How to Prevent Wi-Fi Hotspot Attacks

When traveling or in your favorite coffee shop, use these tips to protect your passwords and other data.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Posted December 18, 2008

Eric Geier

Eric Geier

(Page 1 of 2)

As you’re sipping your favorite drink or getting a bite to eat while surfing the net from a Wi-Fi hotspot, others could be sipping or gulping down your personal information. Since Wi-Fi signals are wireless, people can essentially grab your data from thin air.

However, don’t give up on public Wi-Fi yet. There are many preventive measures you can take to ensure your files and sensitive information stay private, which we’ll discuss.

To properly protect yourself against Wi-Fi hackers or eavesdroppers, you must first understand the main security risks of using Wi-Fi hotspots:

Traffic off your connection is exposed: – Most Wi-Fi hotspots don’t use encryption to scramble the data being sent to and from your computer and the hotspot. This means anyone within hundreds of feet, with the right tools, can potentially intercept the raw data packets of your connection.

At the very least, without encryption, they could see exactly what websites you visit. Moreover, if the website connection isn’t encrypted with Secure Socket Layer (SSL), represented by the padlock in the browser, then they could see the contents and traffic involving that particular website. This could include the username and password of Web sites you log onto that, again, aren’t using SSL.

The same risk applies to other services, such as FTP or email, that aren’t secured. Figure 1 shows you exactly what one can see from a hotspot user checking their POP3 email account, such as with Microsoft Outlook, that’s not protected with SSL. In addition to the email account credentials shown in the figure, messages sent or received would be in clear-text as well.

how to protect wi-fi attacks

Your laptop is vulnerable to unauthorized access: – If your firewall or sharing settings aren’t properly configured, your computer is much more susceptible to intrusion from hackers on the Internet or at the hotspot location. One of the biggest mistakes you can make is leave shared folders enabled while on a hotspot. Others connected to the hotspot may be able to open up Network or My Network Places and browse to your shared folders. Depending upon your sharing settings, they may be able to read or edit your files—not good.

Evil-twin hotspots can divulge your financial info or identity: – Wi-Fi hackers wanting to deliberately break the law can set up their own AP and equipment to create a copycat of a real Wi-Fi hotspot. They would do this in order to get you to connect to their signal and make payment. Then they could use your credit card and identity information themselves or sell it. Since they could copy the exact look and feel of other real hotspot providers, you might not ever notice you’ve been duped—good reason to regularly check your credit report. They can also pull other tricks out of the bag, such as redirect users from popular financial Web sites to their fake sites to order to obtain the login info.

Protecting Your Wi-Fi Connection’s Traffic

Now let’s see how we can prevent all these bad things we’ve dreamed up from happening to us. First, let’s discuss some techniques to secure your wireless traffic. Using just one of the following methods is adequate to protect your most sensitive information when using hotspots:

Use SSL for sensitive sites/services: Regardless of being on a public hotspot, you should always make sure any Web site you log onto that deals with sensitive information or any service you use (such as email and FTP) are protected with SSL encryption. This will ensure the information passing to and from your computer and the site or service are secure, even if you are on a real or fake hotspot. When SSL is used, web browsers will have an https address, instead of http, and will display a padlock or certificate information.

For email client programs, such as Outlook or Thunderbird, you need to make sure SSL is being used for the POP3 and IMAP4 or SMTP server connections. The email service you use must support the encryption. If yours doesn’t, you may want to look into other solutions, such as Neomailbox, Hushmail , or 4securemail.

Use a Virtual Private Network (VPN) connection: This would encrypt all your Internet traffic. You could essentially use unencrypted connections to sites and services, and hackers at the hotspot won’t be able to intercept anything. You would basically be using the Internet connection at the VPN server end-point for access to the web. The hotspot’s Internet connection is just being used so an encryption tunnel between your computer and the VPN server can exist.

Using a VPN connection when on public hotspots is great if not all the sites or services you use are encrypted, or you want extra security. You can check with your employer to see if they have a VPN solution, create your own, or use a commercial or free hosted service. For best protection, use IPsec-based VPN, rather than PPTP.

Use encrypted hotspots: Some of the big hotspot providers, such as T-Mobile and iBahn, provide WPA-Enterprise encryption on their hotspots with 802.1X authentication. Connecting to these spots ensure your wireless communications are protected from the public. Remember, it’s always best to make sure sites and services are accessed securely though, to protect the traffic when traveling through the Internet.

Page 1 of 2

1 2
Next Page

Tags: browsers, security, server, wireless, Wi-Fi

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.