How safe are open wifi networks
Discover easy steps to safeguard your digital privacy in public. Learn about the risks of using public Wi-Fi and find straightforward tips, like using VPNs and browser security features, to keep your information secure from cyber threats
Introduction:
Imagine going to your favourite coffee shop and connecting to their free wifi while sipping hot coffee and replying to emails. Everything feels so cozy with wifi speeds as fast as your home but at a public place. However, upon logging in, you're unexpectedly redirected to another login page and receive a notification of a successful login. It wasn't you. How did someone else gain access to your credentials?
This and other methods that hackers use to hack you are going to be discussed in this blog.
MITM (Man in the middle) Attack:
The above-mentioned attack is an example of a man-in-the-middle attack also known as a (MITM). Normally your device sends a "get request" to the router to get the web pages from the internet but in the case of the MITM attack the hacker situates themselves in the middle of your device and the router intercepting all the requests and when your device sends a “GET request” for the login page the hacker intercepts the request and send you a fake login page that logs all the credentials and send it back to the hacker.
File sharing:
Since most of us use our laptops when we go to work in public places, device misconfiguration, particularly in file-sharing settings is commonly ignored. This can give the hacker access to all the files on your device. If you have never touched this setting and trusted the network, there are high chances that file sharing is open without any password, which makes it even easier for an attacker to steal any and all sensitive data from your device.
Remote code execution:
If the device that you are using contains a program or application that has a vulnerability or if the device has a misconfigured remote control software enabled, any attacker on the same network can easily exploit the vulnerability and gain full access to your device, this time the attacker is not limited to the files or data, anything about your device can be controlled by the attacker. The attacker can take remote photos from the camera, any malicious code can be run without asking any permission or the attacker can snoop through your texts without the need to login to your accounts.
How to protect yourself against this type of attacks:
Here are some steps to protect yourself if you have to use open wifi networks.
1) Use a VPN:
A VPN or a virtual private network routes your traffic to another server, this shows your location as the server's location instead of your actual location, this also prevents you from being a target of a MITM attack by encrypting and passing your traffic through a server based in the region that you have selected.
2) Use Modern Browsers:
Using modern browsers helps you protect yourself from these MITM attacks as most browsers constantly push out updates to patch any major or minor vulnerabilities. Some browsers have features that auto upgrade HTTP connections to HTTPS (if the website you are using has an HTTPS version of the website available) which encrypts the traffic between you and the website.
Browsers such as Brave have an inbuilt ad blocker and tracker blocker which stops sites from collecting your data (to a certain extent) with the added benefit of not getting annoying ads on web pages.
3) Do not login to your accounts:
When using a public wifi network make sure that you do not login to your personal social media accounts or any other account, if the network is compromised or if the website you are using does not encrypt your traffic then your details can easily be captured by a malicious actor connected to the same network.
4) Be Aware of the links you click on:
Never click on links you receive from an unknown source. It is easy to fake an email to show that it has come from a friend or a business colleague, these links can contain phishing pages that can steal your credentials if you login on them, some pages can steal your information without the need to even login.
The same goes for many famous file extensions, some examples are:
PDF files
EXE (windows executable) files
PNG (image) files
JPG (image) files
5) Manually Type in the URL of websites:
This might sound very time-consuming but it is very easy to disguise fake links as real links, so typing out links that lead to important websites such as banking sites or social media platforms can give you a peace of mind that the website you are visiting is the real one.