If you read it, it should scare the shit out of you. Seriously.
I encourage you to read it, even if it makes you not ever want to use wifi again.
Of course, using your own wifi may not be a terrible thing. But using public wifi is a serious threat to your online health (think bank accounts, passwords, and other private stuff like sites you visit when you think nobody else is watching).
In the article, the author (Maurits Martijn) tells the sordid tale of the ethical hacker, Wouter Slotboom, who is able to basically hack anybody's system (PC, Mac, iPhone, Android, iPad, etc.) within about 20 minutes and find out all sorts of personal stuff about them. For example:
[su_box title=”It's getting personal”]And now it’s getting really personal. We see that one visitor has the gay dating app Grindr installed on his smartphone. We also see the name and type of the smartphone he’s using (iPhone 5s). We stop here, but it would be a breeze to find out to who the phone belongs to. We also see that someone’s phone is attempting to connect to a server in Russia, sending the password along with it, which we are able to intercept.[/su_box]
Not enough to scare you away from ever using public wifi again? Here's another:
[su_box title=”You can be framed”]Slotboom shows me some more hacker tricks. Using an app on his phone, he is able to change specific words on any website. For example, whenever the word “Opstelten” (the name of a Dutch politician) is mentioned, people see the word “Dutroux” (the name of a convicted serial killer) rendered on the page instead. We tested it and it works. We try another trick: Anyone loading a website that includes pictures gets to see a picture selected by Slotboom. This all sounds funny if you’re looking for some mischief, but it also makes it possible to load images of child pornography on someone’s smartphone, the possession of which is a criminal offense.[/su_box]
In the case above, you didn't do anything illegal. But imagine for a moment you're a politician, running for office. Or a sports star or entertainer. Or just somebody who wants to frame you, maybe for kicks, or because they have something against you.
So, the article referenced above tells all the bad things that can be done to you if you choose to connect to a public wifi network (and my “choose” I mean your device chooses for you).
What it doesn't tell you is what to do.
Do you refrain from connecting to public wifi networks? Are there any best practices to safeguard yourself against such attacks? Or are you just a sitting duck?
Well, fortunately, there is an answer. I'll summarize, but more details can be found here:
Best options for Public Wifi
Your best options to defend yourself against crappy public wifi networks are the following, in order of preference:
- Don't use them. Instead, use your mobile data plan. It's far more secure.
- Get a VPN and use it!
- If you must use public wifi, turn off “automatic connections” (as the aforementioned article explains, hackers can easily “spoof” networks you most likely have connected to in the past and intercept all of your traffic).
UPDATE: Using a “Mifi” Device
This was inspired by a reader, who asked, “Should I use a VPN with my personal MiFi when I use it in a public place?”
…a few tips and a caveat.
First, the caveat: I'd always use a VPN with any wireless signal, whether it is cellular or not.
Cellular is far more secure than wifi.
You think it's going through a cellular channel (and MOST of it is) but a tiny part is transmitting through wifi (that is how your non-cellular laptop can connect to the mifi device).
SO if you want to be as secure as possible (and still use it), this is what I'd do:
- Make sure your mifi is using WPA2 encryption.
- Have all your software on all your devices up-to-date (OS, malware, anti-virus).
- Firewalls where appropriate (I like ZoneAlarm for my PC).
- VPN (as you know, I use Hide My Ass)
- Strong passwords (use LastPass to manage them)
- On your mifi (if you can), disable the DHCP server, stop auto broadcasting the SSID, and limit devices allowed to as few as it allows (one would be ideal). Also, if you can, limit to a specific MAC address (your PC's).
Here's a link to a guide that may be helpful (more detailed):