While Wi-Fi in public places is very convenient and easily available these days, it is important to note key hidden security risks to be aware of. CopperTree initial client assessment includes an analysis of areas that could become a security threat and provides recommendations to strengthen their defense.

Malicious Wi-Fi Hotspots

Wi-Fi hotspots can be named anything the owner would like and attackers often mirror a name to an area that looks legitimate but is not. An example: “StarbucksWiFi” free access point may not be the official one for the business.  In this case, when you browse, your traffic is recorded and analyzed for sensitive information that may prove useful in compromising your accounts. Instead of just connecting to an arbitrary Wi-Fi access point, check with the establishment to ensure that you’re connecting to their official Wi-Fi and not a malicious hotspot.

Packet Sniffing

Public Wi-Fi is shared with others, substantially increasing your risk of becoming a victim.  This happens with the use of a Packet Analyzer.   These shared connections allow others to read your data and track your online activity. Sensitive information, such as your username and password, can be captured in the process. Since most people use the same username and password for multiple accounts, the risk is magnified. An attacker can steal your credentials and compromise far more than your social accounts. They may even gain access to your financial records or other confidential information.

These are not experts who carry out such an attacks. Free plugins list out all the URLs you visit, compromising your privacy and possibly your security.  If you pass cookies unencrypted or log in to websites that don’t use HTTPS, the attacker may see a pattern and use unencrypted data to log in to your accounts.

Man-in-the-Middle Attacks

This type of attack happens when the communications of an unsuspecting user are intercepted and modified by an attacker. In the case of a Wi-Fi hotspot, the attack would be implemented by the owner and revolve around mirror-like copies of popular websites such as Twitter and Facebook.

It will look like you’re interacting with the actual website, but the attacker has presented you with their own malicious copy of the website to trick you into passing sensitive information such as a username and password. Such information would then be used to log in wherever possible in an attempt to gradually escalate access to financial records and other valuable private information.

In Summary…

Free Wi-Fi is tempting and often necessary especially when travelling out of country. Just remember to protect yourself from data theft, avoid public Wi-Fi when possible. When in doubt – don’t!  Use SSL and VPNs when you have no other choice and always make sure to confirm the authenticity of the hotspot before you connect.

At CopperTree Solutions we are pro-active when developing a strategy to keep your business current and protected.  We serve clients both large and small, in Kitchener, Waterloo, Cambridge, Guelph and surrounding areas.

Call 519-804-2461 or email us at Colin.Shantz@ctsol.ca