Dubai, UAE: Smart City initiatives are steadily taking root across the Middle East and along with the host of mGovernment applications that are now available; we have now begun to see telecom providers collaborating with regional governments to offer free Wi-Fi across public areas. This compliments the public wireless infrastructure that is already being offered by numerous establishments such as restaurants, cafes and corporations. Combined with the explosion in handheld smart devices, it is no wonder that the popularity of public Wi-Fi among citizens- and worryingly cyber criminals too- is on the rise.
“Using public Wi-Fi can be risky. Research by security firms has found that free hotspots are increasingly being used to steal private information from consumers. While for ordinary PC and smartphone users, Wi-Fi is not ideal, it is now something that is nearly inescapable. Unfortunately, cybercriminal are well aware of this and have developed techniques to exploit to steal information, identity or passwords and money from the users who use public or insecure Wi-Fi connections,” Mohamed Djenane, Security Specialist, ESET Middle East, said.
The safer alternative is to connect via a 3G or 4G data package. However, these come at a premium which consumers are often unwilling to afford. The good news is that users can still remain safe with public Wi-Fi when then research information, check news sites, or even look at maps of the local areas. But in doing so, ESET recommends that they take the following security measures:
The worst thing to do is assume without verification that a Wi-Fi network is legitimate and run by a trusted establishment. It might be a decoy deployed by a criminal! As a general rule, users shouldn’t connect to any network called, ‘Free Wi-Fi’– if this is what’s being advertised, it could well be a way of getting them to sign up for a newsletter or endure adverts, even if the hotspot isn’t malicious. If it is a public service such as a coffee shop, then double checking the WiFi name with a member of staff is advisable.
Overall, smartphones come a poor second to PCs or Macs when it comes to public Wi-Fi hotspots as the ‘defenses’ built into PC browsers make it easier to identify whether the usage is safe. Therefore, checking email is best done via your PC, as the browser’s secure icon (usually a lock or similar in your address bar) can be used to check whether the connection is secured using the HTTPS protocol.
Hackers who are monitoring network traffic are looking for users who type in passwords to email accounts, social networks and banking websites. It is therefore best to limit activities to anything that does not require a username and password to log in. Users must also bear in mind that most apps on their smartphones will auto login. Using email apps on a phone can leak data as there are plenty of free apps that hackers can use to extract this information. Using a secure HTTPS website, or better still encryption, is definitely the safer route.
Typically, attacks on Wi-Fi hotspots are ‘man-in-the-middle’ attacks – where an attacker is able to access the user’s data as it travels. That means anything financial or corporate is out. Users simply cannot afford to type in their credit card details, buy anything, or visit their bank’s website. If the user has to connect to a work environment, they should use a VPN, or wait until they are in a safer environment.
Even big chain Wi-Fi Hotspots pose risks and the last thing users need is their smart device attempting to connect to the same hotspot later, when they’re not looking. Smart devices can give away a surprising amount of data from apps connecting to remote servers. It is always a good policy to police the list of ‘known’ networks thoroughly. Many users fail to realise that there’s a much bigger threat posed by networks that they have already connected to and trusted than somebody randomly fishing for them to connect.
“On-the-go access to the internet is all by unavoidable and the widespread Wi-Fi promised by smart cities will bring with it a wide range of benefits. Knowing however that our lives today are heavily set in the digital domain, protecting our online presence must become an absolute priority. This might mean placing security over convenience and being smart, rather than sorry,” Djenane, added.