Phone no: +234 705 673 3798 or email us: info@kdesglobal.com
Public Wi-Fi which can also be referred to as free Wi-Fi are those Hotspots which are accessible to the general public. They can be found in popular public places like airports, coffee shops, malls, restaurants and hotels etc. This free Wi-fi allows you to access the Internet for free.
However, these “hotspots” are so widespread and common that people frequently connect to them without understanding the security risk, threats and vulnerability it exposes them to.
The following section highlights:
a. Some of the way’s cybercriminals can hack devices on public Wi-Fi, get access to private data, and potentially steal user’s identity and information.
b. How you can protect yourself from public Wi-Fi hacking.
This is an attack that places the attacker in the middle of two hosts. (example: A user and a website.) that think they're communicating directly with each other. The attacker will monitor the information from these hosts and potentially hijack and modify it in transit. In some cases, the uninvited attacker could present their own version of the website and displays it to their victim. Anyone using public Wi-Fi is especially vulnerable to Man-in-the-middle-attack. Because the information transmitted is generally unencrypted.
1. Always ensure that the URL of websites you are visiting contains https instead of just http. example: https://www.destrotech.com.ng. that additional "S" means "Secure"— this will add some level of encryption to the website and as well as to your information.
2. Don't input any sensitive data such as ATM card details, passwords, Pin etc. on any Public Wifi.
OTHER COMMON TYPES OF MAN-IN-THE-MIDDLE ATTACKS
1. For developers, properly use/configure a Json Web Token, a Refresh Token with a Standard encryption method and digital signature in the development phases of web services. This security practice can inarguably mitigate any form of session hijacking.
2. For Users, making use of a trusted VPN will scramble information to and from your device hence shielding you from such attack.
3. make sure you always log out after using a public hotspot.
b. Rogue access point attack: A rogue AP is an access point that is installed on a secured network without the knowledge of the network administrator. Let’s assume that a certain office is making use of a wireless router alongside a secured wired network to create a simple wireless network. This can actually be pretty dangerous, and could grant unauthorized access to the secured network. However, an attacker can just stand outside the building and hop onto this wireless network router and use it as an entry point to gain access to the secured network.
c. Evil twin: It's similar to the rogue AP example but has a small but important difference. The premise of an evil twin attack is for you to connect to a network that is identical to yours. This identical network is the network's evil twin and is controlled by the attacker. Once a user connects to it, they will be able to monitor his traffic. Example: a legitimate public Wi-fi may bear the name “DESTROTECH-Wi-Fi” which maybe Encrypted. An Attacker could create an Identical/Unencrypted version of the legitimate Wi-fi Hotspot with the same name as “DESTROTECH-Wi-Fi”. Once a victim connects to the fake Wi-Fi Hotspot, they could be handing over all their private information, merely because they were tricked into joining the wrong network; thus, giving the attacker full control over their data and identities. It's fairly easy to set up a fake Access Point (AP), and is well worth the effort for cybercriminals. Is worthwhile to know that hackers can use any device with internet capabilities, including a smartphone, to set up an Access Point with the same name as a genuine hotspot. Any transmitted data sent after joining a fake network is going to be harvested by a hacker.
Be suspicious if you see two similarly-named network connections. You should also consider using a data scrambling trusted Virtual Private Network (VPN). This establishes a level of encryption between the end-user and a website, so potential intercepted data is unreadable by a hacker since he doesn’t have access to the decryption key.
Packet-Sniffing is a method that enables a hacker to acquire airborne information then analyze it at their own speed. Packet sniffing is relatively simple, and not even illegal in some cases. IT departments do this regularly, ensuring safe practices are maintained, faults are found, and company policies are adhered to. But it's also useful for cybercriminals.
Hackers can obtain an abundance of data then scan through it at their leisure for important information like passwords, Debit card information etc.
You need to rely on strong encryption such as a trusted VPN and make sure you only visit sites that have HTTPS in its link.
Read Now Top 15 Reasosns why you need a website for your BusinessYou don’t need to do all of these alone, We got you covered!! Contact us now your satisfaction is always our priority. price definitely won't be a problem.
« Previous Differences between Local POS (Offline) and Cloud-Based / Internet-Based POS (Online) and Their working principle |
Next » What does Analog Computer Mean |
Written by: Destiny Idika
Reading time:
Published 3 Years Ago On Friday, August 13, 2021
Updated 2 Years Ago On Sunday, April 24, 2022
611 Views