Public warned on dodgy public Wifi hotspots

Inside A Starbucks Store And The

That coffee shop or leisure centre Wi-Fi spot may be free and convenient, but it could also empty your bank account. Attacks on smartphone and tablet security is increasing, especially if you use online banking or even Facebook, according to security experts. Your data can be very quickly harvested, and used against you.

How bad is the situation - and what can you do to protect yourself, and your finances?


Virtually mugged

When you're out in public and accessing a Wi-Fi network, you'll be usually presented with a list of Wi-Fi hotspots. But some cyber criminals will deliberately set up a 'Free Public Wi-Fi' network, encouraging you to log on.

The cyber criminal may be simultaneously electronically sucking down your bank passwords from your smartphone or tablet.

When security expert James Lyne from security company Sophos created his own fake Free Public Wi-Fi spot in the Capital - see this 'Warbiking' video - almost 3000 people connected. More than a hundred went onto use banking mobile services.

"This willingness to connect to any wireless network that professes to offer free Wi-Fi," Lyne told Infosecurity, "without ensuring you have some kind of security measures in place, is like shouting your personal or company information out of the nearest window and being surprised when someone abuses it."

Open and insecure

Creaming off money from bank accounts would have been quite straightforward and quick for Lyne. Ways to beat the criminals? Experts suggest setting up your own Virtual Private Network, or VPN, which remotely uses your home computer connection to boost online security.

But daunting to do if you're not an IT expert. The most straightforward advice is to be picky - much pickier - when using public Wi-Fi hotspots, and making sure your security phone patching is up to date, i.e. ensuring you've got the latest software update.

Last November the European Parliament had to switch off its own public wi-fi service when it was found several mail-boxes had been hacked and passwords electronically hoovered up.

In short, only use trusted, secure Wi-Fi networks when doing anything confidential and make sure any website is secure by looking for 'https' in the URL, plus the unbroken padlock symbol.

Get encrypted for free

"When browsing the internet," advises Which?, "you might notice four characters, 'http' located in the address bar at the beginning of a web address. We suggest that when you type a Web address into your browser, preface it with 'https' instead of the usual http.'"

This activates something called Secure Socket Layer (SSL) says Which?, which is a swanky term for encrypted browser traffic.

"This means your internet data is translated into secret code. However, not all websites support the encryption, but if you're using a Chrome or Firefox browser, there are specific browser plugins available called HTTPS Anywhere."
Read Full Story