We all know that under no circumstances should we connect to a Wi-Fi network without a password. However, we sometimes forget another important fact. Just because a Wi-Fi network has a password does not mean it is secure. Hackers are well aware that very few users are still naive enough to use unprotected networks. That’s why they’ve specialized in public networks with passwords—those provided by hotels, restaurants, and airports, to be precise.
Public networks have never been secure
Whether or not a public network has WPA2 protection is irrelevant. If you are in a hotel and the reception has given you the password, then any other guest has that secret code too. Often, typing the password into our cell phone or laptop makes us believe that we are entering a secure environment. However, cybersecurity experts make it clear that we should not enter sensitive data such as banking details on these types of networks.
To keep this explanation interesting and understandable for everyone, let’s recall the first episode of the series Mr. Robot (HBO). Elliot is quietly eating breakfast on his laptop at Ron’s Coffee. He seems to be a regular customer at this establishment. The protagonist then calls the owner of the premises. Elliot explains that from the first time he visited the café, he found it suspicious that such a humble business had such a high-speed Internet connection (gigabit fiber). He then explains that he has intercepted the network traffic and discovered that it operates a child pornography website on the deep web. The police then enter and arrest the owner.
The scene introducing Elliot in Mr. Robot defines the character as an ethical hacker. But let’s not fool ourselves; Hackers of all kinds use the same technique. And they usually capture traffic from public networks not to expose criminals… but to empty the bank accounts of all the unwary people who use these unprotected networks.
Man in the middle and Evil Twin. Two attacks that are commonplace
As we said, any user connected to the same network as you can access your device without having physical access to it. This is the warning from expert Alex Bryszkowski, who has noticed a growing trend in the number of attacks on hotel Wi-Fi networks. The expert believes that in this type of password-protected network, users tend to let their guard down. The hotel room makes people feel like they are at home, in a safe environment. And that leads them to open social media profiles, check their bank accounts, or shop online.
The problem is that there are two types of attacks in which a hacker could be watching everything we do on the Internet without us even realizing it. The first is the famous “man in the middle” attack. As its name suggests, an attacker connected to the same network as us will be “listening” to all the packets traveling from our device to the router. From there, they can steal cookies, sessions, passwords, and even plain text.
On the other hand, there is the Evil Twin attack. This is when an attacker creates a fake Wi-Fi network with an SSID similar to the one you know. They usually give it the same password you already know, with the aim of getting you to take the bait. The result? The attackers will be watching your connection completely. This allows them to steal your data or inject malware if they wish. For example, they can redirect your browsing to fraudulent websites so that you enter your card details and they can steal your money.
How to protect yourself from attackers on public networks
As a general rule, we tend to think that any website with an SSL certificate (those beginning with https://) is secure. However, we must not let our guard down. There are advanced tools such as SSL Strip that allow the connection to be intercepted.
If you travel a lot, we recommend that you purchase a VPN service for your mobile phone and laptop. For as little as $10 a month, these services encrypt your connection so that even if attackers breach the network’s security, they won’t be able to see your online activity. On the other hand, if you want to avoid the expense, the most sensible thing to do is to use only your carrier’s mobile network, avoiding public networks in hotels, airports, and restaurants.