
1 in 4 WiFi Hotspots Insecure
If you regularly connect to free WiFi hotspots and think it’s fine, then first of all WHY??? A study by Kaspersky has found that at least 1 out of every 4 hotspots are vulnerable to attack.
Out of the 31 Million hotspots evaluated, 25% of Wi-Fi networks have no encryption or password protection of any kind whilst 3% of hotspots use WEP (Wired Equivalent Privacy) to encrypt data, a protocol that can be “cracked” in minutes using tools freely available on the internet.
Whilst the remainder typically use WPA2 (Wi-Fi Protected Access 2) a much stronger protocol than the previously mentioned WEP, this doesn’t mean that they’re not vulnerable. In fact weak WiFi passwords are just as susceptible to being hacked due to the wide availability of tools (from Aircrack to WiFite) which are capable of cracking wireless network passwords, with password cracking times varying depending on the password’s complexity and length. Other tools cannot be directly used in cracking wireless passwords, but packet analysis (such as that by Wireshark etc) helps in guessing passwords.
How to stay secure
There are several reasons to ensure secure WiFi use, which include:
1. Fake hotspots
It’s easy to set up fake hotspots and hackers readily sit in cafes and other public places to set these up. Once you’ve joined a fake hotspot, hackers can access your files or plant malware on your device, and they can access your personal data or spy on the apps and services you’re using. That’s bad enough if it’s just your personal data on your device, but even worse if you’re on a work device and have sensitive information available to be stolen or intercepted.
2. Your data and personal information could be vulnerable.
There’s a chance that someone else may be able to intercept the data you’re sending to apps and websites. Make sure that your browser traffic, your mail, and your social media data are protected via SSL encryption. For example, if you’re browsing the web, look for the lock icon and click on it to make sure the site is certified as being who it’s supposed to be. When using apps, such as email apps, make sure you’re connecting using secure protocols to receive and send email.
You shouldn’t take more risk than necessary when using a free WiFi. If you can wait to complete tasks that involving submitting sensitive information — like banking details, credit card information etc. then you should definitely wait until you’re on a secure network.
3. What are you giving up your data for?
Free Wi-Fi is usually offered on the condition that the company providing it can collect, store, and analyze users’ data, look up their location, and access information about their activity. So you’re giving up a lot of data for very little in return. Providers are often unclear about how users’ personal data will be used, occassionally one of the hidden uses is that collected information will be used to target ads to them – after all you did agree to give your name, email address etc right? It also doesn’t disclose how extensively it may be tracking your location.
4. Companies offering free WiFi might be providing attackers a route in
Free WiFi for customers especially in the hospitality and retail industries are becoming more common as another way of communicating with customers. However this can be targeted by attackers looking for a way into an organisation as has been seen in recent years for example through attacks on 5-star luxury hotel chains.
Having comprehensive WiFi security is more than just having a good WPA2 password, and vulnerable hotspots and wifi networks means it’s not just those connecting to them that are in danger. Infosec Partners have extensive experience in securing WiFi networks (such as with FortiWiFi) and helping individuals and remote workers connect, browse and communicate safely when away from their trusted networks.
Infosec Partners can help
In today’s world, our lives are under attack like never before. The boundaries between our public, work and private lives have never been more blurred and our dependence on electronic communication and internet connectivity means there are many more avenues of attack for criminals who are actively targeting our personal and financial data, safety and reputation.
From significant global organisations to high profile individuals and families, Infosec Partners are trusted to optimise defences and protect against cyber attacks. Whether providing fully managed security services, independently testing your cyber readiness or providing crisis management and responding to incidents, Infosec Partners are proven partners of excellence and full-spectrum security experts that puts your security first.
Contact us today for more information and for your free consultation, by completing the adjacent form or call us to speak with one of our trusted advisors immediately:
+44 (0)1256 893662