It’s a lovely afternoon and you’re sitting at a cafe sipping a nice cup of coffee while using the public WiFi. While this may seem like a rather pleasant experience, it could soon turn into a disastrous one.
Journalist Maurits Martijn from the Dutch independent investigative news outlet, De Correspondent, recently published an extraordinary experience that he had where he took Wouter Slotboom, a hacker and cyber crime advocate, to a local cafe. Using a device that cost 70 euros, Slotboom demonstrated in a mere 20 minutes how easy it was to find out where everyone was born, what schools they attended, their occupation, hobbies, sexual orientation, passwords, what apps they are using, and the last 5 things that they googled.
Information comes flooding in, even from visitors who are not actively working or surfing. Many email programs and apps constantly make contact with their servers—a necessary step for a device to retrieve new emails. For some devices and programs, we are able to see what information is being sent, and to which server.
And now it’s getting really personal. We see that one visitor has the gay dating app Grindr installed on his smartphone. We also see the name and type of the smartphone he’s using (iPhone 5s). We stop here, but it would be a breeze to find out to who the phone belongs to. We also see that someone’s phone is attempting to connect to a server in Russia, sending the password along with it, which we are able to intercept.
One of the easiest ways that hackers with bad intentions easily find out your private information is to use fake wireless networks. They are considered a hackers ‘best friend’ as it leverages people’s desire to use free internet access which they do gain in exchange for secretly being able to eavesdrop on them without them knowing.
We see more and more visitors log on to our fictitious network. The siren song of the little black device appears to be irresistible. Already 20 smartphones and laptops are ours. If he wanted to, Slotboom could now completely ruin the lives of the people connected: He can retrieve their passwords, steal their identity, and plunder their bank accounts. Later today, he will show me how. I have given him permission to hack me in order to demonstrate what he is capable of, though it could be done to anyone with a smartphone in search of a network, or a laptop connecting to a WiFi network.
In the past, BankVault has published 8 ways that you can protect yourself against public WiFi hacking.
The key is awareness that public WiFi networks are not secure. While this isn’t exactly brand new, we should always remember that our devices are at risk when connecting to it. Even if you are using your computer or mobile device to look up information that isn’t that important in the grand scheme of things such as looking up a restaurant, hackers can find out who you are and what your passwords are like Slotboom demonstrated. Here are some of the things that you can do:
- Make sure that you are using the real public WiFi network. Confirm with an employee that it is truly their WiFi name and the IP address if possible.
- Never use websites and apps with that use your personal sensitive data whilst in public. Save all the social media, online shopping, and online banking for when you’re using a known, private, and safe network.
- Protect your devices with anti-virus software. While anti-virus software is not a magic bullet and has flaws, it is an important computer and internet security software. Make sure that your anti-virus software is up to date.
- Use BankVault. As an additional security layer, BankVault is able to safely encrypt your data. This eliminates any risk of you having your data ‘overheard’ and intercepted by a cyber criminal. VPN‘s can also be used however they are less secure.
- If you are out and about, avoid public WIFi and connect using your mobile data on your mobile phone or use a paid WiFi dongle. These personal WiFi devices are available from major telecommunications companies. They are cheap, convenient, and faster than any public WiFi that you may use.