Wi-Fi has significantly changed the way we work and play, enabling us to interact with the digital world from anywhere in the physical world. Furthermore, free Wi-Fi access is on the rise, from local coffee shops to international restaurant chains. However, the convenience of free Wi-Fi comes with some real threats, from computer viruses to identity theft.
Wi-Fi is a type of wireless local area network (WLAN) technology that enables an electronic device such as a laptop or smartphone to exchange data or connect to the Internet using radio waves. The core technology behind Wi-Fi is a device called an access point, which acts like a bridge between the wired network and the Wi-Fi network. The access point, in turn, typically connects to the Internet via a network router.
To prevent attackers from stealing data, Wi-Fi includes a set of protocols for user device authentication and data encryption. These protocols, which reside on both the access point and the connecting device, use a pre-defined passphrase or other form of unique identification to authorize the user and encrypt data so that it can only be accessed by a designated device. WPA2, the currently recommended security standard, uses a pre-shared key (PSK) in the form of a series of text letters to authenticate users and encrypt data. Below is a high-level description of how an electronic device and an access point communicate using the WPA2 protocol (i.e., the “four way handshake”).
Public Wi-Fi risks
Public access points, called “hotspots,” allow many people within a specified area to tune into a specific radio transmission. In other words, everyone sitting in a Starbucks cafe can access the “Starbucks Wi-Fi” channel to connect to the Internet. Unfortunately, public hotspots also allow anyone within the area to potentially read data that is not addressed to them. Below are some common ways that your privacy can be breached while using public Wi-Fi.
* Network Sniffing. To steal your personal information all an attacker needs is a “sniffing” application that intercepts and gathers all visible traffic on a channel. Although WPA2 encrypts each connection between a Wi-Fi network and a user’s client, it is only designed to keep people who do not know the PSK off the network. If an attacker sniffs the four-way handshake and captures the PSK, he can decrypt all the traffic designated to your device until the PSK is changed. Even if the attacker doesn’t have the PSK, he may try to sniff the data itself and then try to use brute force to discover the key. The quality of the PSK that a wireless network administrator selects (i.e., length, different letter cases, use of symbols or known words) can have an impact on how easy or difficult it is to obtain the key.
* Third-Party Data Gathering. Even without the presence of active data hackers, your privacy is never guaranteed when you access a public hotspot. Often the biggest breaches of privacy are performed by the very establishments offering free Wi-Fi. Sometimes Wi-Fi is used to identify potential customers who are located in the vicinity of the access point, and sometimes it’s used to track the websites that a user visits for statistical or advertising purposes. Although not specifically malicious, this third-party data gathering can still be intrusive. Below are some common techniques that hotspot providers use to obtain information about Wi-Fi users.
- Asking visitors to leave their phone number or email in exchange for the PIN to access the Internet.
- Asking visitors to share something via a social network or give a program access to their social identity (e.g., to display targeted advertisements)
- Leveraging multiple access points to triangulate the visitor’s physical location based on Wi-Fi signal strength (for example, to track their route through a store or to identify which establishments are currently the most crowded/popular)
- Injecting cookies into their browser to track their history (e.g., to display targeted advertisements)
* Malicious Access Points. Since there are often multiple networks to choose from, you often guess which hotspot belongs to a specific venue. Some Wi-Fi users will even connect to a completely unknown network simply because it is unlocked. Obviously this practice poses some serious risks, especially if the access point is malicious or being manipulated by an attacker.
One of the biggest threats is “page spoofing,” where a malicious access point controls a domain name resolution (i.e., how a domain name is translated into its numerical IP address). In the normal DNS resolution process, a user’s client will communicate with a server in order to connect to the Internet.
In a spoofing attack, a hacker creates a fake version of a website in order to steal credentials. For example, you may be asked to “like” something on Facebook before you can access the Internet and then be directed to a fake Facebook login page that looks like the real thing. As you log in, this fake page would record your credentials, show a login error, and then redirect you to the real Facebook page for a “second attempt” at logging in. Before you’re even aware of what has happened, your social identity has been stolen.
Another tactic, commonly referred to as the “Evil Twin Attack,” leverages a fake access point to hack your data. This tactic is most often attempted in public parks or other large, unmonitored areas. Using a laptop with a wireless card, the attacker will access a legitimate access point to create an “evil twin” access point with a similar name. Imagine for a moment that you are at your local park, and your iPad detects a free Wi-Fi hotspot named “CityPark1.” Many of us would probably connect to the network based on its name alone. However, by not confirming the legitimacy of an access point before connecting to it, you enable attackers to gather an even wider range of personal information.
Strategies for securely using Public Wi-Fi
Even without an elaborate phishing scheme, it is impossible to completely secure a public hotspot. In fact, most venue access points will only display an end-user agreement (EULA) or advertisement before allowing users to connect to the Internet. While some venues do print out the PSK on a receipt so only patrons can use their Wi-Fi, it is still a shared key for all patrons. As such, data can be passively collected from radio waves and then decrypted at a later point.
To ensure secure communication, each user must obtain a unique PSK before connecting to an access point, which is simply too difficult for most public venues to manage. Some network operators like Verizon enable users to more securely access hotspots by obtaining credentials via a secure cellular network and then authenticating users to the access point, but this approach is currently limited to cellular network providers and has its own set of security concerns.
Even though technically there is no connection between the public Wi-Fi network and a user’s home network (i.e., different SSIDs and IP addresses), there is still the concern that a hacker can connect to a network hosted on the user’s device and exploit any potential vulnerabilities.
Although you always run a certain amount of risk when connecting to a public Wi-Fi hotspot, there are certain measures you can take to protect against attackers. Here are the most common precautions:
- Always confirm the legitimacy of a Wi-Fi network before connecting to it; do not rely on the name alone. If there are multiple access points for the same venue, ask a staff member which one to use. Similarly, be sure to read that venue’s Terms of Service carefully to ensure that your privacy will not breached.
- Ideally, you should only use public Wi-Fi to browse websites that do not require login credentials (e.g., news forums, etc.). However, if you do need to access sensitive data or enter login credentials (for, say, email), only go to websites that start with HTTPS (a more secure version of the standard HTTP web protocol). Just be aware that even if a website uses HTTPS for the majority of its content, the images on that website might still be distributed via HTTP since links are not typically encrypted. However, most current web browsers will warn you if this linked content is unsecure or when the certificate from a secured HTTPS site is not valid or verifiable.
- Never install software while using public Wi-Fi, as it could introduce viruses into your computer. For example, a common attack is to inform the user that his browser is using outdated Flash and then redirect the user to a fake Adobe website that will install a virus instead of the real software.
- A good way to ensure security while accessing public Wi-Fi is to use a VPN. A VPN essentially creates a tunnel between your device and a third-party server. All data that passes through this tunnel is encrypted and therefore hidden from both the Wi-Fi provider and anyone trying to sniff the network. If you cannot access a VPN through your company, consider installing a trusted third-party VPN like Private Wi-Fi that uses Open SSL or IPSec.
It is easy to take free Wi-Fi access for granted. Unfortunately, as public hotspots become more prevalent, so will hackers. Your best protection against data theft is a solid understanding of Wi-Fi and its vulnerabilities and taking a few commonsense precautions.
Kasten is AVP, Business Development, Okhrimets is Senior Project Manager, and Kharchenko is Director of Engineering at GlobalLogic. With headquarters in Silicon Valley, GlobalLogic is a 6,600-person full-lifecycle product development services company with design and engineering centers around the world. The company works with more than 80% of the world’s top technology brands to create products, discover new revenue opportunities, and accelerate time to market within digital media, electronics, healthcare, infrastructure, finance, retail, and telecom industries.
This story, "Is it safe to use public Wi-Fi networks?" was originally published by Network World.