Free Wi-Fi is one of the most coveted resources of any seasoned traveller, but the good also has a dangerous side. Public access is just that, and your data and other sensitive information is potentially at risk. There is also an increased risk of viruses and other malware. Even on networks with passwords, there are still other users with unknown intentions. Fortunately there are a number of ways, from simple to more in depth that can help make Wi-Fi use a little less risky.
Casually browsing the internet at your local coffee shop or jumping onto the free airport Wi-Fi might not seem like risky behaviour, but there are a number of potential issues with serious consequences.
A common Wi-Fi attack is called ‘the man in the middle’. An unscrupulous person creates a working Wi-Fi network with a legitimate sounding name — like ‘Free Library Wi-Fi’. An unsuspecting user connects, and the network logs everything they do. From passwords to bank details, sensitive information can be stolen. It could also redirect the users to malicious sites that can impersonate banks or install malware that gives further access to your computer. Public Wi-Fi also leaves your computer open to attack from the other users on the network, even if the Wi-Fi itself is legitimate. Avoid public networks that don’t have security and a password enabled, as all data is sent unencrypted and can be easily recorded.
PLAYING IT SAFE
When it comes to free Wi-Fi, it’s always better to be safe than sorry. Fortunately most attacks are fairly basic, and following a few simple procedures will ensure you’re not an easy target.
Don’t jump onto seemingly open Wi-Fi networks willy nilly — try and verify the name with the business providing it. Even if you are sure that public Wi-Fi is legitimate, never log into your bank account when not using a trusted private network. Sometimes when travelling its necessary to make an online payment over public Wi-Fi. In such a case it is best to use a credit card. In the event the details are stolen and fraudulent charges are made, the company can simply reverse them. Just make sure you check your statement for erroneous charges.
One of the simplest (but not most convenient) ways to get extra protection is to turn off Wi-Fi when it’s not in use. It’s always worth setting your computer or mobile device to forget Wi-Fi once disconnected, so it can’t automatically connect in the future.
Don’t click on any pop-ups (such as ‘updates’) when on public Wi-Fi, as they can be attempts to install malware.
For Wi-Fi security on your computer, it’s necessary to turn off file sharing. Leaving it turned on can give other users access to your files, or let them copy malicious software to your computer. In Windows, turn off sharing and network discovery in the ‘Network and Sharing Center’. OS X users need to navigate to the system preference, sharing, and de-select all the options.
In Windows, you can set networks as public (rather than private) and sharing and security settings will be enabled by default. For extra safety, configure the system so that all new networks are treated as public, while your home network is the only one set to private.
It’s also important to ensure that your operating system’s built in firewall is activated. Safe programs can be given access through the firewall. Turn on the Windows Firewall through ‘Control panel > System and Security’. On OS X, the setting is under Security, in System Preferences.
SSL (Secure Sockets Layer) is a security technology that establishes an encrypted link between you and a website. Even if an attacker was to access the data sent and received, the encryption protects sensitive details such as passwords. SSL is now quite common and is available on websites from bank accounts, to email and even Facebook. SSL security is designated by https (rather than http) at the start of the website and displays a padlock.
Many websites enable it automatically, though for some it can be enabled manually simply by adding the ‘s’ to the URL. The major web browsers also have extensions (such as HTTPS EveryWhere) that can be installed to always enable SSL, or warn you if it’s not available.
In general, smartphones and tablets don’t have the same default networking sharing options as computers. That doesn’t mean they are impervious to attack though. As always, connect with HTTPS whenever possible. Don’t use financial apps either. If you can, for sensitive information, use a mobile data connection instead of public Wi-Fi.
It’s also very important to keep your phone up to date. Older devices without the latest software or patches can be more easily exploited through known security flaws.
Once you have finished with a network, have your mobile device forget it, so it won’t automatically connect again. This protects you from unknowingly connecting to a hacker network using the same name as a previously trusted network. Likewise, simply turn off Wi-Fi when not in use.
Aside from being smart with your Wi-Fi choices and customising your OS settings, there is a range of free and paid software, apps and services available to improve security. Perhaps the most useful and versatile is a VPN. A Virtual Private Network creates a secure connection between your device and a remote server. All website traffic is encrypted, protecting it from anyone snooping or trying to steal information. VPN software and a server is available for a computer and costs around $15 a month. Two reputable services to get started with are TorGuard and CyberGhost. Many VPN services can also be used on your smartphone or tablet for extra protection.
There are also a range of programs available that can help users track and manage their network settings under Windows and OS X for increased security over the default options. A good starting point is ControlPlane for your Mac, or NetSetMan for a PC.