on what users are sending and receiving. Unlike home WiFi networks, the vast majority of public WiFi hotspots don't encrypt the data being transmitted through them. Therefore, when you connect to a hotspot, everything from your email and your bank account and credit card information to your social media content may be fair game for hackers. The 2013 Identity Fraud Report released by Javelin Strategy & Research found that the number of identity fraud victims increased to 12.6 million consumers last year – hitting more than one out of every 20 U.S. consumers. According to the report, smartphone and tablet users were constant targets of cyber criminals using malware and phishing exploits and compromising unsecured WiFi connections to steal users' sensitive information.
How Hotspot Hackers Steal Your Identity and Your Credit
Sniffer software. Allows a hacker to monitor the traffic traveling to and from a computer that's connected to a public network. This is the most basic kind of attack and can eavesdrop on emails and chats, capturing log-ins and personal or financial information. A hotspot user will never suspect their information has been compromised.
Address Resolution Protocolor ARP Spoofing. This method redirects the network traffic to the hacker, modifying it or blocking it altogether without being detected. ARP spoofing is often used to open the door for other kinds of attacks such as sidejacking.
Sidejackingor session hijacking.This happens when a hacker sniffs a hotspot user's Web session. That information is used it to clone the user's account, allowing the hacker to do anything the user can do while logged into a website. Sidejacking typically happens when users type in their user names and passwords when connecting to a website not properly protected by https
Evil Twinor WiPhishing. Evil Twins are designed to look like real hotspots. But when users log in to them, they unknowingly expose their passwords and other sensitive information to hackers. Evil Twins can be launched from laptop at a hotspot or from as far as 300 feet away. Warnings signs that hotspot users should watch for are unusual variations in the lettering, logo or wording of legitimate hotspots. Once an Evil Twin gains access to your computer, it can launch a
Man-in-the-Middle Attack which allows it to eavesdrop on Internet traffic and capture passwords and account and payment information. More sophisticated Evil Twins can even control which websites appear.
Ad hoc or peer-to-peer network. Another sign you could be in for trouble: Two little computer symbols that appear when you're trying to connect to a wireless network. That means you're connecting to someone else's laptop – an ad hoc or peer-to-peer network, not a WiFi hotspot. Once you connect to a viral network like that, your shared files can be accessed by every other laptop connected to the network.
Rogue ad hoc networks. With names like "Free Public WiFi," these networks can turn up wherever there are public WiFi hotspots and can be used to trick unsuspecting WiFi users into connecting to them. Not all ad hoc networks are created by hackers. But it's impossible to distinguish the real ones from the fakes. So to be safe, you should steer clear of them all.
WiFi users whose laptops were hacked at airport, hotel and coffee house hotspots have filed complaints with the Federal Trade Commission and the Better Business Bureau. Here's what you can do to protect your sensitive information at WiFi hotspots:
Don't Get Hacked at a Hotspot
- Before you log in to any hotspot, make sure your firewall is turned on, and your virus and malware protection is up to date. After you log out of a hotspot, it's a good idea to scan your laptop or mobile device for viruses and malware.
- Use unique passwords for every website, composed of at least 12 upper and lower case letters, numbers and symbols. Never store passwords on your laptop or mobile devices.
- Check with the hotspot vendor to ensure the network you're connecting to is the real one, not a fake designed to steal your personal information. Some rogue networks have names that closely resemble those of real hotspots. So make sure to check the spelling.
- Adjust your laptop and mobile devices to disable any settings that automatically connect to any available network. This will prevent you from connecting to those rogue ad hoc or peer-to-peer networks which could expose your personal information
- Before you log into a hotspot, turn off file and printer sharing features so that others on the same network won't be able to access your personal information.
- Only use websites that are encrypted – ones that begin with https, not http, and display a security icon such as a padlock. This will protect any confidential information you exchange with those sites at hotspots.
The Only Way to Be Safer Is to Be Invisible at WiFi Hotspots
But it's important to remember that an encrypted website only protects the information sent to and from that site, not all the information you send over a public wireless network. The best way to protect all your information from hotspot hackers, every time you connect, is to use a Virtual Private Network. VPNs encrypt all the data travelling to and from your laptop and other mobile devices by sending it through a secure tunnel that's invisible to hackers. That's why the Federal Trade Commission recommends using a VPN when you connect to public WiFi networks in their article Tips for Using Public Wi-Fi Networks.
Unfortunately, survey after survey shows that most WiFi users aren't protecting their information at public hotspots. A 2012 survey conducted by the Identity Theft Resource Center with PRIVATE WiFi found that 24% of respondents said they made purchases in a public hotspot while 57% admitted to accessing confidential work-related information. Yet only 27% of those polled said they used a VPN to protect their data. And 44% said they weren't even aware that there was a way to protect their sensitive information when using a public hotspot.
Remember, WiFi hotspots are public wireless networks. Whether they're free or paid hotspots, that means there's no privacy. Anyone can join and listen in to what's going on. That makes you totally responsible for protecting your wireless security. The 2013 Javelin Identity Fraud Report found that tablet users were 80% more likely than other consumers to be victims of ID fraud. Every time you use a hotspot for online banking or shopping or checking your email, a hacker could be sitting right next to you drinking a cup of coffee. Or he could be waiting to catch the same plane as you at the airport. Or staying in a hotel room down the hall. And you'll never know he's stealing your confidential information – until it's too late.
Free WiFi hotspots are a great resource for work and for play. But if you don't protect your personal information when you're using them, they could end up costing you a bundle. Every three seconds, someone in the U.S. becomes a victim of identity fraud. So the next time you're about to use a WiFi hotspot, you may want to take the necessary precautions before you connect.
Kent Lawson is President and CEO at Private Communications Corporation. He combined his extensive business and technical experience to develop Private WiFi in 2010. The software protects Internet communication over public WiFi and LAN networks and is available to those working in places like coffee shops, hotels, airports, and beyond.