If You Can, Steer Clear Of Free Wi-Fi Hotspots

imageWi-Fi hotspots and I don’t get along. It’s not that I’m not appreciative of the free service – I am.  But, I’m far from convinced that free Wi-Fi hotspots are appropriate for most Internet users. Hotspots are a hacker’s dream come true.

Free hotspots, in many instances, are unsecured – a semi-skilled hacker, using a selection of readily available tools (often available as a free download on the Internet), can easily penetrate such a network.

Here’s the first example of what I mean:

Earlier this year, while visiting my local Library, I logged on to it’s hotspot only to have my Browser warn me of a possible fraudulent certificate – symptomatic of a “man-in-the-middle” attack. Typically, a man-in-the-middle attack is designed to eavesdrop on the traffic between a user and a website.

Since most users are unaware of the importance of certificates, it’s fair to assume that a typical user, on seeing this warning, would simply click “ignore”. In this case, that had to be so – when I approached the Library’s chief Tech, shockingly, he had no idea what I was talking about. Certificate? Huh? Which led me to believe, that no other user had brought this issue to the Tech department’s attention.

In other words, possibly thousands of users were unaware of the very real risk to their privacy and confidential data, as they happily surfed the Internet from this location.

Given, that one purpose of a certificate is to confirm that the web site being visited is indeed what the user thinks it is – effectively, whether the site can be trusted or not – I continue to be surprised at the typical user’s scant knowledge in this area.

Here’s a challenge for you – query your self described “tech savvy” friends on the current certificates installed in their Browser. Wait for the surprises – or, maybe not.

Pictured below, as an example, are the Certificate installed in my current version of Firefox.

Authorities – These are the Root Certificates that Firefox trusts.

image

Servers – These are the certificates that have been installed manually from a website.

image

The second example:

At an Art class I joined earlier this year, I happened to notice a questionable type of person sitting (on the ground) outside the building (freezing his butt off, since it was Winter), surfing on his Laptop. I knew there were no open Wi-Fi networks within range, so it was apparent that this fellow was surfing through the Art Institute’s password protected Wi-Fi.

On speaking with Institute staff, it became clear that this was a common occurrence with this fellow. The long and the short of it is (it would take an entire article to tell this tale), a series of Wi-Fi hacking tools were being used to “play” with the owner’s site. Since few of the students used the Wi-Fi hotspot, no damage had been done. But, it easily could have.

If you do use Wi-Fi Hotspots, here are some recommendations for safer surfing:

Assume your Wi-Fi connection is open to penetration.

Be certain that your security applications are up to date.

Don’t enter sensitive financial data. Online banking while connect to a hotspot is, to put it mildly – crazy.

To be sure that you don’t leave a trail of “breadcrumbs” – history, cookies, passwords – set your Browser to private browsing mode.

Log out of each logged-in site you visit – particularly, web based email sites; Facebook, Twitter, and the like.

Pay particular attention to one of the craziest default setups ever – “Remember my password”. It’s imperative that you uncheck this.

If you’re comfortable with anonymous surfing then, consider installing a VPN application. One such application worth considering is Hotspot Shield – reviewed here, a number of times.

Finally, you should consider avoiding Wi-Fi Hotspots entirely. An alternative is creating a “personal hotspot” if your smartphone is capable. Check your phone manufacturers web site for information on how to do this.

8 Comments

Filed under Don't Get Hacked, Interconnectivity, Safe Surfing, Smart Phone, Wi-Fi

8 responses to “If You Can, Steer Clear Of Free Wi-Fi Hotspots

  1. Mal

    Hey Bill,
    Like you, I have never liked Wi-Fi hotspots. I feel so much more secure using my wired home internet connection. I won’t even use public libraries or internet cafes anymore. Even with a wired connection, I still use VPN on a regular basis too.
    Cheers

  2. Great. So you’ve not told millions of mobile workers they can’t trust Wi-Fi hotspots and not to use them. Now … provide a solution.

    • Hi Khürt,

      No, I did not tell millions of workers not to use hotspots. What I did say is – hotspots are inherently unsafe and should be avoided – “If You Can, Steer Clear Of Free Wi-Fi Hotspots”.

      You’re free to take issue with this. Rejecting substantial evidence that hotspots have proven to be a boon for cybercriminals is your prerogative.

      I’m hardly alone in proposing that hotspots should be avoided. Neil Rubenking (PC World) – “Logging onto free wireless networks is risky behavior, and security experts recommend not performing sensitive tasks while on the hotspot. If you really need to login somewhere or buy something online, you would be better off staying on cellular networks and off these wireless networks. Criminals haven’t gotten around to eavesdropping on data transferred across 3G and 4G networks yet, experts have said.”

      Your suggestion that I did not provide a solution doesn’t hold water. In fact, I offered a series of recommendations to enhance security while using hotspots. Followed by a specific workaround to employ a personal hotspot.

      Best,

      Bill

  3. Hmm … OpenDNS thinks the HotSpotShield web site is not good for my computer.

    This domain is blocked.
    Site blocked. http://www.hotspotshield.com is not allowed on this network as it may have unsafe content. Sincerely, The Management

    • Hey Khürt,

      I find that patently ridiculous. HotSpotShield has been, and continues to be recognized, as one of the premier VPN applications available. I’m surprised that you (as a high level user), would be guided by advice that suggests an application “may have unsafe content”, rather than investigating the application in question.

      In this particular case, the recommendation by OpenDNS would not stand up to scrutiny.

      Best,

      Bill

  4. I think you’re being trolled here, Bill.

    You DO offer solutions, eight of ’em, in fact. Your article is a wake-up call for those of us who have become a bit complacent on the issue.

    • Hey Stormin’ Norman,

      Actually, this fellow comments from time to time. You’ll not be surprised to hear that we rarely agree. 🙂

      Long time no hear – so, very good to hear from you.

      Best,

      Bill