The hidden dangers of public wi-fi: keeping your mobile devices secure
It’s second nature to many business travellers. You need to send some urgent emails or resolve a pressing client matter, so you connect to the departure lounge or hotel lobby Wi-Fi to improve slow speeds. In fact, 35% of people access public Wi-fi, three to four times a month. But how much do you know about that connection and what kind of risk does it expose you to?
If you deal with high value or sensitive information and have a public profile, it is essential you are aware of the dangers and how best to protect your device when using public wi-fi.
You’re not alone
Signing onto a network unlocks more than you may realise. Once you’re on a public network, anyone else on that network, or even the network administrator could monitor your online activity. For example, they may try to understand what devices you own, see which websites you are visiting, the emails you are sending, or even try to capture your credentials. These in turn could be used against you to commit blackmail, extorsion or inform a spear phishing campaign. The use of trusted data points provide legitimacy to a well-crafted attack, encouraging you to let your guard down, thereby exposing your device to compromise.
Fraudulent networks set up to look like legitimate known networks are also a very real threat.
If you regularly visit the same coffee shop for example, you may have the network saved and feel that this is trustworthy. But serious cyber criminals can spoof one of these networks fooling your device to connect automatically, putting you even closer to the attacker.
Are ALL public Wi-Fi networks risky?
In short, yes. A public Wi-Fi is any network that is accessible by people without any prior relationship with the network owner. This includes anything that isn’t a residential network or your corporate network, regardless of the type of authentication (or not) to gain access.
The openness of these networks are easily exploited by hackers in a multitude of ways, from malware distribution to meddler-in-the-middle attacks, exposing you and your phone’s data. With four in ten people having had their information compromised while on public Wi-Fi, the chances are higher than you may think.
Protecting your device
The best way to protect yourself from attacks on public Wi-Fi networks is simply to not use them. But if using public wi-fi is simply unavoidable, basic protections need to be in place.
Firstly, it’s essential to keep on top of your known networks. If you have previously connected to a network, your device will remember the password and automatically connect the next time you are in range. Regularly clearing or forgetting Wi-Fi networks that you have used before in your phone settings is a simple step in maintaining good digital hygiene, preventing the device from connecting without your knowledge.
The second simple protection to consider is using virtual private networks (VPNs). There are plenty of easy-to-use VPNs available and most of them will do a sufficient job of protecting you from local network attacks. However, many VPN apps don’t operate in what is referred to as ‘always on’ mode. This is where the VPN connection must be established before any network traffic can leave the device. Without this feature, your device can communicate with websites over the public Wi-Fi without any protection, while it is waiting for the VPN to connect. This window of time leaves you vulnerable to attack. Access to a VPN that operates in an always on manner will ensure that all the network traffic is protected from adversaries on the local network.
About the author
Luke Smyth is CTO at coc00n, responsible for the technical direction of the company as well as leading the development of new and existing client services. Before coc00n he worked at GCHQ for almost a decade and developed his expertise in government-level system administration, security architecture and software development. Projects included devising cyber security solutions for critical national infrastrcuture and working with the NHS during COVID. He has authored best practice guidance and white papers on behalf of the National Cyber Security Centre – the UK’s technical authority.
About coc00n
coc00n provides personal device protection for high value and high risk individuals at a level previously only available to those under government protection. With our secure configuration, devices start and remain in a known good state.
Our proactive protections provide complete data privacy via a bespoke Always on VPN; secure browsing blocking malicious links and harmful attachments, and a secure email service that protects against inbound threats and outbound risks. Contact us to find out more.