Using Public Wi-Fi Safely
When most of us think of ‘Public Wi-Fi’ we tend to think of the coffee shop down the road or in public venues such as stadia or event facilities, but airports, hospitals, and even hotels also fall under the banner of Public Wi-Fi and should be treated accordingly. In fact, anything other than your home network or your corporate network should be viewed as a public Wi-Fi system.
Why is Public Wi-Fi Insecure?
Wi-Fi hotspots are very convenient for internet users who want to connect while on the go. You often do not need to enter any sort of verification before accessing the Wi-Fi network, or the password is publicly posted for all to see, meaning you can simply walk into the area of a network and get Wi-Fi almost right away. However, when people log in to a public Wi-Fi hotspot, they become soft targets for hackers.
Along with legitimate users, a hacker can also get into the network without providing any authentication. Once logged in, the hacker only has to find a way to get access to your device, either by being between you and the Wi-Fi access point, or even by compromising devices within the public Wi-Fi infrastructure.
Regardless of the type of access point a café, restaurant, airport, or other hotspot provider uses, there is nothing in place to keep hackers from logging in and trying to access your information.
Once a hacker is able to get access to your device traffic, they can observe and record everything that transpires between your computer and the internet. Because this happens quickly and your connection to the internet is maintained, it can be hard to know when you are being hacked.
Now that the hacker has access to all your data, they can then collect whatever information they want and use it to their advantage. This includes logins and passwords for everything from your email accounts to your company’s internal server. They can also snatch credit card information and bank login credentials. Once they have that information, they can then log in whenever they like while pretending to be you.
In addition, hackers can use an unsecured, public Wi-Fi hotspot to put malware on your device, as well as distribute it to others. This can be done by putting malware on your computer while you are connected to the network or even by hacking the hotspot itself, causing it to install a pop-up on your device when you connect. After you click on the pop-up, malware is installed on your computer, tablet, or phone.
Major Threats on Any Wi-Fi Network
Hackers use different methods to gain access to your data while you are logged in to public Wi-Fi. Here are some of their favorite techniques.
1. Man-in-the-Middle (MTM) Attacks)
With a MITM attack, the hacker can intercept your information while you are connected to the network. As you try to access a certain website, the hacker can do several things to compromise your security:
- Show you fake websites: The hacker could use a fraudulent website to get you to enter personal information. For example, they could make it look like you need to present information before you can proceed to use the internet. In many cases, a user will enter a password they have used on several other accounts, such as their email logins or trading accounts. The hacker can then collect that information and use it to try to gain access to the target’s digital life.
- Collect your passwords: Even if you only log in to a site or email service that a hacker is not interested in, if you use that same password—or a very similar one—on other sites, you may accidentally make it easy for the attacker to impersonate you on sites that are far more valuable to them.
- Access your data: In some cases, a user may transmit sensitive personal information through the internet. In other situations, you may have to send proprietary information your company wants to keep secure. A hacker can use a MITM attack to intercept this data.
2. Packet-sniffing Software
As data travels through a network, it is organized in packets. Packet-sniffing software is able to intercept data packets and collect them. A hacker with packet-sniffing software can therefore sit in a public Wi-Fi area and wait for people to transmit data from their computers. All the while, the packet-sniffing program collects data.
The hacker then either transmits the data to their own server so a partner can access it or they leave and examine the data at home. They can then take their time to find login information and personal data they can use to hack into your online life.
3. Session Hijacking (Sidejacking)
Session hijacking, also known as sidejacking, involves using cookies, which are data files your browser saves on your device, to gain access to sensitive information. As you use the internet, your browser saves information in the form of cookies. This often includes login credentials so when you go to a website you have used before, you do not have to enter the same login information every time. A hacker can use session hijacking to gain access to your cookies and find your login credentials.
4. Malicious Hotspots
An attacker can set up a malicious hotspot that looks like a legitimate one. They may even give it a real-sounding name like “Free Wi-Fi.” Once you log in, the hacker can access all data you send and receive.
Using a VPN
Every time you use a virtual private network (VPN), your device forms a connection with the servers provided by the VPN service. At this point, all your internet traffic has to go through this VPN connection. To understand what is VPN, it helps to comprehend the mechanism VPN uses to keep your data safe.
While you are connected, the VPN encrypts the data moving to and from your device. This creates a tunnel that is shielded from the rest of the internet and potential attackers. To access this “tunnel,” a user would have to connect to the VPN. Because the VPN facilitates the movement of all traffic, everything you do using the internet is protected from other users, attackers, and even your internet service provider (ISP).
The protection covers activities like sending and receiving emails, connecting to cloud-based services such as storage and applications, and viewing online content. Anytime you engage in business while connected to a Wi-Fi network, you can use a VPN to secure your connection.
Because the VPN encrypts data, even if a hacker gains access to your connection, they get nothing more than a mass of encrypted, unreadable information. Because it would take an immense amount of time and effort to decrypt the information, many hackers just move on to an easier target.
Does a VPN Protect You on a Public Wi-Fi?
VPN Wi-Fi protects your data using encryption. As the data goes from your computer to the VPN, the encryption makes it unreadable. If you are connected to a VPN Wi-Fi router and a hacker manages to get between you and the Wi-Fi hotspot, they will see text that does not make any sense. It may look something like “0SAlksdFH%&LKA,” where even the spaces between words and punctuation are changed to something else.
So even if you have an easy-to-guess password like “JohnSmith1988” (which is never a good idea), when you enter it as you log in, the VPN Wi-Fi changes it to something very different. It can even have a different number of characters, such as “$hzxneh%KJL45&/lkask68slkd.” The encryption makes your password impossible to read and even eliminates the opportunity for a hacker to ascertain the number of characters in it. Because most public Wi-Fi hotspot hackers are opportunists, they then move on to someone without a VPN public Wi-Fi connection.
It is important to make sure you use a VPN solution that is not easy to hack. Some attributes that help enhance security include:
- Strong encryption: The more difficult the encryption applied by the VPN, the more likely a hacker will be to either quit altogether or give up on you and move on to the next target.
- A no-log policy: Some VPNs collect the information sent through them. In itself, logging the information does not automatically expose it to hackers. However, without a no-log policy, hackers can target the data storehouse kept by the VPN service. In the unlikely event a hacker is able to gain access to the logs, your data could be exposed.
How Fortinet Can Help
Organizations can use crypto VPN firewalls from Fortinet to protect corporate data and assets when employees access them from public Wi-Fi hotspots. Built into FortiGate next-generation firewalls (NGFWs), crypto VPNs provide high IPsec VPN throughput and as many as 16,000 gateway-to-gateway tunnels with some models. This enables organizations to maintain consistent security policies regardless of where a user is located—without sacrificing network performance.