Story image

Public Wi-Fi - how risky is it?

13 Jul 15

Businesses may be unaware of the risks involved when using public Wi-Fi, according to a new experiment conducted by F-Secure. 

The security and privacy software firm says businesses must understand the risks involved and put protection measures in place. 

F-Secure teamed up with three prominent UK politicians to hack their systems, in order to demonstrate that public networks open up a range of attack options for malicious hackers.

The team accessed one politician’s email account despite his strong password.

“Public Wi-Fi is inherently insecure. It took the team less than 30 minutes to hack all popular devices and, in some cases, it took less than five,” says Adam Smith, country manager, ANZ, F-Secure.

“The hackers collected detailed browsing history, VoIP phone calls, email accounts, all email history and contacts, online financial services, and social media accounts. Once an account has been hacked, it is relatively easy to access other accounts, such as Gmail and PayPal, as people tend to only use a couple of passwords. Cracking an email account is valuable because people often store other account and password details in their email.”

The team intercepted and recorded a Voice over IP phone call made by another politician from his hotel room, Smith says. They used technology freely available on the internet and easy to master. 

A third politician was browsing the internet in a café when the ethical hackers sent her an email telling her to log back into her Facebook account. When she did so, the hacker obtained her login details and accessed her Facebook account.

“Accessing a Facebook account may seem trivial but a smart attacker knows that the information they can gain from Facebook is useful,” Smith says. 

“For example, by knowing your interests, they can craft a phishing email that you are more likely to open. Alarmingly, some people use similar passwords for their Facebook account and, say, their PayPal account, which leaves them open to financial losses,” he says. 

“Once a hacker has accessed personal accounts, the next step is to use that information to access business emails and corporate networks. At this point the risk is no longer just personal; the person’s employer is now likely to be attacked.

Smith says despite the risks, people shouldn’t be feel afraid to use public Wi-Fi. “They should simply take steps to protect themselves and the companies they work for. I believe all businesses should mandate a security policy for employees using public Wi-Fi,” he says.

F-Secure has identified five tips to stay safe on public Wi-Fi:

1. Use a virtual private network (VPN). These can be downloaded as an app for phones and tablets.
“F-Secure’s Freedome VPN encrypts all data travelling from the device to the network,” says Smith. “This means hackers can’t steal anything useful. Simply turning on the VPN gives users the best protection possible to stay safe over public Wi-Fi.”

2. Turn off sharing. If your device is set up for sharing, disable these settings before logging into a public Wi-Fi network.

3. Control your connections. Many devices are set up to automatically connect to wireless networks but you can turn this off. This protects you from malicious networks set up specifically to steal your information.

4. Use two-factor authentication. This type of authentication most commonly involves a code sent to your mobile phone so that a password alone is not sufficient to log into accounts such as email or banking.

5. Turn on your firewall and use anti-virus software. This monitors incoming and outgoing connections and can provide a first alert if your system is compromised.

TCS collaborates with Red Hat to build digital transformation solutions
“By leveraging TCS' technology skills to build more secure, intelligent and responsive solutions, we aim to deliver superior end-user experiences."
Twitter suspects state-sponsored ties to support forum breach
One of Twitter’s support forums was hit by a data breach that may have ties to a state-sponsored attack, however users' personal data was exposed.
How McAfee aims to curb enterprise data loss
McAfee DLP aims to help safeguard intellectual property and ensure compliance by protecting sensitive data.
HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
2018 sees 1,500% increase in coinmining malware - report
This issue will only continue to grow as IoT forms the foundation of connected devices and smart city grids.
CSPs ‘not capable enough’ to meet 5G demands of end-users
A new study from Gartner produced some startling findings, including the lack of readiness of communications service providers (CSPs).
Oracle announces a new set of cloud-native managed services
"Developers should have the flexibility to build and deploy their applications anywhere they choose without the threat of cloud vendor lock-in.”
How AT&T aims to help businesses recover faster from a disaster
"Companies need to be able to recover and continue operations ASAP, without pulling resources from other places to get back up and running."