The problem with public Wi-Fi is that there are a tremendous number of risks that go along with these networks. While business owners may believe they’re providing a valuable service to their customers, chances are the security on these networks is lax or nonexistent.
Man in the Middle Attacks
One of the most common threats on these networks is called a Man in the Middle (MitM) attack. Essentially, a MitM attack is a form of eavesdropping. When a computer makes a connection to the Internet, data is sent from point A (computer) to point B (service/website), and vulnerabilities can allow an attacker to get in between these transmissions and “read” them. So what you thought was private no longer is.
Encryption means that the messages that are sent between your computer and the wireless router are in the form of a “secret code,” so that they cannot be read by anyone who doesn’t have the key to decipher the code. Most routers are shipped from the factory with encryption turned off by default, and it must be turned on when the network is set up. If an IT professional sets up the network, then chances are good that encryption has been enabled. However, there is no surefire way to tell if this has happened.
Thanks to software vulnerabilities, there are also ways that attackers can slip malware onto your computer without you even knowing. A software vulnerability is a security hole or weakness found in an operating system or software program. Hackers can exploit this weakness by writing code to target a specific vulnerability, and then inject the malware onto your device.
Snooping & Sniffing
Wi-Fi snooping and sniffing is what it sounds like. Cybercriminals can buy special software kits and even devices to help assist them with eavesdropping on Wi-Fi signals. This technique can allow the attackers to access everything that you are doing online — from viewing whole webpages you have visited (including any information you may have filled out while visiting that webpage) to being able to capture your login credentials, and even being able to hijack your accounts.
These “rogue access points” trick victims into connecting to what they think is a legitimate network because the name sounds reputable. Say you’re staying at the Goodnyght Inn and want to connect to the hotel’s Wi-Fi. You may think you’re selecting the correct one when you click on “GoodNyte Inn,” but you haven’t. Instead, you’ve just connected to a rogue hotspot set up by cybercriminals who can now view your sensitive information.
“No technology that’s connected to the internet is unhackable.”
― Abhijit Naskar, The Gospel of Technology