October 13, 2015 | Category: Cyber Security | Tags: , , Views: 2572

I Pity the Fool Who Uses Open Wi-Fi Networks

I walked into FedEx Field for the opening home game of the Washington Redskins. The stadium now offers complimentary Wi-Fi access.  Maybe I didn’t notice it last year. Perhaps Dan Snyder added the benefit to deter critical looks at the advertising banners covering empty seating.

As a person who lives conservatively with 1 GB of data monthly on the wireless plan, this seemed remarkably convenient during the NFL football season. Now I could check Instagram, search for player data, and refresh fantasy football scoring without worrying about going over on the data allowance.

This is good and terribly bad. Everyone loves the idea of free Wi-Fi, but how many people consider the security implications?

The Bad

After this ground breaking revelation another terrible thought emerged out of the fantasy football frenzy. Free stadium Wi-Fi for 80,000 fans, staff, coaches, whomever, is an absolutely atrocious idea.

Before arriving at Phoenix TS I lived in the dark ages where open wireless networks were gold mines, local router passwords didn’t exist in my mind, and cyber security was a buzzword inserted into news headlines.

I was the hacker’s dream candidate as an oblivious, care free individual who won’t change a thing, but can’t live without my phone or laptop. I wanted all the immediate awesome benefits of technology and refused to consider the risks.

Starbucks and the local public library were my homes away from home. There I worked remotely blogging, writing online copy, and toiling away hour after hour to earn a living. The life of freelance writing didn’t involve a home office or Internet bills (not including coffee expenses) since employers never inquired about my home office and never made requirements to stay away from the open networks.

Then the game changed. Working for an IT training company that specializes in cyber security opened my eyes.

Why You the “User” Should Demand and Know More

Why do people love Starbucks? I honestly cannot say. Starbucks provides decent burnt tasting coffee, pre-made breakfast sandwiches, free Wi-Fi, and a good bit of people watching. The free Wi-Fi is the top benefit.

On Quora a person asked, “Is WiFi at Starbucks Safe?“. The easy answer was “It’s not”. The best answer explained further:

“I could sit at Starbucks and run a PCAP program and just wait for a few hours and leave, and once I am somewhere else, I can analyze the packets I caught and get all sorts of information.”

With sophisticated software active, such as WireShark, it isn’t very difficult for a moderate user to capture data packets for later analysis. Let’s say they capture information that allows them to decipher your password for email or Facebook. People use passwords commonly across websites. It’s not uncommon for individuals to employ variations of the same password for social media, online banking, email, WordPress, and other daily sites they access. Keep this in thought in mind when managing passwords.

By accessing unsecured open Wi-Fi networks you put yourself at risk. Open networks offer no protection and security. Once a person connects, they have the ability to view all of your Internet activity and even gain access to additional devices connected to the network. They could harvest personal info, credit card data, and online login credentials from you and others.

Think twice before connecting to these open networks. When on these networks consider turning off sharing, disabling Bluetooth (Mac users), limiting online activity to SSL connections (HTTPS in the URL address bar), and employing a VPN connection. However, VPNs do not protect against layer 2 attacks such as ARP poisoning attacks to manipulate victim traffic. VPNs take time to establish connections and within the short opening attackers can exploit and log data packets.

Even go as far as asking the business or library why they don’t use network security measures or what measures, if any, they employ.

Why Open Networks Should be a Thing of the Past

Businesses rarely allow non-customers to use their bathrooms. Why do they have no restrictions when it comes to an open Wi-Fi network? Clicking the “I agree to the Terms and Services” protects no one. By leaving networks open they leave the door wide open for those willing and capable (within reasonable distance) to enter.

There are plenty of coffee shops that only give out the Wi-Fi passkey upon purchase of goods. Local libraries should require Wi-Fi users to present member identification for network access. They should go as far as giving out temporary passkeys that require submission of library member information upon attempted connection.

The steps required to ensure baseline network security measures do not demand high-level IT work. These extra efforts demonstrate your business’ concern, awareness, and commitment when it comes to protecting customers.

Think twice before connecting to an open unsecured Wi-Fi network.

Question: How do you protect yourself on unsecured Wi-Fi networks?

Subscribe to the TechRoots Blog


Related Post

Does Your Verizon Router Use WEP Encryption?