Using public hotspot Wireless (WiFi) - hotels, cafés etc.

WiFi hotspots aren't just public - they are open - and that means YOU TOO!

When Windows warns you that you are connecting to an un-secured - i.e. insecure! network you must remember that WiFi is a 2-way medium! and that you are joining a network that Windows will treat differently to the Internet! Because the network you join is 'Local' (LAN = 'Local Area Network') then Windows will assume that it is in some way managed and protected AND THAT OTHER USERS OF IT ARE 'FRIENDLY'!. Needless to say that is not always the case AND there are other dangers - please read on if you EVER use or have used a public hotspot.

What makes hotspots even more of a danger than home WiFi with WEP security or less

Because hotspots attract people with Laptops, often very mobile workers who may well have commercial and sensitive information on their laptops they are a honey-trap that criminals love to frequent.

If they are serious criminals they will also probably not even be that close to the hotspot because a directional aerial can be disguised in luggage and operated from more than a hundred metres away.

The basic problem is that securing the network would make it impractical to administer and because the network security code would have to be given to every potential user the level of security achieved would be trivial anyway.

In short - you can assume every piece of information that flows between your PC and the Internet can be captured and analysed if it isn't secured using a secure connection in a browser - the 'padlock'.

You MAY still be thinking that this is OK until you realise that:

1. Unless you have made significant changes to your e-mail client (e.g. Outlook) then your PASSWORD and USERNAME will be exposed as soon as you send or receive mail!

   They will also get the content of your mail but that isn't actually anywhere near as useful as your login details because the latter means that they can read all of your mail before you do each day AND they can DELETE E-MAILS such as the one that they receive to reset your on-line banking password - after they have used it of course!

2. Although you may not try to use online banking you MAY use web sites that also require usernames and passwords - are you SURE that someone could not extrapolate from the trivial sites to the ones that are financially critical? See How to manage passwords as a guide to reducing that exposure!

As well as the dangers within the traffic flowing from your PC to the Web there are lots of other dangers to your actual PC - ESPECIALLY if you also USE it on a HOME OR OFFICE network because your Firewall MAY be set to allow other LAN users to view your documents!, especially those in what is known as the 'Shared Documents' folder of your PC.

The final danger MAY cost you the least (option #1 below) - 'Fake' hotspots can easily be set-up which promise Internet Access as if they were reputable. Usually they mimic a well-known 'chain' even if there isn't one of their premises nearby! There are many ways in which you can then be scammed:

1. The simplest scam is to take your credit card number (and PIN/CSC from the back!) for payment to access the Internet and then not provide any service. If the chain they are mimicking doesn't use credit cards then the thief will have to accept the username and passphrase that you provide!
2. A much more perverse and insidious approach is to provide the Internet Access and not only capture all of the traffic to and from the Web from your PC but they now have the opportunity to interject or substitute web pages and other services that your PC is expecting to be legitimate.

   So if you got an error asking you to (re-)login to your online banking you would need to be extremely careful to ensure that the site that had created that request was 100% legitimate and certainly not proceed unless it was a secure session - i.e. a padlock shown by the browser and ideally some other way of authenticating the site - if you are a user of Internet Explorer for instance you could and perhaps should place any web site that you NEED to be able to trust in the LAN or even Trusted Zone by clicking on the Zone symbol at the bottom right of the browser window and following the guidance here: How to trust a web site.

   There are many other serious issues but it would distract from this page to go into the detail of: FTP usage, Browsing history, Changing Shared Documents etc.. There is however another exposure of a sufficiently similar nature that you might also want to read: Dangers of the Internet Cafe which is much shorter than the above because the risks are even greater and more obvious.

   This page © Business before Technology 2006 - see the respective sites of the owners for their copyright as well as terms and conditions

   Notes

   Links and other information last validated on 6th June 2008. Please use the Contact us page to suggest any additions or revisions.