We all do it, but only 0.05 percent of us ever make an effort to actually protect ourselves before we hit the login screen. Whether you’re sitting down with a latte at the local Starbucks, signing in while chomping down on a hamburger at McDonald’s, or just using the hotspot that was recently installed on public transportation, the act of using public Wi-Fi spots has become a nearly ubiquitous part of the mobile experience.
As cell phone carriers continue to jack up their prices for less and less available data over their networks, people are finding more ways to stream all their favorite music, movies, and books to their devices while using the least amount of bandwidth possible.
That’s where hotspots come in. Easily accessible, generally free to use, and located on just about every city block in major metropolitan areas, the act of signing our digital credentials away to unknown sources has become so popular in recent years.
Now hackers have started to leave their basements and tread out into the light of day in order to pull down the photos, passwords, and personal emails of hundreds of users at once just with a few clicks on a powerful and portable PC.
With rumors swirling that the recent celebrity photo leaks may have been the result of Wi-Fi hacks at the Emmy’s rather than a vulnerability in the iCloud infrastructure, security researchers are beginning to take the threat of unprotected wireless networks more seriously than ever before.
To get the full scope of what we can expect in the next few years, we sat down with Kent Lawson, CEO of the VPN provider Private Wi-Fi, to get his opinion on what the general public can do to better protect themselves as the competition for everyone’s coffee shop credentials starts to heat up.
Hey Kent, thanks for taking the time to sit down and speak with VPN Creative today. To start things off, we’d love to get some perspective on what it is that your company does and, what kind of services you offer?
The New York Times called us the VPN of the masses, because our goal was to create a VPN that was as easy to use as standard security software.
We offer our customers 37 secure locations to connect to from around the world, and perhaps most importantly, we don’t sell the information about what our customers are doing online, nor do we maintain any logs about their activity in the event we’re subpoenaed by the feds or for evidence in a local civil suit.
Good to know. With those concerns in mind, what do you think the biggest threats of using public Wi-Fi are in the current meta of hotspots, and why?
First and foremost is that it can be hacked in a number of ways, including casual sniffing that just uses the radio signals, which any ordinary laptop can be programmed to pick up with the addition of a two dollar antennae. Also, rogue Wi-Fi spots can be set up with simple devices that ghost themselves on top of legit networks and trick users into putting their credentials in on the wrong network.
We think using public Wi-Fi without encryption is akin to shouting private information from the top of a building. That said, we also believe it’s the responsibility of the user to protect themselves on public Wi-Fi, and we offer a VPN to aid in that effort.
To follow that up, why do you think education about the risks of using public Wi-Fi without encryption or VPNs lags so woefully behind its widespread use?
Because it’s a very subtle approach that provides huge results. Right now, the best thing you can do is use a VPN before connecting to any networks you don’t recognize.
What would you say the benefits and drawbacks of using public Wi-Fi are in the current state of the open Internet?
Likely the fact that everyone uses public Wi-Fi, that it’s inherently insecure, and always be. I was even able to hack the public Wi-Fi at the RSA conference, and got an enormous amount of traffic that was unencrypted. Hacked into the Wi-Fi on the plane back too.
For the time being, I think SSL is the best that the industry if going to be able to do. Unfortunately the certificate issuing system is broken, out of control, and there are far too many agencies issuing at once. This leaves the opportunity for hackers to step in, because many of these certifications can be faked.
If you could change one thing about the way that places like cafes and hotels hand out leases on their networks, what would it be?
They need to emphasize security, instead of burying the details of it in their ToS [terms of service], something along the lines of a clause that says “We absolve ourselves of any liability by using this network”, and they also need to speak about the benefits of using VPNs more directly.
Hotels are probably the worst, because they put out a knowingly insecure service. If the mattress were unsafe, and the tag said it were, that would not absolve them of responsibility. No one should be do anything serious without a VPN running on their machine.
It’s been said that normal anti-virus programs simply aren’t enough to stop hackers these days. Why do you think that is, and what can the vendors of these programs do to better safeguard their customers in the long run?
What anti-virus is for is to protect the device, that’s it. The problem is it can’t protect the data as it’s being transferred from point A to point B. The risk is when data is in motion. It’s all well and good to protect your laptop, but your data is far more valuable in the long run.
Finally, what are your thoughts on anonymization programs like Tor? Do you think they offer a viable alternative to VPNs as a way to get around the pesky problem of public Wi-Fi infection rates?
Tor is intended for a different purpose, though it’s still a great technology. If I were a spy, I would definitely be using Tor. For now we’re not talking about government level surveillance, at least not on a consumer level, and for that, VPNs are still the best option that people can use.