Public Wi-Fi can be very risky if users are not fully aware of it and could be used to steal private information from consumers, according to a leading IT expert. “Cybercriminals are well aware and have developed techniques to steal information, identity or passwords and money from the users who use public or insecure Wi-Fi connections,” Mohamed Djenane, Security Specialist at ESET Middle East said.
The worst thing to do is assume without verification that a Wi-Fi network is legitimate and run by a trusted establishment, he said. It might be a decoy deployed by a criminal! As a general rule, users shouldn’t connect to any network called, ‘Free Wi-Fi’- it could well be a way of getting them to sign up for a newsletter or endure adverts, even if the hotspot isn’t malicious, Djenane said. The safer alternative is to connect via a 3G or 4G data package. If it is a public service such as a coffee shop, then double checking the Wi-Fi name with a member of staff is advisable, he said.
“On-the-go access to the internet is all but unavoidable and the widespread Wi-Fi promised by smart cities will bring with it a wide range of benefits,” Djenane said. “Knowing however that our lives today are heavily set in the digital domain, protecting our online presence must become an absolute priority. This might mean placing security over convenience and being smart, rather than sorry,” he said. The hackers are monitoring network traffic and are looking for users who type in passwords to email accounts, social networks and banking websites. It is therefore best to limit activities to anything that does not require a username and password to log in, he said.
Noting that using email apps on a phone can leak data as there are plenty of free apps that hackers can use to extract this information, Djenane said. Using a secure HTTPS website, or better still encryption, was definitely the safer route. Typically, attacks on Wi-Fi hotspots are ‘man-in-the- middle’ attacks where an attacker is able to access the user’s data as it travels. That means anything financial or corporate is out, he said. Smart devices can give away a surprising amount of data from apps connecting to remote servers. It is always a good policy to police the list of ‘known’ networks thoroughly, he added.