Is Guest WiFi Safe?
It’s hard to go to a pub, café, or hotel these days without running into public or guest WiFi. In many cases, an internet connection can feel like a necessity – keeping up with work or personal emails, arranging plans with friends, checking social media. Connecting is usually as easy as entering an email address, filling out a survey, or entering a code on a receipt.
It's an easy trap to fall into. Cellular data is expensive. In the US, 500 MB of pre-paid data costs an average of $85 US. If your contract doesn’t have a large data allowance, free WiFi is a godsend. However, that convenience comes with considerable risk to your privacy and security. If you’re not using a VPN at a public hotspot, you’re opening yourself up to all kind of malicious attacks and data interceptions such as sslstrip man-in-the-middle attack (analysed below), online activity monitoring, computer hijacking, restricted online browsing and many more serious security threats.
Public - Guest WiFi Security Risks
The biggest misconception about open WiFi is that it offers the same protection as your home network. That couldn’t be further from the truth. The annoying password on your home network does much more than keep people from connecting. It encrypts your data so that those on the outside have trouble looking in.
By nature, guest WiFi has no password. In most cases, that means no encryption. With a simple tool, anyone on the network can see which websites you’re visiting. In some cases, they can even intercept the emails you send, the files on your computer, and passwords. It doesn’t matter if you’re at a high-security airport or the coffee shop down the road.
Even when an attacker isn’t around, you’re putting trust in the security of everyone else on the network. You may have the latest version of Windows 10, but the person next to you could have no security knowledge. Some forms of malware attempt to spread themselves to other people on the network, and the user probably doesn’t even know about it.
Common WiFi Attacks used at Internet Hotspots
Thankfully, wifi snooping is on the decrease thanks to SSL encryption. This web standard is spreading across all the most popular sites, and you’ll notice it by the HTTPS icon in your browser (as seen in the image on the left). It means that while someone can see the url you’re on, they can’t see your emails or the password you just typed in. Unfortunately, this won’t stop someone resourceful. In fact, SSL can be bypassed with a single method.
In 2009, security expert Moxie Marlinspike introduced sslstrip. By routing a victim’s connection through their own machine, an attacker can redirect them to the HTTP version of the page. The browser won’t even detect this and the victim has no idea what’s going on.
Representation of how an sslstrip wifi attack works
The vulnerability comes from the fact that most users don’t type in “https://” at the beginning of every url. This means that when they first connect to the site, it’s HTTP. Most websites will then redirect users to an HTTPS version, but ssltrip steps in and sends back HTTP instead. The hacker can then view all the user’s requests in plaintext, collecting whatever information he likes.
Though attackers often need specialist software and some technical knowledge, packages such as WiFi Pineapple can make so-called “man-in-the-middle” attacks relatively simple. In a few clicks, users can pretend to be a public network, routing traffic through them rather than to the router. From there, the attacker can force the user to visit websites with malware, install key loggers, and plenty of other shady things. It’s not too difficult, and with the aid of YouTube, a seven-year-old did it in eleven minutes.
In some cases, attackers don’t even need any experience to view your information. Oftentimes, users connecting to hotel WiFi forget to change Windows sharing settings. This makes it easy for anybody to view your shared files with no hacking required. Sometimes this isn’t even password protected, making it child’s play.
However, there are also tools to make more complex processes simple. In 2010, a simple browser extension called FireSheep was released. The tool lets users catch browsing cookies from any website that doesn’t use HTTPS. Though many major websites such as Facebook and Gmail are protected, smaller sites often use HTTP, and many users have the same password for multiple sites.
Firesheep Firefox extension in action
Other tools let you do the same from an Android phone or other devices. And that’s assuming you’re connecting to the right network at all. A common method of attack is to set up a fake network, or honeypot. To the untrained eye, it won’t look out of place. Often, they will make sense in the context, named Starbucks WiFi, for example. In fact, an attacker owns it, and is logging everything you do. Our article configuring Windows 8 / 8.1 as an access point is a good example that shows just how easy it is to configure your workstation into a honeypot.