What happens when you access a public WiFi hotspot at home, a cafe, a hotel, an airport, or any place with a WiFi signal? Whether it’s free or paid, whether you can access it with or without a user Id and password, you are vulnerable to cyber thieves prowling the network who can infiltrate your computer or smartphone and steal your personal information. In the case of the Apple iPhone and many other smartphones, the information can be collected even when users are not actively surfing the web—as long their phones are switched on. They can gain access to your e-mail accounts, social media accounts, credit card information, and steal your online identity.
With off-the-shelf software, anyone can hack your WiFi network. No public WiFi network is secure. The most innocuous hotspots, often called ‘Free WiFi’ or something generic, such as ‘AT&T WiFi’ or ‘Starbucks WiFi’ can lull us into a false sense security. We log on to the network innocently, checking our e-mail, checking Yelp. Meanwhile, hackers could be trolling the network nearby gaining access to your computer or smartphones in less time than it takes to finish that latte.
Even hotspot providers, such as BT in the UK admit to the security holes in their networks but have no timetable on a permanent fix. In one experiment in the UK, using software downloaded freely from the internet, crooks were able to set up fraudulent WiFi gateways to which smartphones would automatically connect. Once connections were made, all information passing through this WiFi gateway could be read directly or decrypted by hackers. Even if it’s an authentic WiFi hotspot hosted by Starbucks, McDonalds or a reputable company, hackers can still break into the network and get into our hard drives.
Worldwide WiFi hotspots have been multiplying like rabbits (over 90 million according to WeFi). This has lead to easier and greater internet accessibility at a lower cost for travelers. However, the risks of fraudulent access to your personal, financial, and confidential data (credit card, SSN, bank account, online shopping history, etc.) have increased.
“This is all very alarming, “ says Professor Peter Sommer, a cyber-security expert at the London School of Economics and author of an OECD study on ‘Reducing Systemic Cybersecurity Risk’. “It means that literally millions of people who use Wi-Fi in public could be at risk. If criminals are able to harvest the usernames and passwords of all the websites you visit, they could do significant damage in terms of identity theft and fraud.”
With unsecured public WiFi hotspots, it is easy for any web savvy thief to get away with the worst.
5 ways to minimize the risks of data theft:
1. Make sure your home WiFi network is secured— that means, password protected. Use your WiFi router’s encryption software (make sure to set it to WPA2, the latest standard security protocol). Don’t let anyone you don’t know have access to your WiFi network. He/she could use it to access your computer or download illegal material, e.g. child porn. In these cases, it doesn’t pay to be a good citizen and share your WiFi with the general public. When out, disable automatic WiFi connection on your laptops and smartphones to avoid connecting with fake WiFi hotspots.
2. If you are on an unsecured public WiFi hotspot, use encryption. When you log in to personal accounts, make sure your connection starts with ‘https’ (without the ‘s’, it is not a secured connection); do this for your emails like Hotmail and Gmail (unfortunately, Yahoo mail does not offer https encryption). Use https for Facebook, too. Any time you access your bank account, brokerage account, or any website with confidential personal data, make sure you are accessing a secured website as identified by https.
3. Log off when you are done— don’t stay permanently signed in. Thieves can still access your computer even if you are not using it.
4. Use different passwords for different accounts. Most of us have multiple accounts. How do we remember all of them? It’s inconvenient, but don’t use default or common passwords, such as 123456, qwerty, password, admin, etc. Check wikiHow for several suggestions to creating and managing passwords. Change your passwords on a regular basis.
5. Avoid using public WiFi for any banking and financial transactions. Perform sensitive tasks, like online banking or doing you taxes, on secured trusted networks only.
Assume the worst— that you will be infiltrated— and dodge the cyber crooks accordingly.