Great example of that is the operation called Darkhotel APT. Basically it was an intelligent virus that stole a lot of sensitive user data. Many people fell victims of the mentioned malware including CEO's of big corporations who used free WiFi spots. According to statistics, more than 60% of all WiFi spots have no protection whatsoever. This makes it easier to connect to such network. As a side effect, however we have the vulnerability of such network towards hacker attacks.
Experts state that great percentage of such malware infects device of hotel residents over WiFi in less than 2 seconds. CEO's and businessmen who travel to Asia regularly fall victims of such fraudulent schemes.
Why free WiFi is a risk?
A WiFi network that does not have a password will most likely have no protection like firewalls or closed ports. This means that an attacker can hypothetically identify your IP address and break into your device using standard system administrator tools.
The main dangers are:
- Malicious software (e.g malware, spyware, adware) can be installed on your PC/tablet/smart-phone. Intruders utilize Trojan viruses that disguise themselves such legitimate programs (e.g Windows Messenger, Adobe Flash update, Google Toolbar, etc). It asks for administrative privileges to install. Once you click “OK” and allow it to install this malicious program will start searching for your corporate info, bank/credit card accounts data and other valuable info.
- Hacker can penetrate your free WiFi Internet traffic. This can be easily achieved considering the fact that WiFi network is not protected with the password and has all ports opened for incoming connections. When access to your device is acquired the third party will start logging your Internet traffic and, as a result will have full access to your browsing history and other info related to it.
- Public WiFi network gets an evil twin to steal your data. An attacker creates a completely different WiFi network with a name similar to your hotel's network (e.g Hotel_wifi vs Hotel_wifi_new). You only have to connect to that malicious network and all your traffic including passwords and codes for finance operations will go through that network (which gives the third party all the info they need).
- Phishing Attacks. This is also one of the popular fraudulent schemes. Basically, a hacker creates a clone of the popular Internet website that has a look a feel of the original with slight changes. Once the users enters such site an intruder would try to convince them to enter their passwords and other data using methods of psychological persuasion and forms that you use to enter same details on the regular basis.
- Malicious Technology. Security experts shared info about how this process actually works. It turns out that the virus is integrated into the HTML code. This gives the virus an ability to redirect the user's web browser to certain address, in this case to a Trojan virus. Hackers have integrated malicious pieces of software on the number of web resources. Hotels registration portals were among them until people in charge have taken necessary measures and secured their web sites.
Use Free WiFi and stay protected
Regular Internet users (even if they're not CEO's) also wouldn't want to expose their private data like photos and documents. It is needless to say that they may have their credit card details stored on their phone as well.
Universal Tips to Secure your Free WiFi connection:
- Do not connect to a network automatically
- Restrict public access to your apps, files and folders
- Do not perform any finance-related operation while connected to a free/public WiFi
- Make sure the name of your network is exactly the same your hotel personnel provided
- Use VPN
Secure VPN. What to choose?
Currently there are many VPN providers on the market. You can also find many free options. But be careful with free VPNs. Some VPN's may not offer reliable encryptions, other may log your usage data. Not all of them are safe, however. There are a lot of advices on how to choose a VPN provider.
Published by: Privatoria