Home / Advisory / Why “Free” public Wi-Fi should be used with caution? Can be a new playground for cyber criminals

Why “Free” public Wi-Fi should be used with caution? Can be a new playground for cyber criminals

Posted on
We at CYBER SECURE INDIA evaluate the risks of using public WiFi and suggest strategies to use the free service while being secure and not being a victim to cyber attack.

In the next six (6) months time Delhi will have its Free WiFi Internet service up and running. Delhi plans to install 11,000 WiFi hotspots across the city providing its consumers 15 GB limit per month of Data usage. This will again instigate a war among the telecom service providers and we may find ourselves amidst another spurt of Digital Advantage. It may also see a time when the consumers may have the only option of using the free, public WiFi hotspot, and your work simply cannot wait. We at CYBER SECURE INDIA evaluate the risks of using public WiFi and suggest strategies to use the free service while being secure and not being a victim to cyber attack.

It is understood that this venture of the government will create more jobs by means of resource and infrastructure investment into this mammoth project, but this is not without Risk at all levels. Hence, there is a need for the users as also the service provider/government builds to invest in a robust Security Overlay for the ease of its management. This initiative is also a Citizen Welfare measure that will benefit the people of India and will surely place India at-par to many of the third world countries, who promise and provide free ‘intra-city transport’ and ‘free Internet’ to its citizens.

What are the risks of using public WiFi?

The threat of being a victim to cyber attacks while on the Free Public WiFi cannot be ruled out. Many Free Lunches comes with a price, hence there are associated risks that come along with this free lunch:

  • The biggest threat to free Wi-Fi security is the fact that you are on public network, that have many outer users concurrently, and that the others are able to capture your identity broadcasted. Remember, Internet connection is not ‘one-way’ but ‘two-way’, a user not only downloads data packets but also sends requests for download as well as uploads data, while keying or while submitting an ‘enter’ command. The said means can then lead to a MITM (Man in the Middle) Attack, in which the hacker positions himself/herself between you and the WiFi Hotspot. When your device sends data to a website or service, chances are the attackers will intervene so that your data is diverted or copied to an undesired destination.

  • There are many websites on the public domain that do not use the SSL (Secure Sockets Layer). In an SSL connection, the website is redirected to the “HTTPS” pre-script, where as those without SSL are routed on “HTTP”. In the absences of this encryption, there is an unencrypted channel that is available between the connecting device and the router/webserver. Hence there is an associated risk, if the channel of exchange is not HTTPS.

  • No form of security is complete. As a user of Free-WiFi at hotels, one would have experienced the appearance of ‘Pop-up windows’ and ‘auto-execution of certain software’s; these are but vulnerabilities of the browsers that we use. This feature can also be exploited to serve Malware to the connected device, thereby infecting the devices.

  • The Market Place is full of hardware and software that can exploit weaknesses in the devices (hardware and its software), zero-days and other common vulnerabilities are being continuously researched by malicious elements. They are even capable of making a genuine looking ‘pseudo-connection’, that looks similar to the original hotspot and then enticing the user to connect to this internet connections. This then, is further exploited to get access to all your online business, resources, account and password, browsing and chat histories, etc, from the users device.

How to Defend Against the Cyber Fraud on Public WiFi

The very fact that “Free Internet” through Public WiFi, is a service that even the Government of the day is thinking of, is a step towards complete Digitisation of the Government, thereby ensuring Good Governance. The users are encouraged to use the facility, but with caution. How can you protect yourself while connecting to the Internet using these free and open WiFi hotspots is the challenge. For which, the user should be aware and should educate oneself to gain the maximum from such welfare schemes:

  • Check the Wi-Fi network address, establish if the WiFi name is authentic, check the name of connection from airport, hotel, coffee shops, etc, before you connect. Compare it carefully with any log in instructions supplied and do not ignore any anomalies.

  • When you leave a connection, ‘Uninstall’ or ‘Forget’ the prepared connection. Whenever you are done using public WiFi, make sure that you configure your devices to ‘forget’ that network. This will ensure that your device won’t constantly broadcast the SSIDs of the networks it has connected to in the past.

  • Keep your WiFi functionality turned off when you are not using it, don’t allow your devices to automatically connect to open WiFi networks.

  • Be vigilant about your network settings and surroundings. You can’t be connected to ‘Airport WiFi’ if you are sitting at home. Be skeptical of network names like ‘Free WiFi’ and network names for common hotel chains and other franchises.

  • Beware of public WiFi! This goes without saying: only connect to WiFi networks you know and trust. Do not conduct sensitive business, banking or personal data related activities over public WiFi.

  • Ideally, use separate business and private devices. A designated tablet for watching video, entertaining children and general web surfing is a small investment with potentially bigger and safer returns. Do not use this device to access confidential documents, your work network, email or banking apps.

  • Don’t visit insecure websites: use https web addresses rather than http (notice the lack of an “s” at the end?). Check for a locked padlock next to the web address in your browser. Remember that https or “Secure” websites do not mean safe websites, it just means visiting them is less open to this particular type of attack.

  • Verify that the SSL certificate for the website is genuine and was issued to the company to which you are connecting.

  • Use a VPN, if it is an absolutely must to connect to a public WiFi. It is your best bet when it comes to surfing the net securely. A VPN will encrypt your data before routing it to its destination, so even if the attacker is able to see that your device is connected to their WiFi Hotspot, since you are using a VPN, they will not be able to see the data that is being routed.

  • Do maintain an option of connecting through a Dongle or your Smartphone, while performing financial transactions and disconnect your connection from the public free network.

  • Adhere to policy or take permission, while performing Official work from a public WiFi.
%d bloggers like this: