How to use public Wi-Fi safely

We are constantly connected to public Wi-Fi hotspots – in shops, cafes and shopping centers. Is there a risk of losing important data with such connections? Yes, cybercriminals can not only track all your traffic, but also “extract” passwords with logins. We will tell you in more detail how to protect yourself when connecting to public Wi-Fi networks.

Fraud methods in open Wi-Fi hotspots
To clearly understand why you need to be extremely careful when using public wireless networks, let’s take a closer look at ways to steal information.

Sniffing . Interception of traffic from users who are connected via a wireless access point. In the HTTP protocol, all data is transmitted without encryption, so it is possible to fetch logins and passwords from them, as well as cookies to log into someone else’s account, even using public programs.

Substitution of sites. It is not so difficult to make a redirect in the Wi-Fi router settings. For example, a user tries to access the official page of a social network. An attacker creates a visual analogue of its home page with a similar domain name. Inattentive users do not notice the trick and enter their authorization data. It ends with the theft of logins, passwords and other personal information.

Creation of fake access points. You will say that it is enough to connect only to trusted Wi-Fi to avoid such problems. However, attackers often create their own Wi-Fi hotspots with similar or similar names. The problem is that most mobile gadgets automatically connect to Wi-Fi, which has the best signal strength. Because of this, you will not even know that you are connected to the cyberwar’s router.

WorkKeys PDF Dumps

NNAAP-NA PDF Dumps

GMAT-Test PDF Dumps

EPPP Exam Dumps

AICP Exam Dumps

TEAS Exam Dumps

TCLEOSE Dumps

SBAC Questions

SAT-Section-2-Mathematics PDF Questions

RPFT Questions

PSAT Questions PDF

PRAXIS-Writing-Section PDF Dumps

PRAXIS-Reading-Section Dumps

PRAXIS-Mathematics-Section Exam Dumps

PCAT Dumps

Security methods when using public Wi-Fi
We recommend that you always use the mobile Internet, especially if you want to log in to any sites or applications. If you still need to connect to public Wi-Fi, here are some useful recommendations.

Use HTTPS only
Hyper Text Transfer Protocol Secure differs from HTTP precisely in traffic encryption, making listening to the network almost useless. Even if hackers intercept the data, it will be extremely problematic to decipher and obtain useful information from it. Various encryption protocols are used in HTTPS: public key cryptosystem, Diffie-Hellman algorithm, symmetric encryption. HTTPS also implies the use of certificates – special digital signatures that uniquely identify a resource.

Almost all major resources, including social networks, online stores, and banking organizations, use HTTPS. What’s more, browsers usually won’t let you access sites that aren’t signed with a valid digital certificate. Users should be sure to pay attention to whether the site uses HTTPS. If not, then in no case fill out anything in it.

Is HTTPS Hacking Possible? Hackers periodically find various vulnerabilities, but the developers quickly fix them. Users are only required to regularly update applications (browsers, social networks, banking) and install security updates for mobile OS.

VPN Surfing
Virtual Private Network or “virtual private network”. Most active internet users are already familiar with this term. As a rule, VPN is used in order to gain access to blocked sites, for example, if the provider has forbidden to visit a particular resource.

VPN is another additional method of encrypting data in addition to HTTPS. It will help to hide data not only from the owner of the wireless access point, but also from the provider. VPN also provides an increased level of anonymity.

VPN provides several restrictions:

Low speeds. Since the site is accessed through a third-party service, the speed drops dramatically and delays increase.
Traffic restrictions. Many free VPNs only give you a certain amount of megabytes for surfing. Premium subscriptions with unlimited bandwidth and high speed are usually paid.
DNS leaks. Requests do not always go directly to the VPN service. Very often they go through public DNS, which could potentially declassify you.
Unreliable VPN service. In the worst case, VPN owners can use the collected information for their own selfish purposes.
If you’re looking to use a VPN, only trust large companies. For example, the Opera browser has a built-in VPN with unlimited traffic.

Additional OS customization
On Apple equipment, turn off the AirDrop function. It is designed to quickly transfer files and links between different devices. The problem is that one of the settings involves receiving data even without notifying the user himself. Attackers can send you a link to a phishing site or malware. Previously, AirDrop could even be used for DDoS attacks, which caused the smartphone to get stuck on receiving notifications.

You can turn off AirDrop through the control point in the wireless networks block, as shown in the image:

The second precaution is to disable auto-connect to Wi-Fi. The feature is convenient, but most users have no control over which access point they connect to. The risk that Wi-Fi turns out to be a “clone” from an attacker increases.

On Android, you need to go to advanced Wi-Fi settings and delete the saved networks. In this case, you will have to re-enter the password when connecting to any access point. The main inconvenience is that the network will have to be deleted from the saved ones every time so that Android does not automatically connect to it.

It is much faster and more convenient to disable auto-connect for specific networks:

On iOS, there is a similar clause:

Do not connect to networks that are encrypted with legacy WPA or WEP security protocols. Modern networks should use WPA2 PSK (AES) encryption or WPA / WPA2-PSK mixed encryption (TKIP / AES) to support the oldest devices.

Connecting two-factor authentication
If the attackers did find out the login and password of the account, then the last level of protection would be just two-factor authentication. The most reliable way is SMS confirmation to your phone, when you need to enter the code from the message to enter. It is extremely difficult to intercept SMS, therefore, more likely, thieves will never be able to get into your account.

A less reliable method is confirmation by e-mail. The problem is that cybercriminals can also intercept data for authorization in your e-mail, and then use your mail to recover your password. If the service offers protection by ip-address, then be sure to use it.

To enter social networks or personal accounts of banks, use only official applications. Moreover, they allow you to configure fingerprint access and do not save the password, as the browser can do.

Remember that there are no completely secure networks. Vulnerabilities are regularly found in the software of routers, smartphones and PCs that hackers can use to steal personal data.

Setting up the most secure Wi-Fi network
Not only public networks can be dangerous, but even a home Wi-Fi router. Your router can also be used to steal data. To prevent this, it is important to correctly configure the access point.

Replacing the standard password. To get into the settings of the router, you must enter your username and password. If right after the purchase you have the standard authorization data “admin / admin”, then immediately change them in the system settings section.

Disable remote control. Most routers allow remote configuration, which is a potential vulnerability. You can either restrict access to the web interface for local users or disable remote access. In the case of TP-link, you need to put all zeros in the line with the ip-address.

Disable the Broadcas t SSID function . By default, each router announces the name of its network, so you can find the network in the search list from your smartphone. You can turn off the broadcast of the SSID to improve security. In this case, when connecting from a smartphone, you will have to enter it manually, but this will create additional difficulties for attackers, since it will be more difficult to create a duplicate of your Wi-Fi.

 

Enabling strong encryption. We have already discussed which encryption protocols are considered the most reliable. It remains only to check whether they are used in your router in the “Wireless Security” sub-item.

Disable UPnP and related features. Routers have various forwarding tools that make it easier to manage local devices, for example, in a smart home. However, potential vulnerabilities in these functions can be exploited by hackers. If you do not have smart gadgets and a coplex home network, then it is better to disable UPnP, DLNA and analogs.

Update your router software. Even if the gadget works without any glitches, you need to keep track of the current firmware versions. In them, the developers eliminate all kinds of security vulnerabilities. You can always rollback by installing an older version of the firmware if problems arise with the new one. Firmware updates can be done via the web interface.

Emergence of new standards
Most of the routers have Wi-Fi 4 (802.11n) and Wi-Fi 5 (802.11ac) standards . The latter is considered Wi-Fi 6 (802.11ax) , in which signal stability and throughput have significantly increased. The developers have also improved the security of networks, in particular, a new encryption standard has appeared called WPA3.

The main innovation is SAE, a new authentication method that will replace the Pre-Shared Key (PSK). SAE operates on the principle of device fairness. Whereas previously one gadget was the requestor and the other was the authorization to connect, in SAE, either party can send connection requests.

Since messages no longer go back and forth in turn, it is more difficult for hackers to integrate into this chain, and dictionary attacks using brute-forcing passwords become impossible. Also, SAE sets a new encryption password for each new connection.

The latest routers from TP-Link are already available with WPA3 support. As this is a software enhancement, some WPA3 devices will be added in the future through a firmware update.

In stores: in 14 stores
The main recommendation is to use public Wi-Fi networks only to find information and do not log into different accounts.