Skip to main content

Tips to avoid triple threat while surfing Public Wi-Fi


“Know your enemy”, said Sun Tzu in around 500 B.C, although probably not referencing risk management in wireless data transfer. This well-known piece of wisdom does however apply perfectly to avoiding cyber-attacks on public Wi-Fi specificall in the time of demonetization: the threats you face are invisible to the naked eye, and can be best avoided with awareness of their existence. With that in mind, here are the three most common ways public Wi-Fi can be used maliciously to hijack passwords, drain bank accounts or make someone’s life miserable in any number of ways. Thankfully, it only takes a few easy precautions to avoid them and ensure your surfing is private, secure & carefree.

Man-in-the-Middle Attack (MitM)

Imagine there is a tube connecting your house to a friend’s house, and you send each other messages through that tube. Now imagine someone cutting a hole in it without your knowledge. What could that person in the middle do? At the very least, they could read the messages you send to your friend. This alone might be bad, but it gets worse: they could also start impersonating your friend, making you reveal personal information, the kind you only tell someone you completely trust.

The man in the middle takes advantage of your false sense of security. Say you go to your local coffee shop, get your usual double shot latte, sit in your usual spot by the window and connect to your usual hotspot “CupofJava”. A hacker can set up a network with the same SSID (network name) of “CupofJava”, and act as a signal transmitter between your device and the legitimate hotspot. This allows them to potentially intercept all unencrypted traffic you send (traffic is encrypted when a website URL begins with https, not http). If you ever connect to a secure site like your online bank and the URL is unencrypted, it is almost certainly someone guiding you to a fake login page with the aim of snooping your account details. Vigilance or using some kind of browsing protection are the only ways to protect against these kinds of scams.

The Evil Twin
Despite sounding like a cliché soap opera story line, setting up an evil twin is a frighteningly easy way for hackers to intercept private data. It’s similar to MitM, but doesn’t require the hacker to be in range of the hotspot they impersonate. Instead of placing themselves between you and the hotspot, they actually become the hotspot and trick you into making a connection, automatically or manually.

If you have ever connected to a network called “Free Wi-Fi”, your device will remember the name and connect to it automatically when in range. But your device doesn’t care if it actually is the same network; it will by default connect automatically to any network called “Free Wi-Fi”. A hacker just needs to go to a public place, set up a hotspot with a very popular name, and wait for someone to automatically connect. In this case, you don’t even need to fall into the trap because your device does it for you. For this reason, you should always check that Wi-Fi is turned off on your device when you are not using it.

Packet Sniffing

Packet sniffers are tools that hackers can passively leave running to intercept unencrypted data that travels over a Wi-Fi network they are in. It’s quite simple, really. When you log onto a website, that information is extremely vulnerable until it reaches the router and exits the hotspot. There is software readily available which allows a hacker to easily capture every bit of unencrypted data that is sent over the network. Thankfully, services such as Facebook and Gmail have started encrypting their traffic, but a lot of websites still don’t.

Besides, even if a website uses an encrypted HTTPS connection for logging in, it may still send unencrypted cookies. Cookies are little files that contain things like tracking information, website settings and crucially, whether a user is already logged in. This means that when intercepted, an unencrypted cookie can be used to impersonate you. The website will think it remembers you being logged in when in fact it is someone pretending to be you. Unlike the other methods, packet sniffing simply requires the hacker to be in the same network as you, without need to set up a hotspot of their own.

How to avoid data breach-

Knowing the risks is already half the battle, as you can learn to treat to public Wi-Fi networks with healthy suspicion. It doesn’t mean not using them, just taking steps like paying special attention that the sites you visit are what they say they are, and doing your best to make sure the hotspot you connect to is legitimate. It is also very important to have Wi-Fi turned off when you are not using it.

The golden rule though, is to never transmit any sensitive information unencrypted. Protecting yourself allows you to be more connected with less risk: it’s a win-win!

Comments

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

The Workplace of the Future

By: Arnab Ghosh – Director, Synergy Property Development Services)
Workplaces are undergoing a major transformation today to stay relevant. Conventional space planning and design approach for office space are slowly but steadily changing across the globe. What was a trickle a decade back is snowballing into a movement as we speak? The nature of the work we do and the time we spend in our workplace is driving this change. 
The Social Workplace The original office in the west was originally based on the factory floor design. The Workers occupied the maximum space followed by Managers and the Senior Executives in their glass cabins. The term “productivity” also has industrial roots. There were well-defined tasks and targets for the employees to achieve in their working time. All these have changed drastically over the last few decades and going to change further in the future. The culture of organizations has to adapt to this change to stay ahead and retain talent. Productivity is no long…