In our story yesterday on how to get a free VPN trial, we briefly talked about the importance of encrypting your data whilst using public Wi-Fi. In this post, we’ll dig a little deeper into the subject and explain the different methods hackers are using to gain illegal access to your personal computer and how to avoid it.
Public Wi-Fi are everywhere; in airports, coffee shops, hotels, and libraries. We often expect these locations to have free, open Wi-Fi, and in certain situations we depend on them to stay connected. It could be because we are on a limited mobile data plan, have little or no data signal at all, or simply because using your data abroad costs a fortune in roaming charges.
Public Wi-Fi’s growing popularity is undeniable. But with it’s growing footprint, it has also become web users’ Achilles’ heel for hackers to exploit.
Why is Public Wi-Fi insecure?
Public Wi-Fi is insecure because the data connection is unencrypted.
On your home Wi-Fi network, it should be at least password protected (right?), and you know who’s on it. But on public Wi-Fi there’s either no password or everybody knows the password. It’s easier for hackers to attack your computer if you’re already on the same Wi-Fi network.
When you connect at your local coffee shop, you’re vulnerable to a host of threats, not least of which includes real-world hackers who prey on popular networks and pry their way in to people’s personal details. The two most popular techniques are called “Evil Twin” and “Man-in-the-middle” attacks.
The Evil Twin
Imagine you’re at a Starbucks coffee shop and want to connect to its free Wi-Fi. If you don’t know the name of the Wi-Fi network, you’ll have to guess which one is the right by looking at the list of available Wi-Fi networks in the area. Say one is called “attwifi” and another is called “Starbucks Free Wi-Fi”. Which one do you choose?
If you chose the network called “Starbucks Free Wi-Fi” you may just have connected to the Evil Twin.
The Evil Twin is a method used by hackers to lure web users to connect to a rogue Wi-Fi network. The hacker will set up a Wi-Fi network that pretends to be legit, but in fact is created to drain as much personal information out of the unknowing web user as possible.
The rogue network has essentially been set up to to eavesdrop on wireless communication.
Usually, the method is used in combination with phishing attacks. So, when the target is connected to the rogue network it will fire off prompts asking them to sign in to their services like banks or email accounts. These prompts are fake but made to seem real. Their purpose is to steal any valuable information like logins and passwords to email accounts, online banks, etc.
In cryptography and computer security, a man-in-the-middle attack is a method to intercept and potentially alter the communication between two parties.
It works by impersonating the other person in a data exchange while in fact be a secret “middle-man”.
Imagine two parties having a dialogue but in fact they are both speaking to a third person pretending to be the other party to each other. You can read more about this type of attacks on Wikipedia.
The packet sniffer
A final threat is the so-called packet sniffer or packet analyzer. This technique achieved notoriety back in 2010 when a browser plugin called Firesheep demonstrated the ability to “sniff” up web users passwords from their browser’s cookies.
The advent of Firesheep has made Wi-Fi hotspots even more dangerous as it allows people with absolutely no hacking skills to intercept the unencrypted cookies transferred from sites like Twitter and Facebook over public wireless networks. This makes it possible for them to ‘sidejack’ a user’s current browsing session and use the site as if they were that user.
What you can do
By now you probably never want to go online in fear of the plethora of online threats. There are many simple measures you can take to become much safer online and a few handy tools and general awareness can go a long way.
Two-factor authentication for passwords
Internet users are reusing passwords and exercising poor password practices, which is putting their data at risk.
A good place to start a secure online life is to enable two-factor authentication on the services that are most important for you. Start with your email provider, online bank, insurance, etc.
Enabling two-factor authentication means that if someone tries to login to your account from an unknown location or device, it will prompt you with a notification and a pin-code, typically on your smartphone or another device you’ve registered.
The pin-code will be required to login from the unknown device. Effectively this means that even though a hacker gains knowledge of your password, he will not be able to login to your account unless he has access to some of your physical devices.
Educate yourself on online security and be aware and critical when you open emails or browse online. Look for HTTPS signs in your browsers address field and double-check the sender’s email address if an email looks fishy.
Tether your Internet connection
If you have a mobile phone with a data plan you can setup a mobile hotspot for your laptop or tablet. By doing so you can avoid using the public Wi-Fi altogether.
Beyond using a smartphone for the hotspot, you can purchase a separate box with a mobile data connection which plugs into your laptop. We’ve written a comprehensive list of the best mobile hotspots available on the market.
Encrypt yourself & backup your computers
We can’t say this enough: encrypt yourself. It starts with your computer.
If you use Macs, turn on FileVault. This will encrypt your hard drive so if your laptop is stolen, the content is encrypted. Then make sure you have password protected your laptop, mobile phone, tablets and any other device you bring with you. Make sure you have a data-recovery strategy.
Always use two kinds of backup. We recommend a backup at home that runs automatically. Again if you have a Mac, you can use the TimeCapsule backup. In addition to this, you should have an online backup running. One good option is called BackBlaze. It’s an app that runs on your computer in the background and constantly scans for changes on your computer and backs it up in the cloud.
Encrypt your connection with a VPN
Once your devices are encrypted, password protected and backed up, it’s time to encrypt your data connection. This is done by connecting to a Virtual Private Network (VPN).
With a VPN connection your data will be encrypted and hackers as well as Internet service providers will not be able to intercept your data. There are hundreds of great VPN providers available. We’ve reviewed close to 200 of them and listed here: VPN Creative’s list of VPN providers.
Have you experienced data theft? Please share your story in the comment section below.