Public WiFi can be great; it saves you from using your own data allowance on your phone and often speeds up loading times when you browse the internet. However, people who love public WiFi even more than you or I are hackers. That’s because they can use it to attack the connection’s users and access their private, personal data for adverse purposes.
Man-in-the-Middle (MITM) Attacks
This is where a hacker intercepts the communications between twi participants (WiFi connection and individual member of the public who connects to it). The link of the data being shared between the server and the client is broken by the hacker, and then they present their own version of a site to the user, adding their own messages. This type of attack is so common on public WiFi as the information transmitted is generally unencrypted meaning both the hotspot and your data is public! A public WiFi connection that has been compromised can easily steal personal data such as usernames, passwords, bank details, emails and private messages.
Fake WiFi Connections
A fake WiFi connection can also be known as an ‘Evil Twin’. In this case, an unsuspecting user can have their personal data stolen simply by being tricked into connecting to the wrong network. It is relatively easy for a hacker to set up an illegitimate WiFi network (they can even do it on their phone) and it can be well worth their effort for the information that they can access. If you see two similarly-named network connections when at a public place, be suspicious. If possible, speak to the staff at the establishment to be sure you are choosing the legitimate WiFi connection and also alert management if you are at work yourself and spot a fake AP.
Sidejacking (Session Hijacking)
This is the process whereby a hacker stealing a member of the public’s access to a website, often done on public WiFi networks. Log-in details are generally sent through an encrypted network and verified using the account information held by the specific website. This then responds using cookies sent to your device, however this is not always encrypted. Because of this a hacker can hijack your session and can gain access to any private accounts you’re logged into.
To avoid any cyberattacks through illegitimate WiFi, our SpriteGuard device can be installed. SpriteGuard’s innovative, one of a kind technology shields the public from fraudulent open access WiFi connections, allowing them to connect to an organisation’s secure network infrastructure only. With SpriteGuard, businesses can be 100% confident that their guests are connected to their own WiFi, meaning they avoid being financially liable and ensuring their hard-earned reputation remains intact.
WiFi Securities’ mission is to protect businesses and the public from cyber-criminal activity. Contact us today for more information on how our SpriteGuard™ device can protect you and your customers.
enquiries@wifi-securities.com
+44 (0)151 230 2161
Twitter: @wifisecurities
Facebook: @wifisecurities
LinkedIn: WiFi Securities
