Risks Involved in Free WiFi

Malaysians (and quite sure the rest of the us) truly love Free WiFi. No doubt that you see tons of Malaysians love to spend time in Cafe such as Starbucks , Coffee Bean , SF Coffee for hours by just buying a small cup of latte (or their favorite drink) and sitting there for an entire day and downloading their favorite animes. Of course some of us go to these places for group discussion or to meet people or to do some ‘mission critical’. Others even use Cafes as their secondary office – meeting new clients and sealing off deals.
 

http://i.imgur.com/q6ckG.jpg
WiFi Hotspots are becoming more and more common in this era as users are getting tech-savvy (Picture from popfi.com)

The biggest concern is security. This is why there is even an article in The Star , which inspired me to write myself this article  One may ask what are the risks involved and how you can protect yourself when using Free WiFi. More after the jump

Risks 
Now let us talk about risks involved. Firstly , Free WiFi is not secure (regardless if it is password protected – that is just to scare away free riders. As long if the place offers WiFi for free for its customers , it is not secure). A bad guy could be on the network and passively listening conversation. Just think of wire tapping . You may not know , this guy will know what sites have you been visiting , he/she can even know your passwords . By exploiting the principle of ‘users-use-the same-password-for-everything’ , pretty much she/he can get access to your Online Banking , Corporate E-mail/Intranet Access. Even worst , what if you are pretty , a creepy stalker may just get ‘details’ of your facebook account and start stalking you. To sum it up , joining a free WiFi is pretty much like being naked. You are exposed
 
 
http://i.imgur.com/3LtXZ.png
You may never know what is going on the other side of the network (Picture from topone2u.blogspot.com)

 
Apart of being ‘watched’ , there are other risks as well. Recently , Liew CF shared an article on twitter and it caught my attention. Its about an Hotel that caught injecting advertisements into web pages on their Free WiFi Network. Now there are Free WiFi Hotspots that would require you to enter your e-mail address. It may seem harmless , but be warned that you could be spammed by advertisers and who knows that even your ‘surfing habits’ could be sold to advertisers for money
Thankfully there are number of ways you can take to protect yourself
 
Mitigating Risks 
No , this is not a course on Risk Management 101. I am just sharing few tips that would help to mitigate your risks of being ‘watched’ or being ‘hacked’ , when you are using Public WiFi. This security tip is also applicable in other cases (for instance if you are sharing an Internet Connection with your ‘geeky’ friends , probably you may want to get a VPN as well. Trust me , you do not want to make them angry)
1. Using VPN – VPN works like a ‘tunnel’ . Basically instead of you connecting directly to the Internet via WiFi Hotspot , you’ll be routed through a special server. Of course it makes it harder for hackers to track you if in this way. All your Internet activity are hidden from hackers view,  all they could see is that you are sending some stuff over to a server , thats about it. There are numerous of VPN providers , generally you would have to pay. However if you insist on a free VPN Service and do not mind ‘advertistments’ but prefer a much more secure connection , I would recommend Hotspot Shield
2. Using Disposable Email/Spam Mail – Some Wireless Hotspot requires you to sign up for a free account which prompts you for your personal details such as your name , e-mail address. Generally it is a good idea in order to avoid your primary e-mail address from getting spammed. You should use a secondary (or what I would call it as spam mail) e-mail address solely for this purpose. Alternatively , you may want to use a disposable e-mail address. These are one-time use e-mail address which is valid for several hours before they expire and die. 
3. Do not visit any Banking Sites – This is very important. Do not ever perform any sort of banking transaction when you are in a wifi hotspot or in public places. You may never know , you might just get hacked. Despite the fact the banking site is secure  , bear in mind that hackers can sniff the data from the hotspot since every data has to go through the wireless hotspot before being sent to the bank. 
4. Do not enter username/password for sites that do not use HTTPS  – When you preform online banking , logging into twitter or even facebook. You would notice that it uses https instead of http. It simply means that its a secured HTTPS that the data being sent and received are encrypted . Now when you login to some forum or sites which don’t use HTTPS , it may be sent as plaintext or MD5-hashed (the latter is more secure and commonly used). Now suppose if you are using the same password for everything (which normally people do and I do it myself – yes that is our nature) , chances are hackers could pretty much get every single thing , right from your banking details to your e-mail account and possibly your World of Warcraft account too ! 
5. Using 3G Connection    – No silly , we are not talking about watching porn in Starbucks and not getting caught . Suppose that you are meeting your client in Starbucks. Your client decided to go ahead with your proposal and wishes to transfer money securely. What would you do ? . The answer is relatively simple , if you have a data plan for your iPhone , Android , BlackBerry – chances are you may able to tether the connection (again depending on your carrier and data plan). Using 3G connection to conduct such transactions are much much more secure compared to doing it over WiFi as prying eyes (and ears) aren’t able to sniff packets to know what you are doing. Suppose if you do not have any data-enabled phone at that time (or your battery has ran out) , VPN is another alternative solution.
 
Conclusion
These are some of the things that you could do when you are using your computer , tablet , mobile phone in a cafe.  However bear in mind that Hotspots is not meant to replace your Primary Internet Connection (such as DSL or Cable or 3G/4G Wireless) nor it is your primary Internet Connection. If you are constantly on the move , consider getting a 3G/4G Wireless Internet , or alternatively subscribe for DSL service at home . Think twice about your data before using Free WiFi
If you have any suggestions or recommendation , kindly do leave your comment. I would read it and incorporate it

6 thoughts to “Risks Involved in Free WiFi”

  1. excellent article bro…i would like to add another one…use plugins for FF n chrome to force https on all website when it’s capable to…usually sites use https when submitting username n password….but we can also force them to use https for the whole session like M2U did….
    and also, once you’re in HTTPS mode, no matter what you do, it will always be encrypted…so chances of the sniffers reading your data is probably zero…but if you can avoid it…then it’s the best….
    another notable security problem is, auto connecting to wireless network….hackers can spoof themselves as the AP and you automatically connected to them. they sit in the middle and act a s a proxy to relay your data while they’re capturing the data for themselves…
    excellent article again !

  2. Nice article, but not without a flaw… Any site that’s properly implementing SSL can be said to be immune to sniffing… The crypto begins from your device, up till the site server, so anyone sniffing in the middle can only see encrypted data, which is unusable.
    Of course, it’s possible to crack ANY encryption, given enough resources and time… But, if you’re that kind of person, you’d probably use your phone’s 3G instead of free wifi, right?
    By the way, the 3G operator -or the ISP servicing you at home- can as well sniff you… AND the vpn provider, too…

  3. SSL can’t be 100% secure if you don’t had the private key of the other guy BEFORE getting on the free wifi. The bad guy could just fake a certificate that you can’t verify if it’s your first connection. (but if it isn’t, your web browser should warn you that the certificate has changed and is untrusted)

Leave a Reply

Your email address will not be published. Required fields are marked *