How Safe Are WiFi Hotspots?
How likely are you to get hacked when using free WiFi?
Free and Open WiFi is available almost everywhere now, Airports, Cafes, Hotels, Bars/Restaurants, Train stations, Sports stadiums, Schools, Hospitals, the Workplace and even in the street.
Millions of people a day use free WiFi, especially data hungry smartphone users.
But few think about what happens after they click connect (apart from getting Free WiFi!).
We have all seen the news stories about the dangers of using free WiFi but how hard (or easy) is it to have your personal information stolen or phone hacked when you connect to a WiFi hotspot?
The simple answers is both.
There are a number of ways your security can be compromised, some are very easy and can be performed by a novice with just a smartphone and an App, others require more advanced hacking skills, special equipment and software.
In this article we will look at the various methods used by hackers to exploit free WiFi.
Just a Phone & an App
This is probably the easiest method and requires only a smartphone, usually running an Android Operating System which has been rooted (Iphones suck at hacking) and a Packet Sniffer App.
Packet sniffers are networking tools usually used by network administrators to analyze networks and identify faults, they allow the user to view a host of information being sent over a wired or wireless network including website addresses, pictures, email addresses and passwords.
But they can also be abused by hackers wanting to steal information from other people connected to the same WiFi hotspot.
The most common type of attack is called a Man In The Middle attack (MITM). This can be done with a smartphone App or other software. The attacker routes all the wireless traffic between the router and the user through their device which they can view or save for later.
The effectiveness of this attack depends on a few variables. Firstly if there is any WiFi hotspot system which includes a login may also have some form of protection against MITM attacks.
Many hotspots in small cafes and bars simply give out the WiFi password or don’t use any security leaving the network ‘Open’. These type of networks will unlikely have any protection for uses and pose the most risk.
Most websites and Apps now use secure https and SSL which means that data sent over a WiFi network is encrypted, most of your data will be secure when using banking websites and their Apps, Facebook and other major sites. However they are never 100% secure and hackers can still divert your traffic to a non secure http connection or use an SSL stripper.
One of the major risks is visiting and logging in to websites which don’t use https is that an attacker can easily ‘sniff’ a visitor’s username and password. And as so many people use the same login details for all their online accounts the hacker will be able to gain access to more ‘secure’ sites like Facebook, YouTube, Twitter, Instagram and email accounts.
Packet Sniffing With Linux
Linux is an Operating System like Windows or Mac but it has specially designed versions for Penetration Testing or what most people would call hacking. There are a host of tools available for wireless penetration teasing for Linux and powerful packet sniffers are just one of them. The attacker will also have access to more powerful tools to attempt to break the security user.
A MITM attack is performed in a similar fashion as described above but often using high power WiFi adapters and antennas so the WiFi hacker can cast his or her evil net as far as possible.
Honeypots are WiFi networks set up with the sole intention of obtaining information from any user that connects and uses the network. A hacker will create a working WiFi hotspot with Internet access but will monitor and collect all the traffic being sent over network, filters may be set to only collect a certain type of data such as email addresses, password, usernames and credit card numbers.
Honeypot networks will often be left ‘Open’, allowing users to connect without a password to entice more victims. The routers SSID (network name) will be left as the default SSID or an innocuous name to give the impression that the network has been setup by a person without much knowledge of wireless security.
Rouge Access Points
Rouge Access Points (AP) are wireless networks created to imitate a legitimate network and its inherent trustworthiness with the intention of intercepting data for nefarious purposes.
These type of networks are the most dangerous as they require an intermediate amount of knowledge and skills and use more advanced techniques than an average WiFi hacker would have at their disposal.
A Rouge AP will have the same SSID of a nearby or popular WiFi network (Such as Starbucks, McDonalds, Free WiFi, FON Hotspot). The hacker will use a high power WiFi adapter (normally used to connect to a WiFi router) to actually broadcast the Rouge AP signal. Since the power of the adapter is higher than of the legitimate WiFi router the Rouge AP will be displayed in a users available WiFi networks as only the SSID with the most powerful signal will be shown. If a user has previously connected to a legitimate network with the same SSID then their device will automatically connect to the same SSID next time they are in range, even if it is not the genuine network.
How to Protect Yourself When Using Free WiFi
Avoid ‘Open’ networks which do not require a password or login.
Only connect to networks which you are sure are legitimate.
Never log in to websites and Apps with poor security when using a WiFi hotspot.
Be aware of security warnings when using free WiFi, redirections, fake websites trying to imitate genuine sites like Facebook, repeatably being asked to log back into Apps and sites which don’t usually ask.
Using a Virtual Private Network (VPN) service or VPN App if mobile.