Dr. Security gives tips and answers questions related to cyber security. This time, it is about security and public WiFi.
Every time I am travelling I use public Wi-Fi, at hotels, bars or airports. Anywhere, when I have some free time, I just check e-mails, my social media profiles and, sometimes, my bank account. It’s not that often, but from time to time it crosses my mind: “is it possible that people steal my data when I’m connecting through public hot-spots?” (Nina, Otelfingen)
Public Wi-Fi networks are tricky, but it does not mean you should stop using them! I, too, use them all the time!
Anyone that has access to a wireless network that does not require a password can get access to your data while it’s in transit from your devices (say, your smartphone or laptop) and the wireless access point. The solution to this problem, is to only enter sensitive data (username and passwords, credit card information and so on) on websites that use HTTPS or through applications that only connect via HTTPS to their servers. When using HTTPS no-one can access your data while in transit over a network. You can check that a website uses HTTPS by looking at the green address bar or a lock shown next to the website address.
Your browser also helps in defeating these kinds of attacks. If a warning is displayed, think twice before proceeding to the website, then it really means something is going on…
Unfortunately, it’s harder to say which applications use HTTPS internally, it’s safe to assume that most of the popular ones do. For extra security, and if available, use a VPN solution (which also work on mobile devices!). VPNs (should) encrypt your traffic and make it impossible to be spied upon.
As I said above, public Wi-Fi are tricky. There are more sophisticated attacks that can impact your security. Man-In-The-Middle (MITM) attacks and rogue access points are two examples. Keep in mind, more sophisticated does not mean more expensive to carry out, but potentially more involved. Yet, I would say it’s safe to assume that they do not happen so often. Going in the details of these attacks and countermeasures takes a bit more time and space then what’s available in the newsletter. I would be happy to explain it in more details, so do not hesitate to write to the Doctor at: firstname.lastname@example.org.