Why not (Public) Wi-Fi?
By Matthew Padulchick on Monday, March 16th, 2015
Our dependence on mobile devices continues to grow — along with our demand for constant connectivity. Over a billion smart phones were sold worldwide in 2014 according to IDC as reported in HUFFPOST TECH. And just think — these numbers don’t include laptops or tablets!
With so many devices in use on a daily basis, businesses and municipalities have seen a great opportunity in offering public wireless networks to their patrons and citizens. It encourages customers to linger at an establishment, and builds a strong bond with the community. On the surface, it seems like an excellent idea. But there are real dangers lurking in these well intentioned – but vulnerable – public wireless networks.
Your favorite coffee shops and fast food chains want to provide a convenient way for you to reload your loyalty card and browse the web, but they’re also potentially serving your data up to others on that network. Here I’ll provide some tips for understanding how this technology works, and for keeping your information safe.
How Wi-Fi Works
Think of a wireless network as a few groups of people standing in a room having “private” conversations. Polite members of each group will choose to ignore conversations not intended for them, listening only to the conversation they are engaged in. But like any conversation taking place in public, it’s easy for someone nearby to overhear.
When you’re on a wireless network, every website you visit and every file you send is transmitted to everyone else who is connected to that network. Normally, each computer for whom the information isn’t intended ignores and discards it. But wireless devices, in the wrong hands, can be configured to capture and store all of that information. That’s why it’s never a good idea to use public wireless networks to do online banking or to access any other sensitive personal information.
A Few of the Tricks
Aside from simply “listening in”, there are a number of other ways to take advantage of public wireless networks to steal personal information.
SSID spoofing is when an attacker creates a fake wireless network with the same name as a public or known network, using name recognition to lure you in. Making matters worse, many cellular providers program a bias for accessing wireless networks into their devices to reduce network usage. Your phone is trying to access any available networks all the time by default.
Once that fake wireless network is established, devices can connect automatically – without device-users realizing it. These networks are designed to be attractive; they have the strongest signal available and no passphrase is required. Devices will favor them and they’ll look good to you, too. Once you connect to the fake network, the attacker will be able to see all of your traffic and collect the data passing through it.
DNS, or Domain Name System, is how website names (domain names) are translated into IP addresses – a series of numbers and dots (for example, 220.127.116.11). A domain name is simply a meaningful and easy-to-remember handle for a web address. The real information your devices use to navigate to different sites is the IP address. Your devices find that information via DNS requests.
DNS spoofing means that would-be attackers have done a little research to find the most commonly accessed websites on a given network (Facebook, Google, local banking sites, etc.). Then they clone those sites on their own computers and begin sending out answers to your device’s DNS requests – intercepting your attempt to reach one of those trusted sites and gaining access to your information. You’ll believe the URL you see in your browser bar; you’ll see the familiar login screen and you’ll most likely provide your username and password. At that point, your information is harvested and you’re forwarded to the actual site you wanted to visit. There, you’ll see a failed login and will be prompted to try again. But everything’s fine, right? Logins just fail sometimes…
ARP (Address Resolution Protocol) requests map IP addresses to MAC (Media Access Control) addresses, or physical machine addresses. A MAC address is a series of numbers and colons (for example A2:E9:00:12:FF:39. While an IP address lets computers talk across multiple networks, MAC addresses are for communication on a local network. Every computer has a MAC address hard-coded to the network card that cannot be changed.
ARP spoofing is very similar to DNS spoofing but instead of cloning a website, the attacker positions himself between the local network and the internet. The attacker’s computer will receive all of the requests you send out (for websites, files, etc.) and record them before sending that information along to the intended recipient. The end result is that the attacker has captured all of your data without you noticing that anything has gone wrong.
What can you do?
These are just a few examples of why and how open networks carry risks. Here are three simple steps that can keep you safe from these types of attacks:
1.) Disable Wi-Fi when you aren’t using the internet.
2.) Read browser warnings. If the website you’re visiting is showing a certificate error or other warning, chances are, you or the site is being attacked, or your activity is being filtered and intercepted by a third party.
3.) Limit visiting secure sites when you are mobile. If you must perform sensitive functions on the go, disable Wi-Fi and use your cellular service to connect – it’s much more secure than any public network.
You have many solutions to guard your information, the key is staying informed, building good habits and being diligent. In addition to the radius180 blog, here are a few great resources for staying current:
@schneierblog Bruce Schneier is an internationally renowned security technologist and author.
And if you have questions, firstname.lastname@example.org.