Wi-Fi has significantly changed the way we work and play, enabling us to interact with the digital world from anywhere in the physical world. Furthermore, free Wi-Fi access is on the rise, from local coffee shops to international restaurant chains. However, the convenience of free Wi-Fi comes with some real threats, from computer viruses to identity theft.
Wi-Fi is a type of wireless local area network (WLAN) technology that enables an electronic device such as a laptop or smartphone to exchange data or connect to the Internet using radio waves. The core technology behind Wi-Fi is a device called an access point, which acts like a bridge between the wired network and the Wi-Fi network. The access point, in turn, typically connects to the Internet via a network router.
To prevent attackers from stealing data, Wi-Fi includes a set of protocols for user device authentication and data encryption. These protocols, which reside on both the access point and the connecting device, use a pre-defined passphrase or other form of unique identification to authorize the user and encrypt data so that it can only be accessed by a designated device. WPA2, the currently recommended security standard, uses a pre-shared key (PSK) in the form of a series of text letters to authenticate users and encrypt data. Below is a high-level description of how an electronic device and an access point communicate using the WPA2 protocol (i.e., the "four way handshake").
Public Wi-Fi risks
Public access points, called "hotspots," allow many people within a specified area to tune into a specific radio transmission. In other words, everyone sitting in a Starbucks cafe can access the "Starbucks Wi-Fi" channel to connect to the Internet. Unfortunately, public hotspots also allow anyone within the area to potentially read data that is not addressed to them. Below are some common ways that your privacy can be breached while using public Wi-Fi.
* Network Sniffing. To steal your personal information all an attacker needs is a "sniffing" application that intercepts and gathers all visible traffic on a channel. Although WPA2 encrypts each connection between a Wi-Fi network and a user's client, it is only designed to keep people who do not know the PSK off the network. If an attacker sniffs the four-way handshake and captures the PSK, he can decrypt all the traffic designated to your device until the PSK is changed. Even if the attacker doesn't have the PSK, he may try to sniff the data itself and then try to use brute force to discover the key. The quality of the PSK that a wireless network administrator selects (i.e., length, different letter cases, use of symbols or known words) can have an impact on how easy or difficult it is to obtain the key.
Sign up for CIO Asia eNewsletters.