Unencypted Wi-Fi Networks
When you join an unencrypted Wi-Fi network (such as one at your local cafe), there are two main security concerns:
- Interception of your data while in transit
- Remote exploitation of your computer if it is running a vulnerable service, or if the attacker has a zero-day exploit to hand.
If you are use an open (unencrypted) Wi-Fi network, securing data in transit can be achieved by connecting to websites that use HTTPS, using a VPN, or a proxy application.
But VPNs and proxies can be a pain to use, so most people don’t bother. Not all sites use SSL and there are many failings in site’s implementations of SSL.
If you connect to an open network, anyone else on there can reach out to your machine. Have you ever heard of Man in the Middle attacks?
Wireless networks that are named very similar to legitimate ones, you connect and your data appears to be transferred to the appropriate sites. However, your data is harvested on the way through, including financial and personal information.
Allowing automatic connection is a feature offered by most devices, but it means those devices broadcast what networks they’re looking to connect to. Lots of criminals out there use tools such as the wifi-pineapple spoof those networks and allow your device to connect and again sucks down your information.
Encrypted Wi-Fi Networks
But I use a passphrase to join a network, that’s safe right?
Well yes and no. If the bad guys have the key, then you are equally at risk. I’m sure you’ve been to an event where the shared key has been provided to a number of people, maybe a training event or conference. Well, once the bad guy has the key, they can access your computer just as easily as being on an open network with you.
Having some security such as a secure key is good, but there are still weaknesses. Be aware and be smart!