In the last couple years, a new breed of mobile user has sprung up. Thanks in large part to the iPhone (and the iPhone-wannabees), the world now has a lot more mobile devices hungry for a live (and free) Wi-Fi connection. Sure, we’ve been using Wi-Fi for years, but at least for many of us, what was once the casual and even occasional laptop login has become a more convenient and far more frequent quick check for email, stock reports, headlines, etc.
We’re using our hyper-mobile devices all the time now. Standing in line at the coffee shop, we quickly fire up our pocket-sized devices to see what’s going on in the world.
Now, here’s where the risk storm comes in.
When you point your Wi-Fi interface at a local wireless access point (WAP), you’re implicitly trusting it. Say, for example, you’re in your favorite coffee shop and turn on your mobile device and see there’s a Wi-Fi net present—say, something like “Acme-wireless.” You see it’s not using WEP, so you blindly and courageously take the leap of faith and connect to it.
Once on the wireless, you bring up your browser and try to connect to a Web site. Looks fine, so you login to that web site, perhaps providing your login credentials (or a browser-stored cookie containing your login credentials). Away you go—and away your login credentials go. You’ve just fallen for the oldest trick in the book, the dreaded “man in the middle attack,” and your attacker now has your credentials/cookie.
How could that have happened, you ask? Well, when you signed onto “Acme-wireless,” you trusted that it was indeed “Acme-wireless” and that it is operated by an honest business. The only proof you had that it was indeed “Acme-wireless” was that it said so.
You’ve been duped.
Yes, it’s easy to do. It would be absolutely simple to configure a laptop PC to masquerade as “Acme-wireless” and then to collect login credentials from unsuspecting mobile users seeking a free Wi-Fi fix. After all, the Wi-Fi standard provides no mechanism for the user to authenticate the server. None. Nada. Zip.
And that’s just one kind of Wi-Fi-based attack. It gets worse. When you connect over Wi-Fi, a lot of relatively sensitive information (e.g., passwords, session IDs, cookies) is routinely passed unencrypted and is thus open to being trivially sniffed by anyone else on the same Wi-Fi site. That person sitting next to you in the coffee shop could well be running a sniffing tool like Wireshark and collecting anything sensitive that your browser or email client emits.
Now, combine all that with the fact that our hyper-mobile devices are getting smaller and smaller, while at the same time becoming more and more capable as powerful computing devices. Further, we’re starting to trust them more and more for connecting to sensitive network services, including financial services and such. That is to say that they are without a doubt becoming serious targets by the miscreants of the world who want to liberate your money from your wallet.
Continued: Step to Take to Protect Yourself
How can we protect ourselves? Fortunately, there are a few relatively simple things we can do to make things safer.
Start by being a little paranoid. If it seems too good to be true, it probably is, right? Additionally, here are a few more things you can start doing today to improve your wireless risk exposure:
• Be familiar
When you’re in a location you haven’t been to before and you want to use their Wi-Fi, look (or ask) for instructions on how to connect to their SSIDs. This is no guarantee, of course, but it’s a good start, as you’re more likely to find legitimate WAPs this way.
• Wi-Fi credentials
If you use a Wi-Fi service that requires you to enter your account information before you can connect, double check that you’re actually connected to your provider before entering the information. More than likely, the login screen that your browser automatically takes you to will be SSL encrypted over HTTPS. Take a moment to view the SSL certificate—if your mobile device lets you—and the URL to double check that you’re talking to your Wi-Fi provider and not a rogue web site set up to collect your credentials. That is, don’t trust the login page until you know it is legitimate.
• VPN
Once connected to the Wi-Fi, invoke a secure VPN connection. Strong VPNs should be IPsec-based, but even PPTP will suffice. The point is to encrypt all of your traffic that goes through the local Wi-Fi, even if the Web pages and other network content are not otherwise encrypting. This will prevent the sniffer-in-the-coffee-shop attack from successfully stealing your sensitive data. If your company doesn’t have a VPN to use, consider using a public VPN services.
• SSL
Especially if you didn’t heed my warning regarding VPN usage above, you really want to ensure all your sensitive information is being encrypted while it transits the local Wi-Fi net. That means SSL typically. To the extent possible, make sure all applications that send/receive sensitive information, login credentials, etc., are configured to use SSL for all sessions. And, as in the case of the Wi-Fi provider login page, take a moment to validate SSL server certificate validity whenever you connect to an SSL-based service.
• Free Public Wi-Fi
It’s not uncommon to see a Wi-Fi connection dubbed “Free Public Wifi.” It is in fact neither. Instead, it’s due to a Windows bug and should simply be avoided.
These tips are just a starting point, of course. The main message is to be a little apprehensive when using your hyper-mobile device. A little bit of mistrust here will go a long way to protecting you.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.