Everybody is going wireless. Data published by Strategy Analytics last year estimated that the United States already had a Wi-Fi penetration of over 60%. That figure is already pretty high, but the U.S. actually ranked only 7th worldwide. South Korea is by far the most widely connected with a penetration rate of over 80%. Judging by how well net-capable consumer electronics performed in 2012, this trend isn’t likely to slow down any time soon. Strategy Analytics found that 89% of the total consumer electronics revenues in 2012 were from connected devices. This figure is even expected to rise by a significant amount by 2016.
The prevalence of Wi-Fi-capable devices and wireless networks, however, do not seem to have a significant impact on the average user’s knowledge of how to protect from id theft. A survey conducted by Wakefield Research in 2011 found that while Wi-Fi users know what they should do to protect their data, a large number are yet to take the necessary steps to increase security. According to the survey, two out of three respondents were aware that the security of their data depends on their actions. A whopping 85% of the respondents also knew their Wi-Fi devices should not be set to automatically share data. Only 62%, however, actually had the auto-sharing feature turned off.
One way of protecting sensitive data on your Wi-Fi enabled device is to use a Virtual Private Network or VPN whenever you connect to a Wi-Fi hotspot. A VPN encrypts the data sent across even public networks, giving it all the functionality and security that a private network provides. It puts up a firewall to protect your data from the prying eyes of unscrupulous individuals. Unfortunately, Wakefield Research’s survey only turned up a dismal 18% of respondents who used VPN tools when connecting to a public hotspot.
A more recent survey done by the non-profit Identity Theft Resource Center (ITRC) echoed the data collected by Wakefield Research. Only 60% of those surveyed were concerned about identity thieves. The remaining 40% either did not know the risks or believed that their personal information was secure. On a brighter note, 58% knew VPNs can help them keep their data safe from an unscrupulous identity monitor. This data is encouraging because sometimes, these VPN tools can be the only things protecting you from someone who wants to steal your personal data. The bad guys have quite an arsenal of tools and techniques to commit identity theft. These include the following:
- Software sniffers - These allow identity thieves to intercept data passively. It’s the simplest and most basic attack since basically all the hacker has to do is set the software up and point it at an unsecured network. Any unprotected data that goes through that network can then be compromised. The software as well as tutorial videos on how to use it are freely available on the Internet. Fortunately, protecting your device with a VPN will make short work of a sniffer.
- “Rogue” networks – Sometimes, all a hacker has to do is set up a rogue network that advertises itself as a “free” public Wi-Fi hotspot to steal data from unsuspecting users. In reality, the hotspot is an ad hoc network that grants the hacker access to the data stored on your device. These rogue networks can be most prevalent at airports, coffee shops and restaurants. Incidentally, a survey conducted by the ITRC found that 75% of their respondents use free Wi-Fi services in the latter two locations. Once you see an unsecured Wi-Fi connection marked “Free Public Wi-Fi” on your device, quickly delete it so that your laptop does not auto-connect to available wireless networks.
- Evil twin – Hackers can also go the extra mile and disguise their fake network as a legitimate and secure connection. With the right equipment, a hacker can target an actual hotspot and replace it with its “evil twin”. The hacker can then steal any passwords, credit card numbers, and other sensitive information from whoever connects to the fake network either by snooping or through phishing. For those who don’t know, phishing involves setting up a fake web site (one masquerading as Facebook, for example) where people have to log on.
- Session hijacking – Session hijacking, also known as sidejacking, has been around since 2004. This form of attack uses packet sniffing to steal a session cookie from a site that you visited. These cookies are sent to you by a website that you log on to and typically contain usernames and passwords. Once a hacker gains control of the cookie, the hacker can then freely log on to, say, your Facebook or email account.
- Man-in-the-middle - ID theft through gadgets that have Wi-Fi capabilities can also be perpetrated by this sidejacking variant. In sidejacking, a hacker at point A can join in the “conversation” between points B and C by letting the cookie pass through the hacker’s machine. In this variant, the hacker inserts himself into the middle and manipulates the data from both points B and C that passes through his machine. For example, hacker John inserts himself into the middle of a conversation between Jack and Jill. Hacker John is then able to intercept all of the messages Jack and Jill are passing to each other and even insert a few of his own without Jack and Jill knowing.
With all these different kinds of attacks, how is the average consumer supposed to keep his data safe? As stated earlier, VPNs can be indispensable in the fight against identity thieves and are also no longer restricted to laptops and desktop computers. VPN apps are now available for smartphones and tablets, as well.
Visiting only encrypted websites when you’re not behind a private network is also recommended. You can tell if a website is encrypted by looking for “https” at the beginning of its web address or URL. Some websites only use secure encryption on their login screens, though, so look for the extra “s” on every page you visit. Some browser plugins can also help encrypt your data even on websites that don’t use full encryption. Don’t stay signed in to your accounts, either. Make it a habit to log out when you’re out using a public hotspot.
Hopefully, this article will help you stay more secure when you use non-private networks. If you found it useful, please share it with your friends and family. Feel free to share your own tips and experiences in the comments section, as well.