Personal Security for the Savvy (or not) Exec #3 – Free Wifi

In this episode of “Personal Security for the Savvy (or not) Exec,” we’re discussing the dangers of Free Wifi, what it means to you, and how you can protect yourself (and the risks involved in that).

By the end of the article I hope to have given you all the tools and information you need to make up your own mind on the Free Wifi discussion, and map out a clear personal security strategy for the future.

Free Wifi! What’s not to like?

You’ve probably seen signs outside coffee shops countless times stating “free wifi,” and for many this luxury absolutely must be used to maintain productivity.

Typically, these networks are open to connect, do not require a password, and sometimes require you to login or register by entering your personal details on some sort of captive portal.

Malicious Attacker Nearby

As great as a free amenity like this seems to be, it poses several risks. One of those risks is interception by a malicious third party.

When you connect to a fully open-network, that means that there is no network-level encryption. This means that anybody, whether they’re connected to the network or not, can view all network-level traffic by using a network adapter to sniff in the air.

This means that if you try to access a website that does not support HTTPS (there is no padlock on the top left of your browser when you visit it), then the attacker will be able to view ALL traffic you send and receive, including passwords and all other sensitive information.

Example of secure website

Example of an insecure website

If developers of apps on your phone and/or laptop are sloppy and don’t implement HTTPS on their websites, you’re fully exposed on open wifi networks and so is all of your information.

Misconfigured Networks

This kind of risk is not usually a problem in chain shops & restaurants, but it could be. Misconfiguration issues typically affects networks that have not been set up by a professional network engineer, such as some family-run coffee shops, although it could easily affect any network that hasn’t been configured correctly.

On some networks, it is possible to view all other connected devices, and employ a technique known as  a “man-in-the-middle” attack, which when executed allows an attacker to intercept all traffic between your device and the internet.

For example, they may be able to see all the sites you browse, images you load on some sites, and credentials and text entered on insecure websites. When performing a Man In The Middle attack, attackers can even replace or inject their own content.

This can still affect and impact modern & popular applications today, for example Instagram was once vulnerable, allowing an attacker to see all images on a person’s feed as they browsed it and to replace images with their own.

Attackers can also redirect you to a phishing page, a clone of a legitimate site designed to trick you into entering your login credentials so that they can be stolen.

Data Collection & Mining

The next risk is one of data collection, which occurs frequently on many free-wifi setups, and is generally hidden deep down in the fine print terms and conditions you click “agree” to without reading.

On many free wifi networks, you unknowingly agree to the network itself storing and linking your browsed data to your personal details. Advertisers use this information to track you and your interests, attempting to sell you items based on the data collected.

Some people have no issue with this, but some may have very strong views on how their data is used (and how they’re tracked). Your opinions in this ethical debate may shape your level of concern, but in either case there is risk.

Protections

“Ok, so with all of these risks, what can I do to stay productive, safely?”

Luckily, there are many things you can do to protect yourself against these risks and make your free-wifi experience much safer.

Use a Virtual Private Network (VPN)

One way many people protect themselves on open, free wifi is by using a VPN. A good VPN will encrypt all data sent from your computer to the remote server of the VPN provider.

This means that the VPN provider can see all your traffic and pages that you visit, although it does mean that the data passing over the free wifi is fully encrypted and cannot be seen by third parties intercepting the information or any malicious attackers nearby.

Because your VPN provider can see all your traffic, you should have some level of trust for the company (this is a very personal thing) and should be comfortable with the fact they can read and see everything you send to them.

If you’re not comfortable with that, it may be possible to get your company to set up a VPN or if you’re savvy enough, you can host your own.

If you want to use a commercial VPN platform, companies such as Private Internet Access and FrootVPN make it very easy for you to get connected.

Conclusion

Free Wifi offers many risks for normal people and those with sensitive information. One of the methods for protecting yourself is a VPN, although that may bring its own set of risks.

For an individual, buying into a VPN service is an easy way to shield yourself from common attacks when using free wifi, particularly if you are a frequent traveler or independent consultant who works in public spaces. If you’re working for a company with the resources to set up its own VPN (especially if sensitive intellectual property is a concern), talk to your IT staff and security provider about your needs.

If you found this article helpful, please share it to help somebody else understand the risks involved with free wifi, and what they can do to protect themselves.