Free public WiFi: would you throw your wallet into a fire just because it is there?  Using free public WiFi is fraught with even worse dangers.  While it may be convenient to use a city, airport, shop or fast food restaurant’s free WiFi system to catch Pokemons or perform any other action on a mobile device instead of using a Telco plan’s data, beware of hackers.

It is relatively simple to set up a man-in-the-middle attack on unsuspecting free WiFi users (marks).  All it takes is a hacker with a small WiFi transceiver configured with the same SSID (Service Set Identifier) as the target free WiFi system, such as ‘shopname’ free WiFi.  This WiFi transceiver is connected to a computing device, such as an Android/Linux/Unix/Windows phone or tablet, which is finally connected to the ‘shopname’ free WiFi.  The mark/customer connects to the hacker’s WiFi transceiver due to the stronger signal than the free public WiFi transceiver.  The connection then goes via the hacker’s device to the correct public free WiFi system, and the mark is none the wiser.

The connection path is: mark’s device -> hacker’s WiFi -> hacker’s computer/device -> free public WiFi.

This gives the hacker the ability to inspect, capture and change the entire communications between the mark’s device and the endpoint web server bank or email system the mark is connecting to; simply by using packet inspection software such as Wireshark (Windows/Unix/Linux) or Packet Capture (Android).

The end result is that by using public WiFi, the mark is opening the device up to interception, hacking and having trojans, worms, keyloggers or viruses placed on it; obviously without the knowledge of the mark.

Moral of the story? Don’t use public WiFi, regardless of how desperate you are to save the data on your phone or other device.  Especially, do not use public WiFi for internet banking.

Are you protected by Certified Ethical Hacker?

Terry Principal Technologist: Security



Feature Articles


Blog
2024-2025 Government Budget: Focusing investment in cyber security skilling
By Jeremy Daly | 1 July 2024
eBook
Get your teams up-to-speed with ITIL® 4
22 May 2024
eBook
Elevate your business and career to new heights
22 May 2024
Blog
Understanding PRINCE2 Version 6 vs 7: Themes, risks & issue management
By Fred Carenese | 21 May 2024
Blog
How did your incident management plan stand up to the CrowdStrike outage?
By Gary Duffield | 23 July 2024
Blog
How to improve your AWS AI skills with Lumify Work training options
By Leif Pedersen | 3 July 2024
Blog
Transforming Your Business and Workforce with Microsoft AI Training
By Leif Pedersen | 30 July 2024
Blog
The Growing Importance of Management Skills and the AMA CPM Certification in 2024
By Gary Duffield | 29 July 2024