Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are public Wi-Fi hotspots really a major security risk?

John E Dunn | Aug. 24, 2015
Public Wi-Fi is used by many to avoid big roaming bills. Can its risks be mitigated?

Users who want to ensure that their browser uses HTTPs whenever possible can install the HTTPS Everywhere plug-in for Chrome, Firefox or Opera. That stops the browser entering a site through an HTTPS connection but then quietly moving to sub-domains that don't employ the same security.

A third and final layer are VPNs. These have tended to be used as a mechanism to avoid local blocking of UK or other services (e.g. BBC iPlayer) when abroad but they can also be used to set up a secure, encrypted connection through a third-party VPN server even when connecting to open hotspots. That will usually cost money and performance will be slower, but would still be less expensive than using mobile data roaming in most cases.

Regardless, business applications should always be accessed across a VPN with multi-factor authentication.

Captive portals
Public services such as hotels almost always stick a captive portal between the user and Internet access. It's important to remember that these are essentially authentication mechanisms for the business and don't offer any additional security although some might assume they do.

Two-factor authentication
Using services with verification is a good idea for any computer user but it has added benefits for anyone using an open Wi-Fi hotspot. Google offers 2-Step verification on all user accounts, which means that in the unlikely event that a password and username is intercepted, the criminals would still need to go through an added step (receiving an SMS code on a mobile phone) to break into the account.

Conclusion - open Wi-Fi hotspots are safe to use
Intel Security is right to point out that using open Wi-Fi is risky and there are sites we wouldn't advise users to access over an open connection even if they do have HTTPS such as banking websites, largely because of the risk of phishing or man-in-the-middle through an untrusted gateway. But Internet security has many layers. With the right precautions, on a lmited basis, open Wi-Fi hotspots are a perfectly safe alternative to mobile data for specific services.

But wait...
The real risk isn't the lack of encryption on public Wi-Fi but the lack of verification that a hotspot is genuine. A malicious or 'evil twin' hotspot can be set up to carry out spoofing attacks that manipulate DNS to feed the user convincing-looking login screens that turn out to be bogus. That's another reason why turning on two-factor or 2-step verification in tandem with a VPN is a good idea.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.