INTRODUCTION
With the advent of technology and the penetration of Internet-connected devices in our daily lives, it has become practically impossible to go to our day-to-day life without accessing the Internet. Whether connecting with friends and family, or accessing corporate data, using the Internet has become more of an essential product than an accessory.
Going out in the public space where we are away from our private Wi-Fi, we have no choice but to use the connections available in the area, i.e., usually public Wi-Fi, in order to access the Internet.
Even though majority of the public Wi-Fis are free of cost, there are several disadvantages of using public Wi-Fi. While some of these hotspots/Wi-Fis are safe, there is a possibility that someone with nefarious intent is signed on to some of those hotspots and subsequently, can hack into the network and access the data of the other people logged into that particular Wi-Fi. Most people have valuable and potentially sensitive information on their devices, some of which could be damaging if a hacker gets their hands on it.
Unfortunately, most public Wi-Fi users are likely unaware of the dangers they are exposed to. However, one can enjoy and surf through public Wi-Fi, provided that the user is taking necessary steps.
This article aims to lay down the common threat to public privacy while using the publicly available access points for accessing the Internet and provide the general precautions one can adopt to prevent the threat to data privacy.
DATA PRIVACY CONCERNS AND PUBLIC WIFI
Personal Information Threat
One of the common threats while using the Internet through publicly available access points is the threat of the theft of personal information. If a hacker gains access to a user’s computer or other personal devices over a hacked public Wi-Fi network, they may have complete control over the personal data of the users.
Once hackers have access to the personal information of the users, they can access the users’ browsers, applications, system tools, etc.
Malware Attack
Another common threat while using public Wi-Fi is malware getting installed on the device. This malware exists in Trojan horses, Ransomware, Viruses, etc. If the users’ computer is not adequately safeguarded, someone on the same public Wi-Fi network could install any harmful malware.
A malicious Wi-Fi provider, or someone on the same Wi-Fi network, could infect the users’ computer with one or more dangers just by using the hotspot itself. It might be as simple as placing advertisements on every website the user visits by utilizing the Wi-Fi network wherein the website itself does not originally display advertisements. In extreme conditions, the hacker may also install malware on all the devices that persist across the said Wi-Fi connection.
Unencrypted Connections
It is essential to distinguish between encrypted and unencrypted connections because it is one of the essential tools that protects information from being exposed. Hypertext Transfer Protocol Secure (HTTPS) is an encrypted protocol that a browser uses to deliver data to the website the user is on. Popular platforms like Facebook and Gmail use HTTPS because it decreases the risk of the personal information being exposed. However, not all websites provide encryption and can be a threat to the personal data of the users.
Man-In-The-Middle Attacks
Another form of threat that is quite common on public Wi-Fi is Man-in-the-Middle (MITM) attacks. Hackers put up rogue Wi-Fi networks with seemingly innocent names like ‘Public Wi-Fi’ to entice consumers. The hacker has direct access to the users’ browser session and all the data once the user joins the Wi-Fi network.
Furthermore, the hacker may even be able to see the cookies and other personal information of the user saved on the browser. Hackers use the MITM method to intercept communications between two entities, such as the user device and the server to which it is linked. The snooping hacker interrupts data flow, allowing them to intercept the personal information of the users.
One of the ways by which a user can avoid this threat is by checking for authentication procedures and certificates. Before allowing a user to access a Wi-Fi connection, authentic networks usually ask for any sort of verification or authentication procedure.
Packet Sniffing
Another popular way used by hackers to get access to poorly managed public Wi-Fi is through utilizing a packet analyzer or packet sniffer. A packet sniffer is a powerful software that system administrators employ to keep track of network traffic. Anyone connected to a similar Wi-Fi network can intercept whatever information the user sends or receives.
Wireless packet sniffing entails a hacker forcing their way across the network to obtain control of the system. Some businesses unknowingly facilitate this process by failing to update the router’s default admin settings.
These tools aren’t necessarily harmful. Network administrators can use packet sniffers to diagnose connection issues and other performance issues with their wireless networks. On the other hand, the same procedure of packet sniffing let hackers access other users’ information and steal anything of worth.
MEASURES FOR PROTECTION FROM POTENTIAL DATA AND PRIVACY BREACHES
1. To determine the difference between secured and unsecured networks
There are two types of public Wi-Fi networks in general. Firstly, a network where one can log in to a completely open network without providing any authentication information. The user has to simply click connect, and the smartphone or laptop will take care of the rest. Secondly, the type of public Wi-Fi network requires the user to sign up and enter details, such as a phone number and valid email address, in order to verify.
Even though both are considered to be public Wi-Fi systems, the second type is usually safer and authentic, with very minimal or no risk of breach or exploitation.
2. Using a Secure VPN Service:
Virtual Private Network (VPN), encrypts all internet traffic to and from the device. It effectively encrypts open Wi-Fi networks and makes hacking nearly impossible. Using VPN service encrypts everything that is been sent and received over any Wi-Fi, using a VPN. Essentially, it operates by tunneling communications through an intermediary server. Hence, every communication done by a user is routed through the server over an encrypted connection, which makes it impossible for any third-party interception.
3. Two-Factor Authentication:
Two-factor authentication is a type of double authentication that increases access security by requiring two means to validate the user identity. These elements can include something the user already uses or is aware of, such as a username and password, and another verification thereafter on the user’s smartphone, or an application, or codes received via text messages.
The two-factor authentication prohibits the hacker from accessing the device of the user as in order to do the same, the code or verification is required.
AMLEGALS REMARKS
The potential threat mentioned hereinabove continues to pose a security threat to the public that access widely available public access points for free internet access. Given all the potential security threats which seriously compromise users’ private data, one should consider using the freely available public Wi-Fi only with added precautions.
The ease of public Wi-Fi can be challenging to resist as it is also needful for working in public places or when one doesn’t have access to private Internet connection. Even with the security precautions, the user’s privacy is always at stake as hackers try to find loopholes to collect the user data unethically. When needed, the user should employ the available security features to steer clear from the potential threat to personal privacy.
A user should always employ security measures such as a secure VPN services, two-factor authentication measures, etc. Additionally, users should also avoid using an unencrypted website and avoid engaging in activities like banking transactions and online shopping or any activities that expose the user’s financial details over public Wi-Fis. Keeping in mind such security measures and potential threats, a user can alleviate the risk of breach of personal data and privacy to a great extent while accessing public Wi-Fi and free surfing.
– Team AMLEGALS, assisted by Mr. Vishal Lodhi (Intern)
For any query or feedback, please feel free to connect with aditi.tiwari@amlegals.com or mridusha.guha@amlegals.com.
Leave a Reply