Tips / Aug 18, 2017

DR. SECURITY TIP: Usage of Public Wi-Fi

Tags: dr security

Dr. Security gives tips and answers questions related to cyber security. This time, it is about security and public WiFi.

Doctor Security

Question

Every time I am travelling I use public Wi-Fi, at hotels, bars or airports. Anywhere, when I have some free time, I just check e-mails, my social media profiles and, sometimes, my bank account. It’s not that often, but from time to time it crosses my mind: “is it possible that people steal my data when I’m connecting through public hot-spots?” (Nina, Otelfingen)

Answer

Hi Nina,

Public Wi-Fi networks are tricky, but it does not mean you should stop using them! I, too, use them all the time!

Anyone that has access to a wireless network that does not require a password can get access to your data while it’s in transit from your devices (say, your smartphone or laptop) and the wireless access point. The solution to this problem, is to only enter sensitive data (username and passwords, credit card information and so on) on websites that use HTTPS or through applications that only connect via HTTPS to their servers. When using HTTPS no-one can access your data while in transit over a network. You can check that a website uses HTTPS by looking at the green address bar or a lock shown next to the website address.

Secure Browser Bars

Your browser also helps in defeating these kinds of attacks. If a warning is displayed, think twice before proceeding to the website, then it really means something is going on…

Browser Alert

Unfortunately, it’s harder to say which applications use HTTPS internally, it’s safe to assume that most of the popular ones do. For extra security, and if available, use a VPN solution (which also work on mobile devices!). VPNs (should) encrypt your traffic and make it impossible to be spied upon. As I said above, public Wi-Fi are tricky. There are more sophisticated attacks that can impact your security. Man-In-The-Middle (MITM) attacks and rogue access points are two examples. Keep in mind, more sophisticated does not mean more expensive to carry out, but potentially more involved. Yet, I would say it’s safe to assume that they do not happen so often. Going in the details of these attacks and countermeasures takes a bit more time and space then what’s available in the newsletter. I would be happy to explain it in more details, so do not hesitate to write to the Doctor at: doctor@futurae.com.

Newsletter

Learn more about innovative and user-friendly IT Security. Subscribe to our newsletter today!