HOW often have you asked “Is there free WiFi connection here?” or heard someone in a coffee shop or hotel asking the question. WiFi connectivity is a must-have service these days and many don’t seem to be able to do without it.
What’s pushing this need for WiFi is the huge uptake of mobile devices like smartphones and tablets packed with apps and services. Not wanting to use up their limited data or pay a rather high price to consume data on 3G/4G networks, especially when roaming, the first thing they do when in a public place is to look for free WiFi to connect to the Internet.
A research by online accommodation booking service, Hotels.com, also revealed that free WiFi connectivity mattered most to global business, as well as leisure travellers. More than 50 per cent of business travellers and 35 per cent of leisure travellers picked a hotel based on its free WiFi offering.
This insatiable demand for WiFi has led to the tremendous growth of WiFi hotspots around the world and the numbers are set to grow from 1.3 million in 2011 to 5.8 million next year, marking a 350 per cent increase, according to research published by the Wireless Broadband Alliance (WBA), and compiled by market research company, Informa Telecoms and Media.
Even telecommunication companies providing cellular network connections are now offering WiFi hotspots as means to offload mobile broadband networks and to provide a value-added service to their customers.
In five years, according to some studies, 52 per cent of mobile traffic is expected to be offloaded onto WiFi networks from cellular networks.
F-Secure Corporation Sdn Bhd security adviser Goh Su Gim said while everything looks good, there were obvious weaknesses as WiFi networks were not built with security demands in mind and people usually logged onto public WiFi without question about the security of the network.
Criminals were exploiting the weaknesses and setting up rogue WiFi access points to deceive users and steal personal data, he added.
“The key issue is that public access points are not regulated, which means any one can put up access points and let anyone connect for free. It’s fine if it is done with good intentions.
“However, the reality is that there are people with malicious intentions. Unlike home wireless networks, public WiFi can be a risky platform to be on as it has strangers using it, and even more petrifying is that these WiFi access points may not be genuine.”
Goh, who studies the threat landscape on networks, explained that these fake points could be used to conduct a man-in-the-middle attack.
Such an attack takes place when an attacker dupes users to connect to a malicious WiFi network and then intercepts their communications to steal valuable information or personal data.
Even an existing genuine WiFi service, such as that of a hotel or cafe, can be “forced out” by using an access point with a stronger signal and no password on it that allows everyone using the service to reconnect without realising they are now on a rogue system.
“This actor can actually see every bit and byte of information that users are sending across the network as he has placed himself between the users and the resources they (the users) are communicating with.
“For instance, if it’s a financial transaction, they will get hold of the user’s credit card information. As long as the data is not encrypted, e-mail or WhatsApp messages in plain text, can be viewed easily,” said Goh.
A fake WiFi network was almost impossible to identify and this, he added, made it even more difficult for users to protect their privacy.
He said many websites used HTTPS (Hypertext Transfer Protocol Secure) connections to encrypt the transfer of data but even this could not be depended on to keep users protected.
HTTPS is based on the Secure Sockets Layer (SSL), a standard security technology for establishing an encrypted link between a server and a client, such as a website and a browser. SSL allows information, such as credit card numbers and log-in credentials, to be transmitted securely.
“Today, a hacker can pretend to be that encryption certificate authority and trick users into conducting their online transactions as though they are on a safe platform. This is why users have to be careful when on public WiFi — you can never tell what is bona fide.”
Relying on Internet security software, he said, could not guarantee your data was protected when on public WiFi. The capability of such software is limited to protecting devices from viruses but it would not be able to protect the data that users sent out from falling into the wrong hands.