By Tony Larks, Vice President, Global Consumer Marketing, Trend Micro
Have you ever used a public Wi-Fi hotspot? Have you ever checked your email, or logged into a personal online account using that hotspot? If the answer is yes, and we’ve all done it at least once in our lives, you’re putting yourself and your online safety at risk.
Here’s the deal: You’re in a bar/restaurant/hotel lobby/airport departure lounge/cafe. You’re sick of maxing out your 3G data tariff but you need to check your emails for the 100th time that day. Maybe you’re waiting for an important message from your partner/parents/long-lost cousin Alfonse – who knows? Anyway, you notice the venue has unsecured Wi-Fi, you jump on and check away, maybe do a bit of browsing while you’re at it, log-in to some online web accounts, possible even check your bank balance. Then your date arrives/flight is called/movie starts and you shut down – no harm done right?
Unfortunately, tools are readily available online that allow anyone with malicious intent to snoop on your web browsing session if you’re on public Wi-Fi. A couple of years ago, a security researcher even built one of these “sniffing” tools (dubbed Firesheep) as an add-on for popular browser Firefox. Some bad guys could jump on the same network and lift your email or banking log-ins, or other info, without you even knowing it. Not good news.
Don’t think either that if you’ve obtained the password from the friendly bar staff/hotel concierge/barista that you’re safe, because the same bad guys may have already done that too. Nor will a paid-for public Wi-Fi hotspot offer any more protection.
Staying safe in full view
So what should you do? Well, the only traffic that the bad guys won’t be able to snoop on is websites with”https” at the beginning of their URL. The “s” means “secure” and indicates the traffic to and from these sites is encrypted, so any cyber hoodlum trying to spy on you will only see gibberish. Gmail is using https now, as is Twitter, but it’s by no means ubiquitous, so be sure to check. Be aware too that some sites only use it for the log-in page and then revert to regular http, which the bad guys can see.
For the super-techie, it’s possible to subscribe to a VPN service – which will set up a kind of encrypted cyber tunnel from your location to the website – to protect your browsing, but life’s usually too short for this.
Otherwise, if you must jump on a public hotspot, stick to checking the news, watching YouTube clips, or pictures of hilarious cats. Don’t visit a site or online account via public Wi-Fi if you’d not be comfortable with letting a complete stranger sit and look at it over your shoulder – because that could effectively be what’s happening.
[Home users are safer – just make sure your router encryption is turned on and you set up a strong password as soon as you get it. ]
Tony Larks works for Trend Micro and is guest blogging for the Fearless Web. The opinions expressed here are his own.