Public Wi-Fi Security

Do you frequently use public wi-fi hotspots with your laptop, tablet or smart phone, say at the local coffee shop or bookstore, the airport, or the grocery store? Have you ever wondered whether that is safe to do? The answer is it probably isn’t safe, unless you have taken some precautions.

Believe it or not, there are crooks out there that connect to these same hotspots and just wait for the unsecured to connect, so that they can hack in and steal your information. And it is really easy to do, unless you set things up to block them.

First, some general things that should be done before you connect your laptop, tablet, or smart phone to a public wi-fi network. I won’t tell you how to do these things here, because there are too many devices and operating systems out there. And all of these really are necessary in order to be safe.

1. Turn off file and printer sharing.
2. Turn off automatic wi-fi connections to unknown networks.
3. Enable the firewall on your computer (either the one that came with the operating system, or the one that is part of your security software.
4. Disable Ad-Hoc networking (this is where two devices connect directly to each other without going through the router. See how here:

Then there are some things to do as well when you connect to the public wi-fi.

1. First is DO NOT CONNECT until you ask the establishment the name of their network, because one of the favorite ways to hack you is to go to, say, Starbucks and open up their own public hotspot called “Starbucks Free Wi-Fi” when the real one is called something like “Starbucks Hotspot.”
2. Avoid doing anything that requires a password if you can. If you must, then do it in a web browser and make sure before you put in your password that the site is secure by looking at the web address (it should say https at the beginning if it is secure. Or look for the padlock your browser uses to indicate secure websites. And you have a different long password (at least 12 characters) with mixed letters, numbers, and special characters right? If you don’t then look into Lastpass or Keepass, two free ways to get that done for yourself painlessly. This is important so that if one of your passwords is hacked, it only gets them in on one site, not every site where you used the same password.
3. One alternative to number two is to leave your home computer on and them connect to it from your laptop or tablet with a service like LogMeIn that establishes an encrypted link to your home computer and lets you control it and do your surfing, etc. on the secure home network.
4. Be aware of who or what is around you. Could someone be looking over your shoulder, either literally or with a telescope or camera (hidden or otherwise)?

OK, are you sufficiently freaked out yet? Haven’t been doing those things, have you? Then you were at risk! There are two ways to make yourself absolutely safe from these risks. One is don’t use them! The other is to set up your computer or smart phone to only connect to wi-fi via a VPN service. VPN sends all of your network traffic directly through its service using encryption, something like a virtual lead pipe directly to where the VPN is set up that no one can see through or access. This is technically difficult to set up, but absolutely foolproof. Your company may have one, or you can set one up from your home or office if you get a static IP address for that internet connection. Or you can use one of the the public VPN service providers, of which there are many, and some are free. The free ones are the ones most likely to bog down from too much traffic, but they may be worth a try. How to set one up is beyond the scope of this blog, but you can do a web search for setting up VPN, or you can ask us to do it for you.

Finally, keep in mind that none of this applies to your home or office wi-fi network, which SHOULD have proper security set up on it so that as long as you trust everyone who knows how to connect to that network (insert your own jokes here), then you are safe. Here is a quick primer on wi-fi security. There are three different protocols commonly used to protect wi-fi networks. The oldest, and now considered no better than no security at all, is WEP. It uses a 24-character key that is transmitted with every chunk of data. With 24 characters, there are only 16.7 million combinations possible. It also uses a fixed key shared by every device on the network. Some WEP devices could rotate between 4 different shared keys, but in the end, that made no difference. So WEP rotates through those 16.7 million keys on a repeating and predictable basis and uses it, along with the shared key on each device to encrypt and unencrypt data sent and received. Because the number of combinations is relatively small and repeated at predictable intervals, cracking programs are widely available that only have to sniff the data on a WEP network for as little as one minute and do 3 seconds of calculation and the security is hacked.

WPA, which was an interim standard while the world experts decided how to handle wi-fi security, and WPA2 are considered unhackable. First, they start with a 48-character key, for over 500 trillion possible combinations, and they essentially change the key with each packet of data it sends out, so there is no computer on earth or contemplated in the next 50 years that could possibly handle the hacking of such a network. WPA2 improved on this by adding some additional integrity checking into the equation. So, the only real vulnerability of WPA wi-fi networks is figuring out the password (actually, a passkey phrase is recommended, which can be 8 to 63 characters, but at least 12 and generated by a random password generator that uses letters, numbers, and special characters). Math wizards tell us that a 12-character password generated truly randomly would take in the neighborhood of 20 billion years to crack using brute force on today’s computers. So for your work wi-fi, ask if it is WPA or WPA2. If they know what they are doing, they will laugh and say of course it is WPA2 (or WPA) and what a silly question. If they hem and haw then don’t use the network or get them to upgrade the security. At home, if you don’t know how to check to see what your wi-fi security is then have someone who does do the checking. We can usually check that remotely for you when asked (you do have to let us in remotely in order to check, or DO YOU? <evil grin>).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.