There are tens of millions of free or paid Wi-Fi hotspots around the world. The unsuspecting business or adventure travelers will use Wi-Fi wherever they find themselves. Airports often have free Wi-Fi and as vacation season is in full swing, Wi-Fi access is a necessity. That is why ESET’s researcher Cameron Camp has prepared some advice for users of the wireless internet spots.
Along this helpful insight, ESET Smart Security 5 offers useful feature for “out of home networks” that alerts user whenever connecting to public Wi-Fi, offering the necessary protection. The latest, fifth generation of ESET’s flagship product offers this ever-so important level of security, Release Candidate version is available for free download. ESET Smart Security 5 is currently in the Release Candidate phase of testing and may not contain all the functionality envisioned in the product’s final version slated for release mid September.
According to the findings of the Online Security Brand Tracker, a global research project commissioned by ESET – carried out by InSites Consulting (April-May 2011), and analysis conducted by United Consultants, almost half of the users worldwide are connecting to the Internet using portable devices as the primary connection device, notebook being the most popular (41%), followed by netbooks (3%), smartphones (2%) and tablets (1%).
“Sitting in an airport you rarely frequent, you grab your laptop and snap out a couple e-mails to send, and look, there’s a free Wi-Fi hotspot. Bang, you connect and send, and are off on your way. What you don’t know is the free Wi-Fi may come with a price: your login credentials and network traffic being sniffed and captured before sending them along to the real Wi-Fi hotspot, and your information stolen en route, undetected,” says ESET researcher Cameron Camp.
What raises the flag of awareness is when there is a hotspot with a name you don’t recognize or one that closely resembles the name of the official one. Be especially wary of “unsecured” hotspots, ones where you don’t need to enter a password to gain access. “The magic happens through a proxy technology, which intercepts your Wi-Fi communication, captures and stores a copy locally on the scammer’s laptop, then sending your information on to a “real” Wi-Fi hotspot. This will slow down your traffic a little, but with congested networks, it is often hard to tell if your traffic’s being snooped, or if there are just many users logging in at the same time,” adds Cameron Camp.
Whenever you log in to check your bank balance, buy something for your wife or catch up on e-mails, your computer has to send the login information across the network, which is a goldmine scammers look for. Normally, if you login to a bank website, you’ll see the bank address beginning with “https” rather than “http” which means the traffic is encrypted. If the scammers succeed in capturing your encrypted credentials, they can still run a program later in an attempt to get to your credentials. So, if the bad guys get their hands on the information, they have all the time in the world to work on decrypting it, and you may notice fraudulent account activity days or even weeks later. So keep in mind – expediency is not a good policy when dealing with public hotspots – use caution and pay attention to details.
Security threats whilst using free Wi-Fi:
- Evil twin login interception: networks set up by hackers to resemble legitimate Wi-Fi hot spots.
- 0-day OS/app attack attempts: an attack through previously unknown exploit.
- Sniffing: computer software or hardware that can intercept and log traffic passing over a network.
- Data leakage (man-in-the-middle attack): Cyber-criminal can modify network traffic and let you think you are dealing with your bank while, in reality, you are sending him all your credentials.