Are Free Public Wifi Networks Safe?
Recently the Minister of Information and Communication Technology of Mauritius, Mr Tassarajen Pillay Chedumbrum has launched a project of providing free wifi internet connection to the public. 150 spots were identified and some of them are already operating. People in the wifi range will take full advantage of this free service. Like them, hackers will also take full advantage of this service to harvest personal information(data) of the users.
As such, to raise awareness for these free wifi users, we thought of sharing some security risks which users may face when using free wifi connections.
Sniffing of unencrypted data
When you connect to an open wifi network, the network is normally unencrypted because you don't have to enter any password to connect. Thus, if a hacker is connected to the same free wifi network, he/she can easily see what webpages you are visiting and what form you are submitting, example logging in your Facebook account.
This is done by using network sniffing tools,which are freely available online. These tools capture packet sent and received on the network.These packet are later analysed and very often, username and passwords can be retrieved from them.
Rogue Access Point
When connecting to a public network, it is difficult to identify whether it is a legitimate network or a rogue access point. In these rogue access point, the user is sent to fake webpages identical to legitimate ones. Once the user enters his or her personal credentials, the hacker get holds of these. These credentials can be used for account hijacking.
Network File Sharing
Wrongly configuring your network file sharing option can allow other users on the same network to have access to your device and view or even copy your personal data. For example, if the folder in which you keep your pictures is visible on the network, other users will be tempted to see what's in.
Our advise
- Do not make bank transaction on free Wi-Fi connection.
- Do not use websites where you have to enter credentials (username and password)
- Use up to date antiviruses.