Take a look around any coffee shop, airport, hotel or library, and you’ll quickly notice that Public WiFi hotpots have become the rule, not the exception. See all those people tapping away on their smart phone, tablet or laptop in a one-man/woman quest to check their email, pay their bills, tweet, update their status and so on? They’re your proof. In 2011, the number of WiFi hotspots reached 1.3 million worldwide. By 2015, WiFi users will be able to connect to 5.8 million hotspots, according to a report commissioned by the Wireless Broadband Alliance.
The fact is, if you use a laptop or any kind of WiFi-enabled mobile device away from home, it’s next to impossible to pass up the ease and convenience of connecting to a Public WiFi network every now and again. Unfortunately, not all hotspots are safe for you to do so. As the number of hotspots grows exponentially, so do the security risks for their users. The reason is simple: Because WiFi signals are radio waves, anyone within range of a public WiFi network can listen in on what users are sending and receiving. Unlike home WiFi networks, the vast majority of public WiFi hotspots don’t encrypt the data being transmitted through them. Therefore, when you connect to a hotspot, everything from your email and your bank account and credit card information to your social media content may be fair game for hackers. The 2013 Identity Fraud Report released by Javelin Strategy & Research found that the number of identity fraud victims increased to 12.6 million consumers last year – hitting more than one out of every 20 U.S. consumers. According to the report, smartphone and tablet users were constant targets of cyber criminals using malware and phishing exploits and compromising unsecured WiFi connections to steal users’ sensitive information.
How Hotspot Hackers Steal Your Identity and Your Credit
Sniffer software. Allows a hacker to monitor the traffic traveling to and from a computer that’s connected to a public network. This is the most basic kind of attack and can eavesdrop on emails and chats, capturing log-ins and personal or financial information. A hotspot user will never suspect their information has been compromised.
Address Resolution Protocolor ARP Spoofing. This method redirects the network traffic to the hacker, modifying it or blocking it altogether without being detected. ARP spoofing is often used to open the door for other kinds of attacks such as sidejacking.
Sidejackingor session hijacking.This happens when a hacker sniffs a hotspot user’s Web session. That information is used it to clone the user’s account, allowing the hacker to do anything the user can do while logged into a website. Sidejacking typically happens when users type in their user names and passwords when connecting to a website not properly protected by https
Evil Twinor WiPhishing. Evil Twins are designed to look like real hotspots. But when users log in to them, they unknowingly expose their passwords and other sensitive information to hackers. Evil Twins can be launched from laptop at a hotspot or from as far as 300 feet away. Warnings signs that hotspot users should watch for are unusual variations in the lettering, logo or wording of legitimate hotspots. Once an Evil Twin gains access to your computer, it can launch a
Man-in-the-Middle Attack which allows it to eavesdrop on Internet traffic and capture passwords and account and payment information. More sophisticated Evil Twins can even control which websites appear.
Ad hoc or peer-to-peer network. Another sign you could be in for trouble: Two little computer symbols that appear when you’re trying to connect to a wireless network. That means you’re connecting to someone else’s laptop – an ad hoc or peer-to-peer network, not a WiFi hotspot. Once you connect to a viral network like that, your shared files can be accessed by every other laptop connected to the network.
Rogue ad hoc networks. With names like “Free Public WiFi,” these networks can turn up wherever there are public WiFi hotspots and can be used to trick unsuspecting WiFi users into connecting to them. Not all ad hoc networks are created by hackers. But it’s impossible to distinguish the real ones from the fakes. So to be safe, you should steer clear of them all.
WiFi users whose laptops were hacked at airport, hotel and coffee house hotspots have filed complaints with the Federal Trade Commission and the Better Business Bureau. Here’s what you can do to protect your sensitive information at WiFi hotspots:
Don’t Get Hacked at a Hotspot
- Before you log in to any hotspot, make sure your firewall is turned on, and your virus and malware protection is up to date. After you log out of a hotspot, it’s a good idea to scan your laptop or mobile device for virusesand malware.
- Use unique passwords for every website, composed of at least 12 upper and lower case letters, numbers and symbols. Never store passwords on your laptop or mobile devices.
- Check with the hotspot vendor to ensure the network you’re connecting to is the real one, not a fake designed to steal your personal information. Some rogue networks have names that closely resemble those of real hotspots. So make sure to check the spelling.
- Adjust your laptop and mobile devices to disable any settings that automatically connect to any available network. This will prevent you from connecting to those rogue ad hoc or peer-to-peer networks which could expose your personal information
- Before you log into a hotspot, turn off file and printer sharing features so that others on the same network won’t be able to access your personal information.
- Only use websites that are encrypted – ones that begin with https, not http, and display a security icon such as a padlock. This will protect any confidential information you exchange with those sites at hotspots.
The Only Way to Be Safer Is to Be Invisible at WiFi Hotspots
But it’s important to remember that an encrypted website only protects the information sent to and from that site, not all the information you send over a public wireless network. The best way to protect all your information from hotspot hackers, every time you connect, is to use a Virtual Private Network. VPNs encrypt all the data travelling to and from your laptop and other mobile devices by sending it through a secure tunnel that’s invisible to hackers. That’s why the Federal Trade Commission recommends using a VPN when you connect to public WiFi networks in their article Tips for Using Public Wi-Fi Networks.
Unfortunately, survey after survey shows that most WiFi users aren’t protecting their information at public hotspots. A 2012 survey conducted by the Identity Theft Resource Center with PRIVATE WiFi found that 24% of respondents said they made purchases in a public hotspot while 57% admitted to accessing confidential work-related information. Yet only 27% of those polled said they used a VPN to protect their data. And 44% said they weren’t even aware that there was a way to protect their sensitive information when using a public hotspot.
Remember, WiFi hotspots are public wireless networks. Whether they’re free or paid hotspots, that means there’s no privacy. Anyone can join and listen in to what’s going on. That makes you totally responsible for protecting your wireless security. The 2013 Javelin Identity Fraud Report found that tablet users were 80% more likely than other consumers to be victims of ID fraud. Every time you use a hotspot for online banking or shopping or checking your email, a hacker could be sitting right next to you drinking a cup of coffee. Or he could be waiting to catch the same plane as you at the airport. Or staying in a hotel room down the hall. And you’ll never know he’s stealing your confidential information – until it’s too late.
Free WiFi hotspots are a great resource for work and for play. But if you don’t protect your personal information when you’re using them, they could end up costing you a bundle. Every three seconds, someone in the U.S. becomes a victim of identity fraud. So the next time you’re about to use a WiFi hotspot, you may want to take the necessary precautions before you connect.
2 thoughts on “Why Public WiFi Hotspots Are Trouble Spots for Users”
Privacy issues with public wifi? LOL what about privacy issues with the internet connections that you pay for in your real name using your real address and phone number? You are in 90000 times the danger of EVERYTHING you do on the web being tracked, hacked, traced, compiled, studied, analyzed, scrutinized, and picked apart searching for anything that can incriminate you. Think WEP protects you? There is no security you can put on your home or business wifi that can keep any hacker that has studied youtube hack vids for more than an hour from SILENTLY watching everything you do.
Want to be safe online? Then don’t give out real information about who you are and where you live. Never use credit cards in your real name. Get a gift card if you want to buy something online. Anonymity IS SECURITY.
Never pay for an ISP in your real name and address. It will be used to prosecute you for listening to music or watching tv or whatever else they entrap you with by making it easily available. Or worse it will be used by a psycho stalker to hunt you down and murder you while you and your family sleeps in bed.
Yes you PAY people every month to spy on you so they can take from you when and if you get rich. (cell phones anyone). Your owners are smart.
Be smarter and use public wifi.
The ONLY way to surf the web privately is through someone else’s WIFI, but be aware everything you do is still cataloged by your NIC card which all have built in MAC addresses now. That is why they make a 2$ piece of hardware cost 30$-90$ so it is a nuisance for you to buy many of them. So buy them used, trade them frequently.
My identity was stolen 6 years ago because i did not know these things. It is a red nightmare. NEVER SAY WHO YOU REALLY ARE ONLINE OR ANYWHERE. TRUST NO BUSINESS. TRUST NO ONE. The world is FULL of thieves. Even the grocery store sells you out by your ‘rewards’ cards. There is no privacy anymore. Not even in your house. So put on a good show for all the cameras because you are a star.
Learn from politicians and lie.
Lie a lot.
Not even the President uses his real name…
And lets get another thing straight. Your computer, if connected to the internet, can, and is being actively hacked by several professionals who’s jobs around the world are to do just that. Amateurs, criminals, and hobbyists’ also hack all your naked photos too. You cannot stop them the system is designed to make your (you the average (considered dumb useless eater)) computer their property. Read a user agreement really good, especially Microsoft’s.
You can encrypt your data all day it will not help. If you think a technology like encryption would be available to ANYONE in the general public without an EASY way to unencrypt them, then you are entirely naive as to how governments function. Encryption is like a lock on your front door. It won’t stop the fact that your door was designed to open INWARDS to your home so it can easily be kicked in even if locked. Then shotguns placed to your and your families heads before you have time to even set your drink down let alone grab the pistol you keep to defend yourself that is just 6 feet away from you.
It does not matter what security you use on your wifi, or your computer. It matters what data you keep and send and receive with it. And who’s name is it in.
Everyone should set their routers to make their internet connections free open and shared and everyone should use an alias online (legal to do, ask any celebrity). Then it gets real hard to hold you accountable for any made up crimes they can think of while you use, learn, and grow, from the greatest library ever made. The Internet. It also makes thieves, criminals, corruption, etc. have a harder time owning you all like cattle.
You want security online? be anonymous (not the government trained and funded group Anonymous designed to scare you all away from the one thing that can save you, anonymity) just be anonymous. In everything you do. Or at least take some lessons from Batman and have the common sense to keep your multiple identities separate from each other.
Free speech = evolution