How Safe Are Public Wi-Fi Connections?
The same reasons that make public or free Wi-Fi hotspots desirable for many people are the same ones that make them desirable for attackers. Since no authentication is required to establish a network connection, it is easier for hackers to get unfettered access to unsecured devices on that network.
The greatest danger about public Wi-Fi security is the ability for attackers to position themselves between you and the connection point. What it means is that instead of connecting directly to the hotspot, you are sending your data to hackers, who then relay it on.
You may assume that because you entered a password to sign into a wireless network, you are entering a secure zone. This assumption is far from the truth. There is a lot more to Wi-Fi security than setting a password since it doesn’t encrypt your traffic and data. Putting in place enhanced security measures will go a long way in protecting the network.
A good rule of thumb is to assume that any traffic that isn’t encrypted can be accessed by hackers operating on the same network. In short, your sensitive information, such as passwords, credit card numbers, web browsing history, and emails could end up in the wrong hands.
Vulnerabilities in Open Networks
1. Unsecured Protocols
A significant number of Wi-Fi hotspots completely lack any form of encryption or password protection. Some of them use weak security protocols like WEP, which can be attacked within minutes, if you don’t add other security measures. Even those that use the more secure WPA2 protocol can still be compromised through the new KRACK attack.
2. Network Openness
The fact that public Wi-Fi is accessible to the masses makes it vulnerable to hacking. Most networks that lack password protection or with outdated security protocols are easily accessible. Evil minds can take advantage of the file-sharing and open port settings on your device to monitor your moves.
3. Malicious Network Owners
As you already know, network operators can see everything you do, while you are on their network. They can monitor the websites you visit, the communication you send, the file you share or download, and even the searches you make. Some may observe your moves for a good reason, but there are malicious network operators who might track your data for the wrong reasons.
4. Malware Distribution
Hackers can use unsecured Wi-Fi connections to distribute malware. So, if you allow file-sharing across a network, these criminals can easily plant infected software on your device. Some advanced hackers can even hack the connection point itself, triggering a pop-up window to appear during the connection process.
How to Secure Wi-Fi Networks?
Use a VPN
Given how easy for attackers to exploit Wi-Fi connections, using a VPN is obviously the right choice. Upon connecting to a VPN, all your data is sent through a secure tunnel, making it impossible to intercept. Using a VPN encrypts all your traffic, thus protecting your sensitive information, passwords, and session cookies from getting into the hands of strangers. Reputable VPNs usually employ the robust 256-bit AES encryption technology to protect all your connections to public Wi-Fi servers. This way, nobody will get hold of your credit card numbers, passwords, emails, photos, etc.
A VPN conceals your real IP address and replaces it with the one from its servers. So, third-parties like the government, your ISP, or hackers will find it hard to spy on you. They won’t be able to tell where your traffic is originating from, what you are up to online, and most importantly, your real identity. ISPs might know you are tunneling your traffic through a VPN, but they won’t be able to monitor what you are doing online.
Should You Use a VPN for All Your Wi-Fi Connections?
It would be ideal to use a VPN when connected to both public and private Wi-Fi networks. The thing with Wi-Fi, especially public Wi-Fi connections, is that you have no way of determining which networks are secure. Sure, you can avoid networks that have no password protection, but that is still not a guarantee that your information is protected.
Let’s face it. Even corporate networks aren’t completely safe. Not only can hackers infect them with viruses, but they can also crack them. What’s even more worrying is that some cybercriminals have gotten craftier in that they create their own fake public Wi-Fi hotspots. And as often the case, most people don’t take the time to scrutinize a network before connecting to it, thus exposing themselves to criminal attacks.
Even if you are connecting through the more secure WPA2 protocol, you are still vulnerable to attacks. According to Mathy Vanhoef, a security researcher at Belgian University KU Leuven, the wireless security protocol WPA2 has weaknesses. Hackers can use some novel attack techniques to access information that was previously assumed to be safely encrypted. Depending on the network settings, an attacker can also inject ransomware or manipulate data.
Vanhoef further emphasized that the attack can work against all modern protected Wi-Fi networks. The vulnerability, which he codenamed it as KRACK, affects all major platforms, including Windows, Android, Linux, macOS, iOS, and MediaTek, among others. The impact of the vulnerability includes TCP connection hijacking, decryption packet replay, and HTTP content injection, among others. That’s why it is better to connect to all Wi-Fi networks via a VPN.
Use a VPN, but You Should Also Take Other Precautions
While a VPN will keep hackers away from getting into your system, it might not do much against viruses and malware attacks. So, you should add a security layer on top of your VPN connection. To prevent viruses and malware from getting into your device, always use robust anti-virus or anti-malware software. By using a VPN together with such software, you are sure that no one will harm your data or devices.
Use Enterprise WPA2
Besides using a VPN to secure your Wi-Fi network, another safe way is deploying the enterprise mode of Wi-Fi security. This security mechanism authenticates each user individually. In other words, everyone has his or her own password and username. So, if an employee leaves the company or a device is stolen, all you have to do to secure the network is revoke or change that user’s log-ins.
Another advantage of using enterprise WPA2 with 802.1X authentication is that users have their own encryption key. This way, each user can only decrypt data for his or her own encryption. No one will snoop on anyone else’s wireless traffic.
To convert your APs into enterprise mode, you will need to set up a RADIUS server. While you may deploy a standalone RADIUS server, you might find it useful to check if your other servers already have this option.
Adjust the 802.1X Client Settings
Like most security technologies, the enterprise mode Wi-Fi security isn’t tamper-proof. Some of its known vulnerabilities include man-in-the-middle threats. An attacker can sit comfortably in the parking lot of a corporate office or an airport cafe to target unsuspecting users. If such a person set up a fake Wi-Fi network with the same SSID as the network they are trying to mimic, you could leak out your login credentials through the bogus RADIUS server when your device attempts to connect. The hacker could then use your login information to connect to the Wi-Fi network.
Fortunately, you can prevent such attacks with 802.1X authentication by enabling server verification on the client-side. In this setup, the client won’t relay your Wi-Fi login details to the RADIUS server. It only does so once it has verified it is communicating with a legit server.
Use SSL Connections
If it is impossible to have a VPN, you can still add a layer of protection to your online communication. An easier way to add a layer of encryption is to enable the ‘Always Use HTTPS’ option on your frequently visited websites. Also, do these on websites that require you to enter your credentials.
Hackers are clever to know that people often reuse passwords for their different online accounts. The password for your email address could be the same as the one for your bank account. So, sending these credentials in an unencrypted manner will likely get you into trouble. The good thing is that most websites that require credentials usually have the HTTPS option in their settings. Besides this, some browsers, such as Google Chrome alerts you when the site you are attempting to visit uses an unencrypted HTTP connection.
As you already know, a wireless network is much open to snoopers to eavesdrop on your online activities when compared to wired networks. And this should make you more diligent about your online security.
You should have a robust internet security solution running on your device. If you are a traveler, there will be a time when the only available connection is a free public Wi-Fi hotspot.
Using a robust security measure, such as a VPN will always keep you safe wherever you are. Apart from installing the right security solutions on your device or network, you should also avoid sharing too much information.