When you’re ‘out and about’ running errands in the city, or popping into your favorite local coffee shop for a delicious skinny-extra-hot-double-oat-milk flat white and a little browse on your iPhone, the last thing you think about is Wi-fi security. But you should. Especially, if you are attending big events like Mobile World Congress or other conferences, where attendees tend to trust technology and undermine security a little too much. Although public Wi-fi is seen as a standard convenience of modern life, in reality, it’s much less innocent than we think. What are the threats, how can you spot them and avoid getting lured into Wi-fi trap? Get the facts to become smarter than the attackers.
No, it’s not a comedy sketch. DNS or Domain Name System spoofing is a type of hack that uses corrupt domain name system information to redirect online traffic to a malicious website, that is often impossible to detect. The domain is the name of a website, like fyde.com.
DNS spoofing can be very profitable for hackers. By redirecting users to authentic-looking phishing sites, attackers can steal personal data such as usernames and passwords from unsuspecting users. In another scam, DNS redirection can be used to display ads or collect user browsing data which later can be sold (and resold) to a range of companies. Globally, DNS spoofing is used by governments for Internet censorship, to limit Internet browsing in regions like China or the Middle East.
How can you avoid the DNS spoofing trap? Look for “https” in your browser’s address bar, for example, https://www.fyde.com. Only access websites where you see “https” and you know that the connection between your browser and a website is secure. Also look for the tiny padlock next to the URL in the address bar, which indicates that the connection to the site is encrypted and the owner of the server is a legitimate one. However, if “https” appears red or crossed out, you should leave the t site immediately.
Like the children’s game, monkey in the middle, a man-in-the-middle attack (MITM) attempts to intercept communications between two users to steal or manipulate data. In the game, also known as keep away, players try to toss a ball without it being stolen by the person in the middle. MITM attackers manipulate network traffic, effectively stealing control of the communications “ball” from users like you.
Imagine you are on a retailer’s website or checking your bank balance. Once your information passes through the attackers’ access point, they can see all the data exchanged while connected to the network. You may not notice anything suspicious, but the attacker is in complete control and can obtain sensitive information such as credit card details, important emails, passwords, access to social media accounts or internet browsing history. They can also stop users from exchanging data, redirect or divert messages and/or transactions, creating confusion and potential losses. With MITM attacks, it doesn’t matter whether you’re accessing secure sites or not, the information sent to the attackers’ access point isn’t encrypted when they receive it.
One of the easiest ways for attackers to access your browsing is to set up a Wi-fi connection with a sensible and genuine sounding name, think SFO airport or Westfield Shopping Center, and wait for you to join that connection. Bingo: they’ve got access to your device. The good news is, these are easy to avoid. Don’t join public Wi-fi hotspots that don’t require a password. If you do need to connect to a public network, avoid doing online banking or online shopping so that you don’t put your financial information at risk.
A little vigilance goes a long way in Wi-fi security. Check out our list for simple steps to protect your personal information.
Click the button below to protect your mobile phone with the Fyde app.