Skip to content

Public Wi-Fi and information security risks it brings

Many professionals work outside the office when they go on business trips and meet customers. Sometimes they need to connect to the internet to send an urgent email or check an important document through public Wi-Fi. Public and free Wi-Fi access points are now widespread. One can freely connect to the Internet in a shopping mall, airport, hotel, or restaurant.

This wide use of public networks gives cybercriminals a good chance to violate personal data and privacy. Without proper protection, risks deriving from public Wi-Fi connections are not negligible. There are multiple hacking techniques base on the Man-in-the-Middle (MITM) approach.

Attack techniques

Let us try to understand more about these techniques and how to mitigate data theft risks.

Spoofing is a technique that allows an attacker to create a Wi-Fi network with an SSID identical to that of the existing public network. All he needs to do is to activate the fake network, let’s say, in a shopping mall, and wait for someone to mistakenly connect to it instead of the authentic network. Once the victim gets into the trap, his data traffic will pass through the attacker’s device in a completely transparent way.

 

Sniffing is the natural evolution of a spoofing attack. It allows an attacker to control the whole victim’s traffic, connected to his device. In this way the attacker can discover browsing habits, personal information, session cookies, access credentials to online services, with all the related risks.

In such a scenario, attackers can easily make victims download malware onto their devices. Once the employee is back to the office, the malware can open a backdoor for the attacker to enter the corporate network.

These types of attacks do not require deep technical skills or big investments. For example, Wi-Fi Pineapple, that was born as a tool to perform penetration tests on Wi-Fi networks, costs just $150 and includes multiple features.

How to protect yourself

You should not underestimate the security risks associated with free and public Wi-Fi networks, as mobile devices can automatically connect to those you open. Fortunately, there are ways to avoid the traps and defend confidential personal and corporate data:

  • If you need to connect to the corporate network via a public Wi-Fi hotspot, use a VPN (Virtual Private Network) connection. It guarantees the data is encrypted and transmitted securely
  • If the corporate VPN connection is unavailable, use the HTTPS Everywhere plugin at least for the internet browsing. It ensures, when available, an encrypted connection
  • Turn the Wi-Fi mode off when you do not need to connect to the internet. Your device will not search for the networks it connected to in the past. So an attacker would have no chance to draw you on his network and sniff your traffic
  • Disable automatic connection to open Wi-Fi networks on your device
  • Increase awareness about potential network risks among your colleagues

HWG  platform upskills non-IT professionals in cyber security and trains them to learn, recognize and withstand cyber-attacks.

Related post

cset conference

Genoa, Novembre 14, 2024 - The 2024 CSET Conference,concluded yesterday, following two days of insightful discussions held on November 12-13 at the historic Palazzo della Borsa in Genoa. Organized by…

cset pre event 500x500

Genoa, November,12, 2024 - Last night, against the beautiful backdrop of Villa Lo Zerbino in Genoa, HWG Sababa hosted an exclusive event that brought together cybersecurity experts to discuss the…

cybersecurity roadmap settore trasporti

The transportation sector is undergoing a digital transformation, integrating advanced technologies and smart systems to optimize roadways, railways, maritime routes, and air traffic. However, this increased connectivity comes with heightened…

5 minutes
Back To Top