We’ve all been at an airport or coffee shop and checked our phone to see that our internet connection is incredibly slow. You curse the heavens in frustration and then you notice that they offer free WiFi. “What fortuitous circumstances!” you think. You look on your phone for what networks are available around you and you see:
Uh……. ok…… which one do you choose? They all seem like Starbucks owns all of these so you go ahead and connect to the first one. After a few days you notice your credit card has some weird unauthorised charges. “That’s odd” you think, “maybe it had something to do with that free WiFi I connected to….
While connecting to free WiFi networks seems like a good idea, it can be extremely dangerous. The danger is that it is incredibly easy to setup your own WiFi network at these locations. An attacker buys a relatively inexpensive tool, which he can set up at any location and give it any name they like. Victims will think that the network is legitimate and connect to the attackers WiFi network. After connecting, the attacker can now see the traffic going between the victim and the internet, effectively spying on all the traffic going back and forth between the victim and any site they are browsing. This is what is known as a ‘man in the middle’ attack.
1) I always like to turn off WiFi if it’s not being used. This serves two nice purposes. It saves your battery, which is always nice, and it protects you from having your device connect to an undesirable WiFi network without you knowing it.
2) If you need to connect to a WiFi network confirm the name of the network with someone at the business. Often in airports there will be official signs with the networks name on them hung throughout. Smaller locations are tougher because attackers can make very convincing fake signs and sprinkle them throughout the business. In these cases I like to ask someone working there what the network name should be.
3) Never trust a WiFi network. I never do any banking, purchasing or sensitive transaction while connected to a public WiFi network. Save that for home or a WiFi network you know and trust. It’s just not worth it. If you absolutely have to, make sure the site is using “https” in front of the URL.
4) If you do connect to a public network, use your phone or computer’s ‘forget network’ feature after you’re done. Your phone will have a list of all networks it’s connected to in the past somewhere within your WiFi settings panel. If WiFi is enabled your phone will automatically connect to these networks. To prevent it from doing that, always go into this settings and either long hold them or select the options menu and select ‘forget network’. This will prevent your phone from automatically connecting.
By Ryan O’Leary, Senior Director of the Threat Research Center at WhiteHat Security