Many professionals work outside the office when they go on business trips and meet customers. Sometimes they need to connect to the internet to send an urgent email or check an important document through public Wi-Fi. Public and free Wi-Fi access points are now widespread. One can freely connect to the Internet in a shopping mall, airport, hotel, or restaurant.
This wide use of public networks gives cybercriminals a good chance to violate personal data and privacy. Without proper protection, risks deriving from public Wi-Fi connections are not negligible. There are multiple hacking techniques base on the Man-in-the-Middle (MITM) approach.
Attack techniques
Let us try to understand more about these techniques and how to mitigate data theft risks.
Spoofing is a technique that allows an attacker to create a Wi-Fi network with an SSID identical to that of the existing public network. All he needs to do is to activate the fake network, let’s say, in a shopping mall, and wait for someone to mistakenly connect to it instead of the authentic network. Once the victim gets into the trap, his data traffic will pass through the attacker’s device in a completely transparent way.
Sniffing is the natural evolution of a spoofing attack. It allows an attacker to control the whole victim’s traffic, connected to his device. In this way the attacker can discover browsing habits, personal information, session cookies, access credentials to online services, with all the related risks.
In such a scenario, attackers can easily make victims download malware onto their devices. Once the employee is back to the office, the malware can open a backdoor for the attacker to enter the corporate network.
These types of attacks do not require deep technical skills or big investments. For example, Wi-Fi Pineapple, that was born as a tool to perform penetration tests on Wi-Fi networks, costs just $150 and includes multiple features.
How to protect yourself
You should not underestimate the security risks associated with free and public Wi-Fi networks, as mobile devices can automatically connect to those you open. Fortunately, there are ways to avoid the traps and defend confidential personal and corporate data:
- If you need to connect to the corporate network via a public Wi-Fi hotspot, use a VPN (Virtual Private Network) connection. It guarantees the data is encrypted and transmitted securely
- If the corporate VPN connection is unavailable, use the HTTPS Everywhere plugin at least for the internet browsing. It ensures, when available, an encrypted connection
- Turn the Wi-Fi mode off when you do not need to connect to the internet. Your device will not search for the networks it connected to in the past. So an attacker would have no chance to draw you on his network and sniff your traffic
- Disable automatic connection to open Wi-Fi networks on your device
- Increase awareness about potential network risks among your colleagues
HWG platform upskills non-IT professionals in cyber security and trains them to learn, recognize and withstand cyber-attacks.