With summer travel back in full swing, our electronic devices are often in tow. WiFi is now included with most mobile phones, tablets, laptops, and desktop computers. Access to WiFi is also standard in most places from corporate offices to public spaces. It’s important to remember that not all WiFi is good WiFi.
With WiFi technology being so pervasive, it provides opportunities for cybercriminals. Luckily, you can significantly reduce your WiFi risk through awareness and security tips.
Malicious WiFi access points
Cybercriminals often use a malicious WiFi access point for an attack. These devices can be set up in hotels, coffee shops, airports, near offices and apartment complexes, etc. The cybercriminal’s goal is to get unsuspecting victims to connect to the malicious device for WiFi. For example, a malicious WiFi access point could be set up near a hotel pool and named “Free Pool WiFi.” If you’re a hotel guest and see this option, you’d likely connect.
Cybercriminals also try to imitate legitimate access points. A cybercriminal could be in a car near an office with a WiFi access point with a similar name as your office’s regular WiFi. If your mobile device or computer attempts to connect, it might connect to the malicious access point instead of the real one. Criminals sometimes will even knock the legitimate access point offline, making their access point only one available.
What cybercriminals try to access
Assuming you’ve connected to a malicious access point, what can a cybercriminal do? Once connected, a cybercriminal can begin attacking that device directly. If the device has any vulnerabilities, including missing patches, the criminal has a direct connection to the device, allowing easy access. With successful exploitation of the vulnerability, the criminal could control that device without the user’s knowledge. If the user disconnects from that WiFi access point, every time the user goes back online from anywhere, the criminal could re-gain access because of the malware installed.
Another risk is privacy. While a victim is connected to the malicious access point, the cybercriminal can monitor everything they do online. This risk has reduced in recent years as more sites have SSL certificates. An SSL certificate allows the website to encrypt its traffic. If you visit a website with a URL that starts with HTTPS:// that indicates that everything you see and type on that website is secure.
Even if you were on a malicious WiFi access point, the criminal could not see what you’re typing. It is important to note that while HTTPS ensures that the data you are sending to the website is secure, HTTPS does not guarantee that the website you are visiting is legitimate. If you have typed in the correct URL and see the HTTPS, then you should be safe. However, if you mistype the URL or are visiting a site that you are not familiar with, it could have HTTPS in the URL, but that does not guarantee the website itself is safe.
Website security issues
Of course, cybercriminals don’t just give up. Sometimes, they will attempt to break the encryption between you and the website. If successful, they can monitor everything you type. Luckily, this type of attack is easy to detect because there will be an on-screen warning about a security issue with the website.
In many cases, it will specifically say that there is an issue with the Security Certificate. If you see one of these warnings, stop! Do not select to ignore the warning or continue to the website. If you do, everything you see and type can be monitored and recorded. These warnings mean something is wrong, and you should contact your company’s ‘tech support or the company that provides the website.
Another common form of attack with malicious WiFi access points is a DNS attack. When your device connects to any WiFi access point, that access point will assign a DNS server to your device. A DNS server is a system that tells your computer how to get to another computer based on the domain name that you type in.
For example, if you open your browser and type in www.sosdailynews.com, your computer doesn’t understand what that means. Instead, it will send that domain name to a DNS server and ask, “how do I get to this address?” The DNS server will then respond with something like “184.108.40.206,” an IP address for that website. Your computer understands the IP address and then makes the connection.
If a cybercriminal controls the DNS server that your computer is communicating with, that will allow them to control where your computer connects. For example, if you typed in the URL to a bank, a malicious DNS server could give you an IP address that points to a criminal’s web server designed to look like the bank. You think you’ve typed in the correct URL and end up at a website that looks like what you expected. You type in your login, password. or other confidential information. And, that data is sent to the malicious website without your knowledge.
How to check for website security
Because detecting phony WiFi access points is difficult, the best time to look for a potential issue is when you browse to a secured site (any site that starts with HTTPS://). Be sure the website begins with HTTPS:///. Most people will type in www.whatever.com and assume it will add the HTTPS:// at the beginning. Always look to make sure it is there.
If it is not, do not proceed. If you attempt to connect to a secured website and receive a message that there is an issue with the security certificate, stop immediately. There is never a situation where a broken security certificate is normal. If you receive a warning, error message, or other notification that there is a problem, stop, pick up the phone, and contact tech support. Remember that it does not matter where you are; a WiFi attack can happen at home, work, or, any public location.
For more articles on cybersecurity and related topics, visit Mid Oregon’s Security and Fraud Center.