We’ve all done it – sloped off to the nearest coffee shop with laptop/iPad in hand, ordered a huge caramel one shot latte with cream, munched on a few biscuits, and then happily settled down to work or surf using the free public Wi-Fi for an hour or so.
Do you ever give a thought to the security of the connection? It was demonstrated recently that a 7 year old girl hacked into a coffee chain’s Wi-Fi, “in just 10 minutes and 54 seconds after watching an online video tutorial.”
Experts have known for a long time that public Wi-Fi spots are not safe. The Guardian newspaper was instructing its readers back in 2010 how to keep secure in public hotspots. This latest publicity stunt, which was carried out under the supervision of security expert Marcus Dempsey, has done one great thing – it has brought the issue of cyber-security to the forefront, and how careful the general public need to be when using unsecured public networks.
The number of Wi-Fi networks is growing. Figures from a report commissioned by the Wireless Broadband Alliance show the number of Wi-Fi hotspots reached 1.3m worldwide in 2013 and will rise to 5.8m in 2015. Cyber criminals are very aware of these public hotspots and how easily it is to hack into users’ machines. In fact, hackers don’t even need to be in the café or restaurant itself – Wi-Fi routers typically have a range of 100 metres, so criminals can sit out of sight, in a car park or another building.
Chris Phillips, 2-sec’s Physical Security Expert and ex head of the UK’s National Counter Terrorism Security Office is keen to welcome any news item that brings online security to the general public’s attention.
“In this day and age, with the increasing threat of cyber terrorism it is so important to understand how to keep yourself safe online in a public place. An investigation earlier in the year has demonstrated that cyber-attacks can force customers in a café to switch their phones from a legitimate Wi-Fi account to a fake “evil twin” one, without anyone knowing. Once hackers have access to your system they can steal log in details, track people’s movements, access private emails, bank accounts, financial and personal details. There is a huge market for this sort of information, and criminals pay substantial sums of money for this data – do not be lulled into thinking that no one would be interested in the information on your tablet, phone or PC.”
Of course, working in public has other problems as well. You risk others reading from your screen over your shoulder, or when your back is turned. I have seen some people leave their unsecured machines to pay at the till or go to the toilet, not realising that it is a hacker’s dream. Many times you don’t need to access a compromised Wi-Fi connection, as just not being vigilant with your own possessions and information means it is very easy for a criminal to watch you input passwords, or other information.
So, here are our tips to ensure that you are not stung by any criminal activity.
- Be vigilant with your own possessions. Don’t leave laptops, phones or tablets unattended and unlocked. Be aware who you are near to, and what they are doing.
- Check the name of a network with the shop.
- Check that the website you are accessing is secure with a green lock symbol and HTTPS.
- Don’t access any personal or sensitive sites. The EU’s law enforcement agency Europol goes further, saying that people should “avoid sending or receiving sensitive data over public Wi-Fi because it is at risk of being intercepted by hackers”.
- If your staff travel widely with their own company laptops, encourage them to use a 4G Wi-Fi device rather than any public Wi-Fi, or use a Virtual Private Network (VPN).
- Turn off “Sharing” – When you're at home, you may share files, printers, or even allow remote login from other computers on your network. When you're on a public network, you'll want to turn these things off, as anyone can access them.
- Ensure your device’s firewall is enabled, and active. Both Windows and Mac users have these available by default, as do iPhones and Android devices.
- When you leave the hotspot, ask your device to FORGET the network so that it doesn’t just log on automatically when you pass the same spot later on.
If you remember the above, you have a good chance of being able to enjoy your coffee in safety, knowing that you’re not in any danger of passing on your own or your company’s secrets.