Using WiFi to Steal Information & Protecting Yourself

We’ve all done it, connected to public WiFi, even if you know better the temptation for free connectivity when you have none is more than most people can resist. The guys over at F-Secure showed me just how easy it is to access information off of open WiFi during Collision 2016.  At a conference full of technology folks you wouldn’t think you’d be very successful, but we got 93 people to connect to our unsecure WiFi where we could take a look at what they were looking at and potentially access their logins and passwords.

I hate to admit it, but even though I’ve seen first hand just how easy it is to potentially steal information I’m still going to connect to open public WiFi, though now I’m going to use a few tools to help keep my connection free from hackers and voyeurs.

stealing data

At home or work a group of trusted users are generally the only ones with access. Public Wi-Fi, however, is open to a wide circle of strangers that are simply in range of the WiFi signal.  If the Wi-Fi isn’t password protected a hacker could do what we did, take an existing Wi-fi Signal and rebroadcast it, so we’re just taking existing WiFi and making it available for free, under a different name. We went with _Free_Wifi placing the _ before the name ensures that it shows up at the top of the available WiFi list. This is a red flag, I wouldn’t connect to something like this, if you do make sure that you’re protecting your privacy.

How Are They Stealing My Data?

There’s likely no limit to the ways hackers can come up with to access user information. Many hackers use software to intercept signals on an WiFi connection, meaning they can see everything on a fellow free Wi-Fi user’s screen. This hacking software, called “sniffer software,” looks at traffic traveling to and from a wireless router to extract important information.

Another popular method and the one that we went with was to set up rogue Wi-Fi hotspots in areas where large numbers of users are likely to be searching for a connection. These hotspots can use generic names like “free Wi-Fi” to cause trusting users to connect, at which point their personal information can be collected.

Here are some of the screen shots of the data that i was able to see, I have not included any screenshots with names (and this was a challenge to find one without since there were so many). What was most interesting is what people were searching for, you could see what they had named their devices “Tomi’s iPhone” for example or “Ben’s MacBook Air” and what webpages they were browsing.  During a panel which granddaughter of Bob Marley Donisha Prendergast talked cannabis search terms around her name and her website filled my screen.

What You Can Do?

The best solution could come from internet providers like AT&T or T-Mobile, that serve as the largest providers of Wi-Fi in public locations. These companies do not currently encrypt Wi-Fi signals, even though doing so would help greatly in protecting consumers against fraud. However, each of these providers recommends users download their free encryption software when using a Wi-Fi router.

Of course, the best way to avoid one of these hacking attempts is to never use free Wi-Fi.

This is of course not realistic.  When you connect to public WiFi you should consider using a Virtual Private Networking (VPN) account will encrypt communication, preventing interception.  There are lots of options for VPNs out there, because I travel to China frequently I’ve gone with ExpressVPN, but it’s pretty pricey at $99.99 a year, if you sign up using this refer code you and i will get 30 free days. In terms of stability in China it is one of the better options, though if this isn’t a priority there are an abundance of other options.

F-Secure has a more reasonably priced VPN at 50€ for 3 devices for 5 year, 60€ for 5 devices or 70€ for 7 devices.  They also have another free tool that you can specifically use to keep what you’re searching for online private. F‑Secure Search, pre-screens your search results for sites that try to violate your privacy or harm your computer. This is the next step to staying safe, if you’re not sure about what sites may or may not harm your privacy and security, it is a good idea to add another a layer of protection.

vpn

A 4G-powered personal hotspot is another option for frequent travelers. This hotspot provides a user his or her own cellular connection, which can be set up to be secured by a password, just as a home Wi-Fi network is. This option generally costs more than many cell phone plans, however, so it may not be an option for users on a budget.

For those who must regularly use Wi-Fi, there are several steps you can take to keep hackers out. First, it’s important to clarify the name of a free Wi-Fi network before choosing to join it. If the network isn’t password protected, it might be a good idea to stay away. Lastly, when using public Wi-Fi, try to avoid logging into sites or entering information like credit card information or social security numbers. While this isn’t a guarantee that information won’t be compromised, it’s a good idea not to make the hacker’s job any easier.

Travel and Accommodation was provided to Collision 2016 by F-Secure – All thoughts and ideas are my own.