The Wi-Fi revolution has given us all freedom of movement, allowing everyone with a laptop or a smartphone to jump on a public network and instantly access any type of web page, from banking, through to shopping sites. Many of us never really consider that there could be any risks involved in using public Wi-Fi networks – someone must have thought of that and dealt with it right? Well, unfortunately, thanks to the ongoing ingenuity of the cyber criminal and continual advancement in technology, there are some significant potential security risks to using these kinds of networks that most users just don’t understand.
The main risks to security come from bogus Wi-Fi gateways that are offered in all the usual locations – airports, coffeeshops etc – and are designed to look like the genuine article. Logging on to these gateways allows information such as passwords and usernames to be harvested, emails hacked and even facilitates identity fraud, often without any of this information having to be physically inputted into a web page thanks to the open flow of data.
The most frightening part of it is that, as proven in a test conducted by the Guardian newspaper in 2011, some of the fake Wi-Fi gateways are credible enough that the new generation of smart phones will automatically log on – for example, convincing an O2 iPhone to automatically connect to what it thinks is BT Openzone Wi-Fi, a benefit that is part of the O2 user’s free internet package. Once the gateway is open there is a free flow of information that can be used to commit all kinds of fraud.
Threats from public Wi-Fi networks are often very difficult to detect, as all it takes is for a fraudster to take a tiny mobile router to a public place and name it ‘BT Openzone’ and people will see the name and try to connect to it. Often a user won’t even know they have been hacked until it’s too late.
Recommendations for avoiding these kinds of risks include turning off Wi-Fi connectivity on a smart phone or laptop before you leave the house to avoid automatic connecting, only using those networks that require a password that you already have, or sticking to 3G which although more expensive is considered to be more secure. If you are going to connect to a paid for network then read the small print particularly carefully as there are often clues there that you are not connecting to a genuine network – during the 2011 Guardian study, for example, a fake test ‘pay for’ WiFi gateway included the wording ‘you agree we can do anything we like with your credit card details and personal logins’ in its log on pages – and a large number of people still logged on! As with many consumer situations these days, if it seems too good to be true, then it probably is.