Most people are habituated to using free Wi-Fi at airports, hotels and other public places. But, only few of them realize the risks associated with this practice. Therefore, the following write-up discusses the dangers associated with use of public free Wi-Fi.
Free public Wi-Fi are easy ways to access the internet, and it doesn’t cost any dime. But it comes with associated risks and dangers. Freely downloadable "sniffing" software has made it super easy for anyone to hack into someone's Wi-Fi session and see what they are up-to. These software tools were actually meant for IT administrators to troubleshoot network problems. But like everything else, they are now also been used by bad guys.
Here are the dangers associated with the use of free public Wi-Fi:
When you log into any online account, a cookie is sent to your device, which is used in further exchanged between client side (browser) and server side, to recognize you and your current session. If hacker can somehow read your cookie, they can gain access to your ongoing session, something known as “Session hijacking”. What makes matter worse is that hackers don’t even need your password to hijack your session.
Sites that use encrypted HTTPS traffic on their login page but not on other pages are especially susceptible to Session hijacking. Sites that employ HTTPS across all their pages are considered less vulnerable. However, hackers can still access your browser cookies through malwares and exploit kits.
Cyber criminals are known to set up free hotspots, to lure unsuspecting users into their Wi-Fi connections. In some cases, they create Wi-Fi with same name, known as “Evil Twins”. Others create Wi-Fi with names of popular nearby locations such as McDonald.
After laying the trap, fraudsters use packet sniffing tools like Wireshark to capture the packets being sent to and from the web servers and client (browser). In technical terms, they commit Man In The Middle (MITM) attacks on your web traffic, by placing themselves between the actual public network and your web sessions. The passwords entered into un-secured (HTTP) websites are visible to them. They can gather your login credentials to compromise your accounts later on.
Attackers also aim to take benefit of auto-connect feature of Wi-Fi that some users keep enabled on their devices. Once you connect to Evil Twins, attackers can also access your files, if file sharing option is enabled in your device. Not only this, attackers can also send you files laden with malwares like spywares, Trojans etc.
Hackers can also push malwares to your device by sending fake warnings in name of malwares, system upgrade etc. However in reality, they install malwares that can create backdoors, rely sensitive information in real time or worse.
Low Grade Encryption:
Wi-Fi networks were initially protected by Wireless Encryption Protocol (WEP). However, the protocol was too weak and could be hacked even by script kiddies. This led to new encryption protocol called the Wi-Fi Protected Access (WPA). This protocol could still be broken with simple and easily available tools. Therefore, if the public network you are using is employing aforementioned two protocols, you are also at risk of being hacked.
Free public Wi-Fi is fraught with issues. Users are advised to connect to only secured websites (HTTPS enabled) which can be seen as padlock sign in the URL address bar. However, it’s worth keeping in mind, that accessing these secured websites on public Wi-Fi only minimizes the dangers, but doesn’t nullify them completely.