Don’t be afraid of WiFi – Nation Online
By Chester Wisniewski
As many parts of the world seem to finally get the pandemic under control and more people can consider their approach to re-enter the world, suddenly there are many more of us than before. This inevitably leads to needing internet access when we travel, shop, and socialize again. Almost 10 years after Edward Snowden told us we were being spied on online, is it finally safe to just “go online”?
The ‘The State of Web Security in 2021’ document shows that we have made great strides in improving the security base by making behind-the-scenes changes to how encryption is implemented to ensure that our communications remain private.
The WiFi Attack Checklist
Most public Wi-Fi networks are unencrypted, meaning anyone within radio range (up to 100 meters or 300 feet) can see the information you send over the connection. This was problematic in the past as it provided plenty of opportunities to spy or hijack your communications.
The first requirement for an attacker is then to be within radio range and to perform one of the following actions:
Operate an ‘evil twin’ Wi-Fi point of the same name that has a stronger signal that you connect to instead of the real oneTrick you to use the attacker for name searches (DNS) so that he can redirect your requests to fake pages or via proxiesSimply watch your communications to intercept any unprotected data between you and your intended destination
It’s not too difficult, but the physical aspect of it makes it impractical. Abusers should place themselves physically close to their victims, limiting potential victims to those in their immediate environment. It is not a crime that they can easily commit from Moldova anonymously on Tor.
Next, attackers must predict which sites their victims might want to visit and whether those sites are protected by HSTS. If this is the case, attackers will not be able to intercept the traffic without convincing a certification authority to issue them a valid certificate for the protected domain.
Of course, attackers could just snoop around the unencrypted traffic and hope for the best. As my research has shown, less than about 5% of connections are unencrypted and the vast majority of them are marketing and ad trackers. None of the more popular destinations without encryption accepted usernames and passwords, making this observation of limited use to criminals.
WiFi based attacks are a very low yield crime with a very high probability of arrest, if cybercriminals are detected. If there is anything that I have learned over the years, it is that criminals are generally lazy and go after the lowest fruit. The risk of attacks like this will vary, however, depending on your risk profile. More on that later.
Encrypted websites are not immune from hacking, however. A website that does not use HSTS can be “downgraded” by an adversary to use an unencrypted connection that allows them to tamper with or intercept your information.
In my research, these were most of the sites surveyed; 61.03%. It sounds scary, but remember that they have to be nearby and target specific destinations in advance or downgrade only sites without HSTS to HTTP, a difficult feat, if not impossible. None of the sites without HSTS protection fell into the categories where the types of information that criminals often value are passed on. This includes social media, webmail providers, office applications, financial institutions, or dating sites.
While a few of these sites were high profile, they usually don’t offer login pages and are not easy for a scammer to monetize stolen data.
Risk level for most people
So where are we now? In two words ? Mostly sure. Everything that most of us use from our cell phones or when traveling on our laptops in public places is protected to an incredibly difficult level to compromise.
Does that mean it’s impossible? Clearly no. There are always risks and concerns that you may decide this isn’t right for you, so let’s take a look at the reasons for not trusting public WiFi and the alternatives you could use to reduce the risk.
Risk level for sensitive targets
Are you a top target? Are you a journalist, politician, celebrity, or maybe even a spy? Public WiFi might be too risky a bet for you. In many countries, mobile phone data is affordable enough to get by without worrying about connecting to WiFi anyway.
The problem can be more complicated however, and if it is the government itself that worries you, could it try to compromise your communications? You might consider a VPN, but it’s complicated in itself. Personally, for those who need more security for their communications, whether they use WiFi or cell phones, I recommend using Tor (The Onion Router).
Tor is a privacy and security enhanced browser to lock out anyone who might snoop on the wire. It can be a little slow at times, but if you have reason to believe that you might have some advanced opponents bothering you, Tor is the best thing we have to defend against them.
At the end of the line ? For most people, most of the time, WiFi works just fine. Opportunistic criminals have much better ways to compromise victims without the physical risks of having to be within earshot of their crimes.
Enjoy. Browse Facebook, Twitter and check your Gmail as much as you want. Take advantage of all those Black Friday and Cyber Monday online sales while you’re on the go, you’ll be fine. What if you’re a little more paranoid like me? Follow the tips above to stay ahead of the crowd.
(The writer is senior researcher at Sophos)