The real threat from public wifi hotspots

Ravinder Kapur

Updated 22 June 2017 at 5:52 am

Vast numbers of people use the free Wi-Fi service at cafes, hotels, and other public places. They don’t realise that by doing this, they are possibly compromising their data and exposing themselves to financial loss.

A recent survey conducted by the Cyber Security Agency of Singapore found that over 60% of respondents had no hesitation in connecting to non-password protected Wi-Fi networks in public places.

Why exactly is this dangerous and what are the risks that you are getting exposed to?

There could be a hacker between you and the Wi-Fi hotspot

In recent years, the number of places offering free Wi-Fi has mushroomed. Many restaurants, bookstores, and even large retail outlets provide this service. But this facility could come at a heavy price.

Hackers use a technique known as “man-in-the-middle” to get between you and the Wi-Fi hotspot. If they are successful, then your access to the internet does not take place directly through the legitimate hotspot. Instead, the information and data from your smartphone goes to the hacker who passes it on to the hotspot.

As a result, every action that you subsequently take becomes unsecured. A record can be created of the websites that you visit. If you make an online purchase, the details of what you have bought and the particulars about your credit card are revealed.

Your email account and all the information on it can be accessed by the hacker. In fact, it is possible for a malicious program to be transferred over the unauthorised Wi-Fi connection to your smartphone.

A recent news report pointed out how hackers can easily get into your smartphone using a public Wi-Fi connection. Ethical hackers, belonging to the Whitehat Society at the Singapore Management University demonstrated how they accessed their victim’s phone and took pictures using its camera.

The hackers were even able to pinpoint the location of the phone and read the SMSs that were being sent from it. All they needed to gain access was the phone number of the victim.

Beware of the Evil Twin

Source: Shutterstock

This is a variation of the “man-in-the-middle” technique. Instead of positioning themselves between the real Wi-Fi hotspot and the victim, the hackers create a duplicate hotspot.

You could be at a cafe or at a hotel which provides free Wi-Fi. When you access this service, you log on to the hacker’s hotspot assuming that it is the hotel’s. How is this possible? The usual modus operandi is that the hacker is somewhere close by and the illegitimate signal is powerful enough to reach the hotel and fool you into thinking that you are using the hotel’s official account.

The Wi-Fi hotspot that you innocently log on to will have a name that is very like the hotel’s. The difference will be a single letter or an added number. You will have no reason to suspect that you are walking right into the hands of the hacker.

Now every action that you take on your smartphone is visible to the “Evil Twin” hotspot.

Check into DarkHotel

Kaspersky Lab, a global cybersecurity company, revealed how attackers targeted specific high-profile guests at a hotel over a period of seven years without being detected. This cyberattack was not a random fishing operation where the hackers collect data from any guest that logs on to the hotel Wi-Fi and then use the information to access credit card details and bank accounts.

The hackers were extremely sophisticated and waited for victims that had been identified earlier. How did they know that a particular victim was going to visit the hotel? They got into the hotel’s network and kept a tab on the reservation system.

Prior to the victim’s arrival, they would install malware into the hotel’s system. When the victim left, they would delete the malicious program. During the hotel stay, when the victim tried to log on to the Wi-Fi hotspot, a pop-up would appear on the smartphone requesting the download of an Adobe software update.

When this pop-up was accepted, the victim unknowingly received a malicious program instead.

This method of hacking smartphones, dubbed DarkHotel, was reportedly used in several luxury hotels across Asia.

How can you protect yourself?

Are there any precautions that you can take to avoid getting hacked? Of course, you have the option of not using public Wi-Fi altogether. But if you want to continue with this free service that is becoming increasingly common, there are some safeguards that you can take.

The first step is to use a virtual private network (VPN) when you are accessing public Wi-Fi. This is a system that creates a private network that encrypts your data and also uses other security mechanisms to prevent unauthorised people from accessing your information. All you need to do is download an app and install the VPN.

Another useful precaution is to use different passwords for different sites. You may use a particular username and password for registering on to a site that requires this information to allow you to access certain data. Many people use the same username and password across sites and even for their credit cards and bank accounts. This makes the hacker’s job very easy. Once they ascertain your details for one site, they can see if it allows them to log on to your other accounts.

A mistake that many people make is that they keep the Wi-Fi connection on their smartphone active even when the network that they normally use is not within range. If you do this, it gives hackers the opportunity to get into your phone. Put the Wi-Fi off when you are away from your home or office. Taking this step can enhance your security. At the very least, your smartphone battery will last longer.

What if the public Wi-Fi connection that you access requires you to enter a password to access it? Does this ensure that it is safe to use? Unfortunately, a password is not of much help as it would be accessible to many users.

Bottomline: Avoid public Wi-Fi if you can

It is best to stay away from free Wi-Fi at cafes and malls. If you must use it, always use a VPN. If you need to access your bank account, don’t do it over a public network. Wait till you are home or on some other secure network.

(By Ravinder Kapur)

Cosmo
Sabrina Carpenter looks practically naked in completely see-through lace mini dress
Sabrina Carpenter went braless wearing the Mirror Palais Anemone Dress in butter featuring illusion tulle adorned with lace appliqués along the neckline and hem
2 days ago
The Telegraph
Russia has found the critical vulnerability in Nato’s American tanks
The arrival of the US M1A1 Abrams tanks in Ukraine was hailed as a turning point in the war. Coming in at roughly $10 million a unit, the Nato stalwart was supposed to provide the armoured fist that would punch through the Russian lines. But tactics evolve quickly in warfare, and Russia’s use of surveillance and hunter-killer drones has led to heavy casualties for Ukraine’s tank fleets. This is alarming for NATO. If Russia has found critical vulnerabilities in our armour, our borders are beginni
14 hours ago
The Telegraph
China is the enemy of the world and has nobody to blame but itself
Secretary of State Antony Blinken’s multi-day trip to China this week caps a particularly busy stretch of meetings between US and Chinese officials. Treasury Secretary Janet Yellen was in Beijing earlier this month where she delivered remarks about establishing a floor underneath the US-China relationship and was photographed drinking a beer at a local brewery. On April 5, US and Chinese defence officials held maritime talks for the first time in three years. And on April 16, US Defense Secretar
a day ago
Euronews
Russian actress who hosted 'almost naked' party fined for calling for peace in Ukraine
Anastasia Ivleeva fell foul of a law that sanctions remarks discrediting the Russian military.
a day ago
Yahoo News Singapore
Fatal accident in Tampines: 42-year-old driver involved in crash charged with four offences, including dangerous driving causing death
After a fatal collision in Tampines, Muhammad Syafie Ismail, 42, faces four charges including dangerous driving causing death.
2 days ago
The Independent
Bully dog found beheaded, burnt and cut into pieces near children’s playground
A dog walker made the horrific discovery on Tuesday morning
2 days ago
Evening Standard
Liverpool: Darwin Nunez tipped to be sold by Arne Slot after 'unforgivable error'
The striker was again guilty of a huge miss as Everton all but ended Liverpool’s title hopes
2 days ago
INSIDER
Malaysia might add a casino to boost troubled $100 billion mega-development Forest City
The casino, which would only be the second in Malaysia, could revive the struggling property.
2 days ago
Evening Standard
Ex-Manchester United star Ryan Giggs, 50, 'to become dad for third time with model girlfriend'
It will be his first child with lingerie model Zara Charles, who he has been in a relationship with since 2021
17 hours ago
The Telegraph
Erik ten Hag: Marcus Rashford abuse is wrong but he must accept share of blame for failings
Erik ten Hag has told Marcus Rashford he must take his share of the blame for Manchester United’s struggles despite offering the striker his full backing in the face of “months of abuse”.
5 hours ago
The Telegraph
Mohamed Salah can spearhead Liverpool’s new era but the jury is out on Darwin Nunez
In the aftermath of a particularly demoralising defeat, former Liverpool manager Gerard Houllier once appealed to the Kop with the observation: “We don’t destroy our heroes today when we worshipped them yesterday.”
2 days ago
InStyle
Prince Edward and Duchess Sophie Feel Disappointed by King Charles Royal Title "Snub"
The "chosen ones" are reportedly sad they didn't get new roles after Prince William and Kate Middleton's latest appointments.
2 days ago
Cinema Online
Jacky Wu and his "Mr. Player" team filmed in Penang for four days
The Taiwanese host is back in Penang again after filming in the island back in 2015 and 2019
23 hours ago
Cinema Online
Maggie Cheung Ho Yee to make TVB comeback?
The Hong Kong actress is said to star in a drama by "The Queen of News" producer
23 hours ago
SETHLUI.COM
Sweet Garden Dining Cafe: No GST & service charge at ex-5-star hotel chef’s Western cafe
The post Sweet Garden Dining Cafe: No GST & service charge at ex-5-star hotel chef’s Western cafe appeared first on SETHLUI.com.
2 days ago
BuzzFeed
People With "Extremely Attractive" Partners Are Venting About What They Have To Deal With
"The first time my mom and I were alone after meeting her, she turned to me and said, 'You must be really good in bed.'"
2 days ago
The Guardian
US has seen evidence of attempts by China to influence election, says Blinken
Secretary of state met Xi Jinping in Beijing and warned of sanctions over China’s support for Russian arms industry
10 hours ago
AFP News
North Koreans in China vanish as border reopens
After fleeing famine in North Korea, Kim Cheol Ok laid low in China for decades -- until a doomed run for freedom got her sent back to her repressive homeland, her family says.She told her family she was being sent back to North Korea two hours later and was never heard from again.
2 days ago
Evening Standard
Arne Slot 'confident' of Liverpool move as Feyenoord manager confirms desire to replace Jurgen Klopp
Reds in talks with Rotterdam club over Jurgen Klopp replacement
a day ago
The Telegraph
‘One guy’ is blocking release of Israeli hostages, says White House
Yahya Sinwar, the Hamas leader, is blocking a deal to release Israeli hostages, the Biden administration has said.
a day ago

Straits Times Index

Nikkei

Hang Seng

FTSE 100

Bitcoin USD

CMC Crypto 200

S&P 500

Dow

Nasdaq

Gold

Crude Oil

10-Yr Bond

FTSE Bursa Malaysia

Jakarta Composite Index

PSE Index

There could be a hacker between you and the Wi-Fi hotspot

Beware of the Evil Twin

Check into DarkHotel

How can you protect yourself?

Bottomline: Avoid public Wi-Fi if you can

Latest stories