#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 11°C Saturday 21 May 2022

Column: Free Wi-Fi networks carry risks – but you can avoid them

Make sure you’re not freely handing away your personal data…

Ronan Leonard

TO RETAIN AND also attract new customers, bars and coffee shops are offering free Wi-Fi because it is highly valued. Wireless routers have become very cheap and require minimal setup, which sounds great for the consumer – but in reality you could be handing away data freely.

Free Wi-Fi is given away one of three ways. The first is where anyone can use Wi-Fi as no password is needed. The second is where you have to have a password to use Wi-Fi. The third is where the Wi-Fi signal is private and you have to set up a free account to be able to use Wi-Fi. If you were to grade how secure each of the three ways outlined above are, the first is the least secure with the third being the most secure.

Wi-Fi with no password

When no Wi-Fi password is needed you can connect instantly, and especially easily if you have used the network before. Instant access sounds great but it has its very easy to hack. Hackers use software, called ‘sniffer software’ which looks at traffic travelling to and from a wireless router to extract important information. If you plan to use this type of Wi-Fi connection do not visit any websites or use apps that require you to log in. So stay clear of accessing your email, Facebook, LinkedIn or online banking if you wish to use this Wi-Fi connection.

Hackers also use the above setup to their advantage by setting up a fake Wi-Fi hotspot hoping that people will use it and they can extract information going through it. If someone sees a free Wi-Fi account they presume it’s from the coffee shop that they are in – especially if they see a ‘free Wi-Fi’ sign – and they use it. The location of the fake Wi-Fi hotspot can vary from a nearby building to a car or van parked nearby. Hackers can also monitor the network traffic of an entire bar or coffee shop with an iPad-sized device hidden in a backpack

Wi-Fi with a password

When the Wi-Fi password is openly shown and shared it is easy to hack into the hotspot as the password is probably not changed on a regular basis, and hotspot not closely regulated. Hackers using the sniffer software I mentioned earlier can easily hack into the system.

Sometimes the Wi-Fi password is printed on your receipt and is probably changed on a regular basis. If the password is changed on a regular basis then there is a lesser chance of the network being hacked and abused.

Private Wi-Fi signal

The most secure Wi-Fi hotspot makes you set up an account to use it and you also have to login every time you go online. By forcing you to log on every time you want to use Wi-Fi, you are making it more secure. No hacker will want to intercept traffic on this hotspot as anything they do can be traced back to their account.

This type of hotspot is the one I trust the most as everything done on it is traceable. Businesses don’t want customers downloading and viewing pornography or hacking so they make sure if anything like this happens, the customers’ accounts are cancelled and appropriate action is taken.

As I mentioned earlier, business owners know that free Wi-Fi is highly valued, which is why they are ripe targets for hackers. Most users will not realise this, and they will routinely expose valuable personal data over Wi-Fi hotspots. But all is not lost and there are some steps you can take to ensure your surfing is less likely to be compromised.

  • Make sure the Wi-Fi connection is legit

As I mentioned earlier, hackers sometimes set up fake Wi-Fi hotspots. Make sure that you are connecting to the correct hotspot by confirming it with an employee of where you are.

  • Encryption on websites that you have to login to access

Encrypting the communication between your computer and any site you are visiting, will help maintain privacy and security. The most popular form of encryption is SSL encryption, and to check that it is active take a look at the website address. If it starts with ‘https’ then you can breathe a sigh of relief. You will also notice your browser displaying a padlock icon.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

If you don’t see any of the above in a social media website, financial websites, an online shopping site or your email account, then don’t log in. Also before the encryption process has even begun, the website authenticates its identity with your browser.

If your browser cannot verify that the site is actually what it claims to be, a pop-up window appears alerting you to an untrusted security certificate. If you see this, then do not visit the website.

  • Make sure all your software and browsers are up to date

It is very important that you’re running the latest updates for your operating system and web browser as any weaknesses are easily exploited. The last thing you need is for your computer to be leaking data through a hole in your firewall, so make sure there are no holes.

  • File sharing

Make sure that Windows File Sharing is turned off as you don’t want someone accessing the files on your computer. For instructions on how to disable file sharing in Windows XP go here. For instructions on to disable file sharing in Windows 7 go here. For instructions on to disable file sharing in Windows 8 go here.

Wi-Fi security awareness needs to have businesses and users singing of the same hymn sheet. Businesses need to make sure that their Wi-Fi is very secure – but I’m not talking about having their hotspots as secure as Fort Knox, nothing is 100% secured and it has to be a less viable target. Users have to be careful with their surfing habits, and make sure they don’t use free Wi-Fi hotspots unless it has a password which is changed regularly or it requires you to set up an account. As long as businesses and users are security conscious, less damage can be done.

Ronan has over 15 years experience of designing websites and recently did a Cloud Computing course in N.C.I. He also started a blog earlier this year on security tecdr.net and he can be found on twitter @tecdr

Irish internet users could be vulnerable after 1.2 billion password theft

1 in 5 US internet users have had bank account details and personal data stolen – survey

About the author:

Ronan Leonard

Read next: