Around this time of the year, many people are finding themselves on the move visiting friends and family, or just playing tourist somewhere in the world. Since it is 2013, however, one new problem has come up: “how do I get online while I’m on the go?”
Many travelers now expect wi-fi as part of their trip – whether at the airport, in the air, at their hotel, or at tourist attractions. A 2013 study found that 64% of hotels worldwide offered some form of free wi-fi. For some flights “gate to gate” wi-fi access is now available, ensuring you never have to be offline.
Unfortunately, there is a big problem. The wi-fi offered for travelers is frequently open wi-fi: this means that it is completely insecure against just about any attacker. It is trivial for an attacker to capture the traffic off an open access point, or even set up a fake one and conduct man-in-the-middle attacks. Wi-fi Protected Access (WPA) may prevent others from seeing your traffic but only if the access point is configured to do so.
Even “secure” wi-fi, if it is offered, is no assurance of security: you could be connecting to a rogue access point with the same access point name and password as the real network. Creating rogue access points is easy: if the password is known, anyone can create a duplicate access point. Even if you do connect to the real network, attackers can be on the very same network as you are. Being “secure” on any network with others that you may not trust is incredibly difficult.
On the other hand, there are good reasons to use free wi-fi. Many users face either strict data caps or high roaming costs. Getting data access if you’re travelling internationally is not always easy or cheap. Travel apps can be very useful on the go – for example they can provide directions in unfamiliar places, or point the way towards which places you want to specifically visit or eat at.
So, how can users stay safe on free wi-fi? Increasingly, there’s really only one way to do so: use a virtual private network (VPN).
VPNs have usually been the preserve of business travelers who wanted to connect to their company’s network securely. Now, however, they represent a relatively inexpensive way of securing one’s wi-fi connection from wi-fi attacks. There are many reputable VPN service providers with both free and paid services, and even paid services are not particularly expensive. Compared to the possible consequences of having one’s accounts compromised (quite possible with open wi-fi), such services are a bargain.
These services are not difficult to use. VPN support is built into both iOS and Android, and all reputable services should provide some sort of guide on how to set up your mobile device.
Figures 1-2. iOS and Android VPN setting locations
Given how much of our digital lives is now in our mobile devices, it is a great idea to protect these as much as possible. As free wi-fi is fundamentally insecure and is increasingly under attack, users who care about their privacy and security should use VPNs to protect their network traffic if they can.
What if you’re a business that wants to offer free wi-fi to your customers? The solution to this is fairly simple: use secure wi-fi, but make the SSID and password known publicly. It can be a sign in public, a line on the receipt – it can be different for each business. Even a publicly shared password offers security against casual eavesdropping, although some attacks (like rogue access points) can’t be stopped this way. However, it is an improvement over a completely open network.