Tuesday, October 11, 2016

What You Can''t See Can Hurt You(r Data)

   "It is all around us, even now in this very room. You can see it when you look out your window or when you turn on your television. You can feel it when you go to work, when you go to church, when you pay your taxes.."

   It's "all around you. Here, between you, me, the tree, the rock, everywhere."

   No, not the Matrix and not the Force, but a more insidious power... WiFi!

   Public WiFi is everywhere.  Many stores, malls, airports, cities and even parks offer it.  Sometimes it's free and sometimes not.

   It's US Cyber Security Awareness Month so it's a good time to think about the risks of using public WiFi and how to protect yourself.

   There are definitely risks in using public WiFi including:
  • pushing software - WiFi can be configured to send software to your device when you connect.  That might be OK at home or important in the office, but it can be misused by an attacker out in public.  Don't install software offered to you on a public WiFi.
  • redirecting your browsing - a WiFi connection can control how you get to websites.  If an attacker controls the WiFi, they can cause you to go to copycat websites with malicious software or to phishing sites.
  • evil twin attack - you know when you're at the coffee shop and you can connect with a WiFi connection that has the same name as that coffee shop?  How do you know it's really the coffee shop's connection?  You don't.  Anyone can buy a wireless router at the store for $25, put it anywhere, and name it anything they want.  Using a deceptive name for a WiFi connection to lure people is called the evil twin attack.
  • are you encrypted? - VPNs, Virtual Private Networks or secure connections, are a great way to protect your data when connecting over unknown networks... like the Internet!  However, you first have to connect to the Internet before establishing the VPN.
Here are some tips to reduce your risks of using WiFi outside your home or office:
  • use your smartphone hotspot - if this is a feature of your mobile phone and plan, you can use your phone as a WiFi hotspot and connect to it.  You then can feel confident that your connection is going through your cellular carrier.  Warning... this will use your mobile data and may cost you extra depending upon your plan and data limits.
  • only use wifi with a password or passphrase - even if everyone knows the password.  Using WPA or WPA2 with a password/passphrase means that every connection between a PC and the wireless network is encrypted.
  • turn off file sharing - in Windows you can designate a network as public, work or home, or you can directly turn off file sharing.  Here's an article with the instructions.
  • if possible don't use open wifi in very open areas - the more open an area you're in, the harder it is to figure out if you're connected to a legit WiFi.  And...
  • be aware of your surroundings - it's not strictly a WiFi issue, but when you're on public WiFi you're in... Public!  Protect your screen.  Protect your passwords.
   Even if you do all this, a skilled attacker can still cause you problems on a public WiFi network.  So, if you have to use public WiFi, try to:

  • limit personal info - even if it looks like a website is https, do your personal business from a secure connection at home
  • same for banking, shopping - definitely save your financial transactions for known secure connections
  • use care with confidential work data - you should use care when dealing with critical work data, particularly if you work with other peoples' personal data!
   Here are a few articles with more info.

   As a side note, there are also questions about potential health risks of all the wireless signals in our environment.  It's hard to separate fact from speculation and wireless may or may not be a health issue.

   In the future we'll see even more wireless than we do now.  And we'll also see better wireless network security.  Many new cars come with WiFi hotspots and more cities and municipalities are offering wireless. 

   What are your tips for public WiFi safety?  Have you ever come across an "evil twin" WiFi network?

No comments:

Post a Comment