Do NOT use a Wi-Fi hotspot without a VPN!

There has been greater awareness in recent years of how unsafe it is to connect to public a Wi-Fi hotspot, such as those found in most airports, coffee shops and hotels. Although very convenient, in particular for travelers who do not wish to pay excessive roaming mobile data fees when away from home, unencrypted Wi-Fi connections are full with perils.

The emergence of Firesheep has shaken up the Wi-Fi hotspot world, and focused the minds of security experts on the dangers of connecting to public Wi-Fi networks. This add-on for Firefox is a packet snooper that lets even people, with almost no hacking skills, intercept unencrypted cookies sent from websites such as Facebook and Twitter over public networks. This allows them to “sidejack” a user’s current session and effectively use a website as them. The hacker could then download personal details, send spam, delete the user’s accounts or change their password, or even download unsavory material using their account. The problem is made worse by the existence of “evil twin hotspots”. Packet sniffer and the like will only work on unsecured networks, and only when connecting to unsecured websites (non-SSL .i.e. their address starts with http:// rather than https://) and on things such as POP3 email and FTP connections (POP3 snooping is dangerous as it gives hackers access to a user’s email details when they sync with POP3 servers). Hence, it is common practice among hackers to hang out at public access hotspots, and set up fake mobile hotspots of their own, with names such as “Free Airport Public Wi-Fi”. Users, who make the mistake of connecting to one of these Wi-Fi “traps”, allow hackers to download their cache, and possibly access shared folders. The hackers may also try to fool users into paying for internet access, and therefore handing over their payment details to the hacker. There is however a simple solution to these problems (other than just not using public Wi-Fi), which is to use VPN. A VPN connection creates an encrypted tunnel between your device and the VPN server, no one, including both your own ISP and any public Wi-Fi hackers, can ‘see’ the data you transmit.


Leave a Reply