“Free” public Wi-Fi is a cyber criminal’s playground
From the Queensland Law Society on 28 November 2019:
“Free” public Wi-Fi is a cyber criminal’s playground
Free Wi-Fi might cost you thousands if it allows cyber criminals to access the data on your phone, laptop or office network. Once an esoteric form of hacking, the low cost and ease of use of “Pineapple” Wi-Fi faking devices now puts them in reach of anyone with an eBay account. The scam is simple: buy such a device (under $100) and hide it somewhere near a venue. Set the network name it broadcasts to be similar to the legitimate Wi-Fi the venue supplies. “BNE Domestic free Wi-Fi” might be replaced with “BNE domestic free Wi-Fi”, for example.
Once a victim logs onto the fake network, their passwords and confidential documents can be copied or malware inserted onto their computer. Hundreds of different attack types can be run until the criminals find one that works on your device. This can then grant access to your email, practice management system or bank accounts. All the attacker needs is access to a public area somewhere nearby. Even a reputable venue can be vulnerable – in fact, as they attract a higher density of executives and professionals, premium locations are more likely to be targeted. Five star hotels, top tier convention centres and exclusive airport lounges have all been used to launch these attacks.
The Queensland Law Society Cybersecurity and Scam Prevention Working Group reports an increase in attacks on business travellers in Australia using this method over the past few months.
How to avoid becoming a statistic: · Avoid free Wi-Fi: don’t use or let staff use free Wi-Fi with any device that can access important data. · Don’t visit insecure websites: use https web addresses rather than http (notice the lack of an “s” at the end?). Check for a locked padlock next to the web address in your browser. Remember that https or “Secure” websites do not mean safe websites, it just means visiting them is less open to this particular type of attack. · Connect to the internet using a 4G dongle or your phone hotspot when you are away from your office (this applies to access from home as well, domestic routers can be insecure too). · If you must use public Wi-Fi, use a paid VPN service (which encrypts your traffic for about $15 / month) and never supply passwords or log into sensitive websites such as your email. Note that domestic & business VPN systems are configured differently. The higher cost of the business system adds some security but mainly extra stability and convenience. · Check the Wi-Fi network address for hotel supplied Wi-Fi when you check in. Compare it carefully with any log in instructions supplied and do not ignore any anomalies. · Ideally, use separate business and private devices. A designated tablet for watching video, entertaining children and general web surfing is a small investment with potentially big safety returns. Do not use this device to access confidential documents, your work network, email or banking apps.
