22 January 2015

Low awareness of WiFi security risks

While public WiFi has helped support the rise of mobile working, many workers don't understand the risks associated with open WiFi networks.

Once a luxury, WiFi is now practically everywhere – in cafes, hotels, libraries and a host of other public places. In fact, the Wireless Broadband Alliance estimates that the number of WiFi hotspots will reach 5.8 million this year. Thanks to this, mobile workers are now a common site in coffee shops up and down the country. But while public WiFi is beneficial, are we being to blasé about the security risks it poses?

What are the security risks?

An experiment highlighting these dangers has been in the news today. Seven year old Betsy Davies managed to gain access to a stranger’s laptop while they were both connected to a public WiFi hotspot. Worse still, the youngster was able to do this in just under 11 minutes, using instructions she’d searched online for. The experiment by virtual private network provider was conducted in a controlled environment, but clearly demonstrated how insecure open WiFi networks are.

Another firm, F-Secure, conducted a similar type of experiment last year. It set up several WiFi networks in London to see how many people would connect and what information it was able to obtain. Many devices connected automatically, probably without the users realising. The firm were able to read emails sent, including addresses and passwords of the senders.

Open WiFi networks, where there no username or password is needed to connect, offer little or no privacy or security. Online security firm ZoneAlarm has a great infographic highlighting how free WiFi can harm you. Sadly it seems as though many users aren’t concerned about these security risks or don’t understand how serious they are. According to the firm, 85% of users still connect to a public WiFi network despite warnings that their information could be viewed by a third party.

Perhaps they think they’d be able to spot a would-be-hacker? As the first experiment shows, you don’t need to have a huge amount of knowledge to hack into a person’s laptop or smartphone. In fact, a typical WiFi router has a range of 100 metres, so hackers don’t even need to be in the same place as you to carry out their attack.

Keeping your data secure

Europol, Europe’s law enforcement agency recommends that people should avoid sending or receiving sensitive data over public WiFi. This includes things like checking emails as well as online banking. Given the fact that more than half a million Britons have been a cybercrime victim, this seems like sound advice.

The experts suggest exercising caution at all times:

  1. Check with staff in the café or hotel so that you know the name of their WiFi network before you connect. Hackers can set up bogus networks to fool you, using a name that’s similar to the venue’s WiFi name so don’t just connect to any available network that is free.
  2. If you’re using a laptop, make sure you turn off file sharing and set the WiFi network to ‘public’ rather than private.
  3. Check that the websites you’re visiting have https and the padlock sign to ensure they’re secure.
  4. Once you’ve stopped using the WiFi network, make sure your device forgets the password, rather than remembering it and automatically connecting whenever it’s in range.
  5. Avoid open WiFi and use 4G if you can. This is generally much faster than WiFi and it’s more secure, as it encrypts your data. You should still be careful when using it though.
  6. Ideally use a virtual private network (VPN), which encrypts your data, making it much less likely to be hacked. You can set one up yourself or pay for a service. There are also free apps that do this, but if you go down this route, do a bit of research to find one that is reputable and suits your needs.
  7. Keep your apps and software up to date. Make sure you only download updates on a trusted network, such as your home; don’t do this over public WiFi or you could find out later that malware has been installed instead.
  8. Don’t use the same password for multiple apps or services. If like many people you have more passwords than you can remember, there are services that help you to remember your passwords or remember your passwords for you, like LastPass.
  9. Enable 2 factor authentications if you can. This way, even if someone manages to obtain your password details, they still won’t be able to login to your accounts.
  10. Use a firewall and antivirus software, no matter what device you’re using.