Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Are public Wi-Fi hotspots really a major security risk?

John E Dunn | Aug. 24, 2015
Public Wi-Fi is used by many to avoid big roaming bills. Can its risks be mitigated?

Intel Security (formerly McAfee) has done a cheerful summer poll that discovered something almost anyone who travels more than once in a blue moon could have told them for nothing - when it comes to Internet access, British holidaymakers happily flock to use cheap or free Wi-Fi hotspots over extortionately expensive 3G or 4G mobile alternatives.

Of course they do. Why would anyone pay pounds, dollars or Euros for each crappy megabyte when they can get the same access for nothing? The problem is that many of these Wi-Fi hotspots are open, that is use no encryption security, and are therefore risky.

According to Intel, 38 percent of the 2,000 people they asked were happy to use unsecured Wi-Fi, a percentage that sounds pretty optimistic - it's probably closer to 100 percent under certain circumstances, for example receiving an important email. Half of the respondents weren't sure how to secure themselves when using hotspots even if they saw them as a bad idea.

"Cybercriminals can intercept login information, credit card information and, if equipped with the right tools, can even use this information to lock users out of their own devices," said Intel Security's VP of consumer, mobile and small business security, Nick Viney.

But is that necessarily always true?

Home, public and work
There are several layers to computer security when using any untrusted public hotspot, including commonly those nearer home in the UK. For the device itself, Windows divides network connections into home, public and work profiles, auto-detecting and securing new ones and asking for confirmation which of the three a new connection falls under.

These settings can be customised by default turn off folder sharing, network discovery (which allows people to see you), and enforces encryption for file sharing transfers. The Windows firewall is also turned on automatically for both public and private networks.

A second and more critical layer is the browser itself, which is where the issue of secure HTTPS comes to the fore. A few years back, insecure HTTP was the standard way to access most websites but these days encrypted HTTPS SSL is offered on pretty much all services that exchange e-commerce data or logins. That means that even on open Wi-Fi hotspots, nothing is exchanged in the clear, and despite having no encryption in place at the Wi-Fi network layer, the connection to that site is still secure at the transport layer.

As 2014's Heartbleed security flaw underlined, this isn't totally fool-proof. There is a theoretical chance that SSL security could can be compromised on some sites using a server-side weakness but that also applies to any connection not only those over open Wi-Fi.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.