The dangers of public Wi-Fi: five tips to stay safe

A hacking experiment conducted by security and privacy software company F-Secure has shown the dangers of using public Wi-Fi.

By hacking three prominent UK politicians (with their permission), F-Secure demonstrated that public networks open up a range of attack options for malicious hackers.

One of the politician’s email accounts was accessed by the team despite his strong password.

“Public Wi-Fi is inherently insecure. It took the team less than 30 minutes to hack all popular devices and, in some cases, it took less than five,” said Adam Smith, F-Secure ANZ country manager.

“The hackers collected detailed browsing history, VoIP phone calls, email accounts, all email history and contacts, online financial services and social media accounts. Once an account has been hacked, it is relatively easy to access other accounts, such as Gmail and PayPal, as people tend to only use a couple of passwords.

“Cracking an email account is valuable because people often store other account and password details in their email.”

The team intercepted and recorded a voice over IP phone call made by another politician from his hotel room. They used technology freely available on the internet and easy to master. A third politician was browsing the internet in a cafe when the hackers sent her an email telling her to log back into her Facebook account. When she did so, the hacker obtained her login details and accessed her Facebook account.

“Accessing a Facebook account may seem trivial but a smart attacker knows that the information they can gain from Facebook is useful,” said Smith.

“For example, by knowing your interests, they can craft a phishing email that you are more likely to open. Alarmingly, some people use similar passwords for their Facebook account and, say, their PayPal account, which leaves them open to financial losses.”

Smith said that once a hacker has accessed personal accounts, the next step is to use that information to access business emails and corporate networks, which can also open up the person’s employer to an attack.

F-Secure identified five tips to stay safe on public Wi-Fi:

1. Use a virtual private network (VPN). These can be downloaded as an app for phones and tablets. Smith said F-Secure’s Freedome VPN encrypts all data travelling from the device to the network. This means hackers won’t be able to steal any useful information, and by simply turning on the VPN, this gives users good protection to stay safe over public Wi-Fi.

2. Turn off sharing. If your device is set up for sharing, disable these settings before logging into a public Wi-Fi network.

3. Control your connections. Many devices are set up to automatically connect to wireless networks but you can turn this off. This protects you from malicious networks set up specifically to steal your information.

4. Use two-factor authentication. This type of authentication most commonly involves a code sent to your mobile phone so that a password alone is not sufficient to log into accounts such as email or banking.

5. Turn on your firewall and use antivirus software. This monitors incoming and outgoing connections and can provide a first alert if your system is compromised.

“Public Wi-Fi is a fantastic service and people shouldn’t feel afraid to use it,” said Smith.

“They should simply take steps to protect themselves and the companies they work for. I believe all businesses should mandate a security policy for employees using public Wi-Fi.”

F-Secure worked with penetration expert Mandalorian Security Services and the Cyber Research Institute to conduct the test.

Image credit: ©kentoh/Dollar Photo Club