public wi-fi risks

Public Wi-Fi networks, such as the hotspots found in many airports, hotels and cafes, are by their very nature, insecure.  Otherwise, how would you be able to connect to them without a password?

There are therefore privacy and security risks involved in these Wi-Fi networks. So it’s important to keep your guard up.

Is it safe to use the Wi-Fi at the hotel or the airport? What are the risks?

Could hackers get your banking details? E-mails? Usernames and passwords?

Any data transferred between a user and a Website using an HTTPS address (note the “s” at the end of “http”) using SSL encryption, such as online banking sites, is just as secure on a wireless hotspot as it is on a private secured network. Wi-Fi hackers or eavesdroppers sitting around the hotspot cannot capture a user’s login credentials or see any information from these secured sites.

However, hackers can capture Web traffic on other sites that use the unsecured HTTP type of address. If you’re just passively viewing sites, there is usually no problem. You become vulnerable if you have to login to sites that aren’t secured. Even if the site isn’t all that sensitive, such as a discussion forum, eavesdroppers can capture your login credentials, which they may also use for other more important sites. That’s why it’s important to use unique usernames and passwords for every site.

Checkout LastPass for a really cool way to manage all of your web passwords securely.

http://lastpass.com/

As e-mail is the thing we generally most often check from our Wi-Fi-enabled devices, it’s crucial to know that Web-based e-mail providers, such as Yahoo and Google, don’t use HTTPS/SSL encryption for e-mail access by default. Although may are planning to move to this method.  This means that Wi-Fi snoopers can fairly easily capture your log in details, as well as see your e-mail messages.

In addition to Web browsing, other services including POP3 or IMAP e-mail and FTP file transfers are open to Wi-Fi snoopers. These protocols by default transfer their data in clear-text, including the login credentials. Most of these services can be secured with SSL encryption, which would mean they were protected from Wi-Fi snooping; however, most users do not take the trouble to implement these features, which leaves their login credentials and messages vulnerable to eavesdroppers when accessed via a POP3/IMAP e-mail client, such as Microsoft Outlook, over an unsecured Wi-Fi network.

Also in addition to eavesdroppers being able to capture the traffic transferred over the airwaves, they could also potentially connect to a user’s laptop or other Wi-Fi device. Windows XP users, for instance, are vulnerable if they have configured their system to share any folders because those folders will also be shared on public networks, where other hotspot users can access them if they aren’t password-protected.

A further development in this area is a Firefox plugin called FireSheep, which allows hackers to hijack users sessions on sites like Facebook, Amazon, Ebay etc. This is a major vulnerability whereby a hacker can take control of these accounts.

Checkout this article on the Telegraph’s web site: Firesheep

Tags: free, hotspots, public, risks, security, unsecured, wi-fi

This entry was posted on Thursday, August 26th, 2010 at 11:51 and is filed under news. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.