Do you have a lot of fear, uncertainty, and doubt (FUD) about using public Wi-Fi? This is mostly unfounded. Everyone believes public Wi-Fi is dangerous, but there aren’t good technical explanations.
It’s time to challenge that assumption. The reality is, you’ll find Wi-Fi carries about the same risk as other technologies without a high degree of concern.
In this webinar, Enough FUD, Public Wi-Fi Is Safe, you’ll learn why public Wi-Fi doesn’t have to be dangerous anymore.
To approach public Wi-Fi use safely, it’s important to follow some basic rules, including:
There are two main concerns when discussing public Wi-Fi:
While they’re different, they really are related.
This refers to the potential exposure to malicious actors and vulnerability to attacks from hackers and scammers. Protecting against these threats is important because sensitive information, such as passwords and financial details, can be stolen if transmitted over unsecured public Wi-Fi networks.
Users want control of their data to ensure that personal information is not exposed to others. This includes messages sent via instant messaging apps and other online communication methods. By understanding these concerns, users can take steps to protect their privacy and avoid any potential data breaches.
A brief history lesson is needed to fully appreciate the risks associated with public Wi-Fi and IT security.
Public Wi-Fi does has a troubling past. In 2010, Firesheep was released. This made it very simple to do HTTP session hijacking and credential theft with passive OTA sniffing. Users’ accounts and browsing sessions were vulnerable to hijackers just by sitting in the same coffee shop or the parking lot outside. Anyone could use those individuals’ browsing sessions and thus their identity simply by passively sniffing the data from this public Wi-Fi network.
This was a seminal moment in information security and why a lot of the advice about public Wi-Fi is based on the Firesheep days when people could sniff traffic passively, with no “man-in-the-middle” necessary, and take over people’s web browsing sessions.
Several factors made the Firesheep attack possible. Public Wi-Fi networks were and still are, for the most part, unencrypted. This means that no encryption is added by the Wi-Fi network when users connect to it, leaving transmitted data vulnerable to interception. In 2010, most web browsing was unencrypted, with users sending clear text traffic to web applications via HTTP. Overall, there was a general lack of awareness of information security.
Today, public Wi-Fi networks have improved, with some offering encryption and authentication at the Wi-Fi network layer. However, the risks associated with public Wi-Fi usage still exist. The United States Federal Trade Commission (FTC) warns users that public Wi-Fi networks are not secure, especially if they log into unencrypted sites or sites that use encryption only on the sign-in page. Despite the changes and improvements, there is still a need for caution and vigilance when using public Wi-Fi networks.
It is important to note that the information on the FTC site refers to unencrypted websites and a 12-year-old hacking tool. That’s just not the reality of the web today.
In 2010, public Wi-Fi networks could apply some security measures at layer two in the networking model, but most of the time, they still didn’t use these measures. At layer seven, the application layer where HTTP resides, most of our traffic was unencrypted, too.
The result was no security anywhere in the stack, which made public Wi-Fi networks particularly dangerous, especially when using a wireless medium – you could just sniff those packets out of the air and inspect their contents.
With so much focus on Wi-Fi security, end-to-end connectivity remains vulnerable. Wi-Fi security only applies to connections between devices and the AP or the controller, leaving traffic unencrypted across various networks to access cloud services. A VPN is an option for additional security, but personal VPNs only redirect traffic to another network and do not provide complete security.
It’s important to realize that only focusing on Wi-Fi security lacks a huge element of network connectivity use. Do not assume that a WPA3 enterprise network is secure just because the over-the-air connectivity is secure. The rest of the connectivity needs other forms of security to handle that.
A lot has changed since those Firesheep days and unencrypted HTTP’s dominance. Due to the Snowden revelations, HTTPS usage has increased significantly since 2013-2014. Now, top 100 non-Google websites and 97% of them default to HTTPS.
HTTPS has become more secure with features like HTTP Strict Transport Security (HSTS), which adds a tag to the HTTP header telling the browser to only use HTTPS with the domain, and HTTPS-only modes in web browsers.
Additionally, HSTS is set with a timeout, usually lasting over a year. Two-thirds of the top 1000 websites in the world use HSTS, a promising indication of the widespread adoption of HTTPS.
Web browsers now actively warn users when browsing on HTTP sites, putting up a banner that says “Not Secure.” Browsers like Chrome and Firefox have HTTPS-only modes, where the browser simply won’t load any HTTP sites without the user first clicking through a warning. The evolution of browser security towards HTTPS-only browsing indicates a growing commitment to online security and privacy.
While public Wi-Fi has come a long way since the days of Firesheep, there are still risks associated with its use. Security and privacy remain top concerns, and users must be aware of the potential dangers and how to protect themselves. By following basic rules and precautions, users can minimize their risks.
7SIGNAL has developed Mobile Eye® and Sapphire Eye® sensors to help engineers design better Wi-Fi networks using real-time, accurate information. Contact us to learn more about our wireless experience monitoring platform.
7SIGNAL® is the leader in wireless experience monitoring, providing insight into wireless networks and control over Wi-Fi performance so businesses and organizations can thrive. Our cloud-based wireless network monitoring platform continually tests and measures Wi-Fi performance at the edges of the network, enabling fast solutions to digital experience issues and stronger connections for mission-critical users, devices, and applications. Learn more at www.7signal.com.