Public Wifi is a lifesaver when you really need to answer work emails in the airport – or continue futile Facebook arguments in the queue at Costa.
But it leaks like a sieve.
As soon as you’re connected to public wifi there’s a target on your back. It’s really that simple. This has been true ever since there’s been public wifi, and since that’s now a long time, you’d think someone would have done something about it by now.
But apparently not. In fact the field has simply been left open for crooks and scammers who have developed ever more sophisticated ways of conning you out of your data and your money.
Please sign in to the network
Most recent to be unearthed is one so simple and audacious it’s actually pretty impressive. Instead of trying to steal your emails or insert malicious code into your browser, these guys just pretend to be the network.
This image is taken from a site that promises to teach you how to do it, though I’m sure in their case it’s just for fun.
NBC journalist Jeff Rossen discovered that the new gold standard in wifi skullduggery is as simple as it is effective. Attackers just set up a network that looks benign, but actually belongs to them.
It has the same name as the real one if it’s done well, or just one that’s very similar. Spotting the difference isn’t always easy.
If you own a network, you can pretty well do whatever you like on it. Including watch everything everyone does, push whatever code you want at them and redirect them to malicious sites and steal the login details they’d use for the real ones.
And you can see everything too: every byte of unprotected data. That doesn’t just mean what you knowingly send: it means what the phone apps, browser windows and programs you use send in the backround, without your say-so.
We’re talking credit card info, Facebook pictures and information, where you live…
Yep. Scary stuff. Finding out these people probably just want to rob you is actually a relief, which sounds to me like the worst holiday review ever.
Welcome to the hotel scam and rob ya …
…such a lovely place.
This is kind of genius. Rossen discovered that the main places this scam gets used aren’t airport lounges and coffee shops but hotels.
Holidaymakers get to the hotel, often in a foreign country where they don’t speak the language and everything’s just a little… wel… foreign.
We’ve all been here: you see something weird, and it’s just one more thing you’re not used to seeing.
Must be how they do stuff around here.
What you’re probably not going to do is sit down on that poolside recliner, sip on that piña colada and carefully examine the wifi network name to make sure it’s exactly the same as the hotel name you probably already forgot anyway.
It’s exactly this tendency that the latest round of crooks are relying on.
So what can you do about it?
How can you protect yourself against this?
Turn ‘autojoin’ off on your phone to stop your phone jumping on a network it thinks is legit. Rossens recommends logging off wifi to do anything sensitive or important – like buying anything or checking your bank statement or Paypal.
One simple trick is to sign in and out of the network regularly and each time, try using a fake room number: real hotel networks won’t let you on if your details don’t add up, fake ones don’t know and don’t care.
Oh, and maybe consider getting a VPN.
Will it protect you against this specific hack?
Yes, because it will encrypt your traffic so even the network operator can’t see it.
And will it protect you against all the other, sure-we-know-about-it-but-whaddaya-gonna-do nastiness that public wifi brings, like man-in-the-middle attacks?
So double check, turn off autoconnect… and get a VPN already!
"A speedy VPN that's very easy to use and covers basic privacy needs well enough"
- Excellent available variety of servers
- Servers are fast and secure
- Offers six connections
- Safe Wi-Fi Protection
- Loads Websites 3 To 5 Times Faster
- No Logging