What is the frequency of your public Wi-Fi connections while you are out and about? Think about it: this covers all locations that aren’t part of your personal home network, such coffee shops, airports, public transportation, and neighborhood bars. Due to the increasing need for mobile ordering, Apple Pay, and QR code menu scanning, most venues are expected to have Wi-Fi available for basic business functions.
41% of British people use unprotected public Wi-Fi when given the chance, according to research from NordVPN, even though 52% of us think that using public Wi-Fi at restaurants and on public transportation puts us most at danger of a cyberattack. Connecting to public Wi-Fi is convenient and occasionally required, but beware of dangerous cybercriminals who take advantage of this general lack of caution while using public Wi-Fi to compromise your devices and important accounts.
Marijus Briedis, Chief Technology Officer at NordVPN, notes that “convenience coupled with our love of using devices on the go means public Wi-Fi connections have flourished”, although he reiterates that people are “right to be cautious about using them”.
“Hackers are opportunists at heart, so it’s understandable that some of the busiest venues like pubs and restaurants are those where people feel most nervous of logging on. The scope of threats varies from place to place but modern methods of hacking mean that even at work or in the security of our own home, we can still be at risk.
“Cyber awareness is important, and it’s good to see people erring on the side of safety when using public connections, whether it’s avoiding accessing sensitive information or clicking on pop-up ads. However, criminals still thrive on human errors, so technological solutions are a key backup that help to minimize risks,” he adds.
THE CYBER RISKS OF USING PUBLIC WI-FI
While connecting to public Wi-Fi is convenient and sometimes necessary for functions such as QR code menu scanning or mobile payments, cybercriminals are able to use lax security measures to infiltrate your devices and accounts.
Concerningly, hackers can access your information and logins even when entered on a secure site, as well as being able to use public Wi-Fi to deposit malware onto your device.
HACKERS STEALING YOUR DATA
A new kind of cyberattack called ‘WiKI-Eve’ was discovered in September 2023. WiKI-Eve was found to have been able to steal multiple passwords over Wi-Fi transmitted by most modern routers built since 2013.
It is able to do this by exploiting a vulnerability in something called beamforming feedback information (BFI) technology that is present on all routers that have introduced 802.11ac, also known as ‘Wi-Fi 5’, which is the majority of routers!
It has been shown that WiKI-Eve attacks are capable of achieving an astounding 88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for mobile application password theft. Cybercriminals with experience may carry out these attacks with some ease, using devices as small as a cell phone that can enable monitor mode.
In a demonstration of the vulnerabilities, the researchers investigating the WiKI-Eve cyber attack were able to set up a real-world case study where they are able to access a consenting victim’s WeChat Pay information by only using an iPhone, accessing compromised credentials and information about digital payments.
This password-stealing ability is made even more concerning when considering the password hygiene of the average person. In a recent study, SafetyDetectives found that 13 out of 30 of the most commonly used passwords feature only numbers, stating that “numeric patterns are worldwide favorite”. To make matters worse, when cybersecurity company Bitwarden surveyed 800 IT decision-makers from the UK and the US, it discovered that 90% of users reused passwords in the workplace. Many opted for simple, easy to remember, and therefore easy to guess, passwords such as “password”, or “12345678”. Others used the same passwords across multiple services, shared them with their friends and family, or wrote them down somewhere physically such as a post it note on a desk.
Of those questioned, 54% of respondents managed passwords with documents on their computer whilst 45% tried to simply memorize login credentials. When investigating workplace password sharing habits, Bitwarden found that security measures were severely lacking, with 38% of respondents using shared online documents, while 41% simply sharing the passwords via email.
With this epidemic of bad password practices, cybercriminals only have to exploit the vulnerability of one initial account to be able to access multiple and thereby cause incredibly impactful damage across all associated devices and logins.
CYBERCRIMINALS INFECTING YOUR DEVICE WITH MALWARE
Cybercriminals can use vulnerabilities in public Wi-Fi to infect your device with dangerous malware. If a malicious actor connects their device to the same public network as you, they can use Address Resolution Protocol (ARP) poisoning to gain access to your data. By utilizing specialist tool, they can scan the public Wi-Fi network for your device’s unique IP address as well as the main Wi-Fi router. They then send out fake ARP messages,to reveal the MAC (Media Access Control) address of both your device and the router. With these key pieces of information the hacker can impersonate your device and receive all the data that is transferred between you and the websites you visit, even if they are “secure”. This is a common hacking method known as ARP spoofing.
They can also use a technique known as ‘DNS poisoning’ or ‘DNS spoofing’. DNS servers translate website names that you would you type into an address bar e.g. www.techradar.com and convert them them into machine readable IP addresses. If an attacker is able to access your device e.g. through ARP Spoofing, or tamper with the public Wi-Fi router, you could type in the address of a legitimate website such as www.amazon.com, and be secretly redirected to a criminal phishing site. In this scenario the address bar will still show the web address for the website you intended to visit, hiding the criminal intent.
By using entrance techniques like ARP Spoofing and DNS Poisoning hackers can then deposit malware on your devices by redirecting you unknowingly to malicious links which will download the malware. Once your device is infected, they can continue to access it even when you disconnect from a public Wi-Fi hotspot and reconnect at home.
Beyond accessing your login credentials, security researchers have uncovered new malware components to the ‘Smokeloader’ malware that can use Wi-Fi triangulation to determine your devices real world location.
“Every 60 seconds it triangulates the infected systems’ positions by scanning nearby Wi-Fi access points as a data point for Google‘s geolocation API,” researchers at Secureworks say. “The location returned by Google’s geolocation API is then sent back to the adversary.”
The purpose of this frightening new geolocation is yet to be determined. Secure Works researchers suspect that learning the infected devices location could be used for intimidation tactics such as pressuring a victim into complying with their demands.
Although it can be scary, your device being infected with malware is not necessarily the end of the world. By ensuring your have malware removal and antivirus programs installed you can stop an infection in it’s track and reverse any damage. Malware removal tools on the are able to effectively remove viruses, malware, and ransomware, as well as fortify your computer against future attacks. While it is more important than ever to protect your devices than ever, the good news is it’s also easier than ever to install comprehensive and effective protection with a combination of the best malware removal tools and best antivirus software.
HOW TO PROTECT YOURSELF ON PUBLIC WI-FI
Virtual Private Networks, commonly referred to as ‘VPN’s’ are an important cybersecurity measure that can help to mitigate the risk of connecting to an unsecure public Wi-Fi network and enhance your online security. A VPN encrypts your online identity while you browse, ensuring that your browsing history is not stored on your device. It achieves this by establishing a digital connection between your device and a remote server owned by your VPN provider, encrypting your data in the process. This also allows you to conceal your IP address and bypass geographic specific content blocks or firewalls whilst browsing. The encrypted connection provided by a virtual private network adds an extra layer of protection, safeguarding your data from potential threats on unsecured Wi-Fi networks.
By utilizing a virtual private network, you are able to protect your privacy as well as fortify your online presence against a large array of cyber threats, creating a vitally more secure and private browsing experience.
