It’s always a good time to talk about security, and with a government initiative on smarter online practices this week, we’re helping out asking the important questions, like whether free WiFi networks are safe.
You see them everywhere you go. If you sit down in a small coffee shop for a bite to eat, or when you’re waiting for a flight at the airport. They’re in stores, malls, and are beginning to be spread around cities.
They are free wireless networks, and you can usually identify them quite clearly when a company has a sign or sticker outside the door proudly proclaiming “Free WiFi”.
These days, everyone is doing it, as free WiFi becomes the initiative to get people in your store, almost as if it was the digital equivalent of “if you build it, they will come”: provide internet access, and people will come, shop, be merry, and all that jazz.
But are these networks safe, and in an age where mobile connectivity is practically everywhere, does the benefit of “free” outweighs the cost of security?
The matter of “free vs secure”
One of the issues with “Free WiFi” is the question of security, because not all networks have it.
It seems strange in this day and age not to have a modicum of security, but here we are, with some WiFi networks doing just that: they’re open because they’re free, and that’s how you identify them as such.
In fact, even if the network has security, it may be a loose interpretation of the word simply to keep out people who aren’t patrons of the store or presence, because everyone has likely been given the password thereby opening it up.
We need to note this doesn’t necessarily make it unsafe, but rather unsecure, and while WPA2 password encryption is secure, handing out your password to every passerby is not.
With situations like these, stores and cafes aren’t likely to monitor everything happening on their network, and so if other aspects of their network security aren’t very good, or patrons using the WiFi have no security on their devices (or even trusted sharing), computers can be easily broken into, and so can other devices.
The Australian Communications and Media Authority (ACMA) has some words on this very issue and even points out a demonstration that allowed a seven year old girl to break into a WiFi hotspot after watching video tutorials found on the web.
While these sorts of situations aren’t necessarily indicative of all WiFi networks, they do bring you back to the idea that “free” isn’t necessarily “secure”, because the two have nothing to do with each other.
They can, but they usually don’t, and that’s not even the biggest issue with free WiFi.
Remember the phrase “stranger danger”?
For a lot of kids, this concept once taught being weary of strangers, warning children and teens not to approach or even travel with someone they don’t know, even if they try to lure them over with sweets, money, or the promise of something else.
We wouldn’t be surprised if stranger danger was still part of the lessons for kids these days, but it should also probably play a part in the web training of everyone online, because much like stranger danger, the problem with unknown WiFi lurks in what you don’t know.
For instance, when you go home, you know the WiFi network you’re joining. You may own it, or your parents may own it, or someone you’re familiar with is running it because they need internet access wirelessly around their home.
But with free WiFi offering very little security or a shared password that’s common and rarely changed, free WiFi is as close to being unknown as it gets.
If the network isn’t set up in a secure fashion from a structural point of view, it’s very possible that a nefarious individual could monitor your transmissions, grabbing information that you otherwise thought was secure, logging it without you realising anything was happening.
“Public or free WiFi networks can be very convenient, however, they also put individuals at greater risk of being exposed to online risks, such as malware, and make us more vulnerable to an attacker looking to intercept our data through the open network,” said Andy Hurren, Solution Architect at Intel Security.
“People also need to be aware that some networks offering ‘Free WiFi’ are not legitimate connections,” said Hurren, who added that “these can be planted by an attacker by using words like ‘free’ and the name of a location or business nearby to lure browsers and steal their information.”
As strange as this might seem, it’s very true, and has become a somewhat common way for scammers to take information, grabbing data transmitted by web browsers and using it for something else.
Mobile hotspots aren’t complicated to create, and anyone with a smartphone likely has an easy way to create a gateway called “Free WiFi” that can be configured as a portal for people to take information.
Granted, the setup of this is a little more difficult than just sharing your phone’s mobile access with a few other devices, but if you’re in it to capture banking or personal details, it is very, very possible.
The importance of protection
While it might seem like we’re down on free WiFi, we’re actually all for the idea, especially since it could be the way cities eventually spread internet access, particularly in locations where mobile towers just aren’t doing their job.
But liking free WiFi doesn’t mean going in unprepared, and so if you do feel use a lot of free internet, consider grabbing an application designed monitor your access. We’ve already seen one from Symantec, and imagine there are probably a few out there from other security companies, as this will no doubt be a big area for many.
This mostly handles your phone and tablet, but you won’t always find software that deals with this dilemma for your computer, so in these situations access to a virtual private network or “VPN” is very handy.
These services act as a go-between, often encrypting information and even offering support to send the data through to a different location, allowing you to simulate being an internet user in a different country.
“If you are travelling regularly and need to connect to WiFi, it’s a great idea to invest in a VPN, this encrypts your activity which means your login details and other sensitive information are protected,” said Hurren.
Another option to deal with the free WiFi issue is to not use WiFi at all, ditching the wireless network and opting for your mobile access instead.
Overseas, this can obviously get expensive, but when you’re in your home town, there’s a very good chance you’re using 3G or 4G access on your mobile provider.
When you’re out and about, you’re probably not going to be downloading large quantities of data, instead using any internet access to check email, surf the web, do the social networking thing on Facebook and Twitter, and possibly a few other things.
These activities don’t take up huge amounts of data, and with mobile data plans being what they are these days, it may not even be worth using free WiFi at all.