Wi-Fi is now a household term in Kenya. We can spot “Wi-Fi Available” stickers in many restaurants, pubs, hotels, matatus (had to mention this one), hospitals and basically any upscale marketplace you can think of. Furthermore, with Facebook, Instagram, Twitter, WhatsApp, and other popular social networks, we have basically become zombies. When offered free access to internet (whether as an after-sales service or as a sales and marketing strategy), we embrace it without second thoughts. The dangers of these public or free Wi-Fi hotpots remain oblivious to us.
Did you know that a hacker can easily gain access and control of your phone or laptop through these public Wi-Fi hotspots? All they need to do is join your network (though not necessary in light of packet sniffing). Hackers can install malware, browser your files, read your messages, view your location history and so much more. Some of us have our banking applications installed on our mobile devices and once we get a bill, say from a restaurant, we rush to the app (still connected to the public hotspot) and initiate a withdrawal. For some of us, we have file sharing option tuned on our laptops. This means that once connected to the network, anyone in that network can access your files and depending on your settings, can copy, edit or delete from your computer.
We understand that Kenya is a little malnourished when it comes to information on cybersecurity. Many of us do not understand the need to protect our devices or the implication of leaked data from our devices. This is the reason why what I am talking about may not make much sense or impact to some of us. Ignorance, however, is no defense. Let me describe a few ways through which you can get hacked when on a public Wi-Fi hotspot:
Man in the Middle Attacks
Man in the middle Attack refers to the situation where the communication between your browser and your server, for example, is intercepted by an unauthorized person. How do I put this? Let’s say you want to log into your Facebook account using your phone or computer browser. You open your browser and type “facebook.com” in the address bar and wait for it to load up before signing in. When you type and hit enter, the request is sent to the Facebook server. With Man-in-the-Middle attack, hackers position themselves between your computer and the server and they are able to capture your requests to the server. In our case, the request is to render the facebook page. Once the hackers capture this request, they can send back a response to your browser with a “fake” Facebook log in page. Oblivious to this, you will proceed to enter your Facebook details in the form provided and send that information direct to the hackers as opposed to the Facebook server. This kind of an attack is common on public networks where the security of the network is not optimized. You may think that you are communicating with Facebook but in reality, someone is manipulating what you are seeing on your screen. Please note that this is not specific to browser-server communication. That was just an example scenario. So, when on public Wi-Fi Hotspots, please avoid logging into sensitive pages, especially your online banking account.
Fake Wi-Fi Access Points
Let us say you are waiting for your order at “My Favorite Restaurant”. While in the process of waiting, you pick up your phone and see a notification for free Wi-Fi networks available. Loading up the screen, you see “My Favorite Restaurant Free Wi-Fi”. Your face lights up and you click connect to the network. You did not have any second thoughts because the Wi-Fi SSID (read name) was “My Favorite Restaurant Free Wi-Fi” and since you are at “My Favorite Restaurant”, that must be their free Wi-Fi. Unaware to you, you may have just connected to hacker’s fake Wi-Fi Access point. Once connected, you are at their mercies. See how easy that was?
As described in the Man in the Middle Attack, packet sniffing refers to the use of special software and even hardware to listen to “packets” moving across the network. For the sake of this article, packets will be defined as the messages moving across the network (I know this is a poor attempt at an easy definition of packets). Hackers may be interested in individuals moving certain “messages” across the network. For example, they may filter any “messages” with the term ‘bank”. Once they get a hit, they target your communication and “listen in” to your conversation about “bank”. Sounds like a movie, right? Well, it happens.
Are these three reasons strong enough to discourage you from using Public or Free Wi-Fi? If not, I will probably give you more reasons next time.