(Not so ) free Wi-Fi – Why you shouldn’t connect to an insecure network

(With thanks to Jack Wallen, ZDNet)

Here’s some ‘found’ content that is worth passing on. It makes the compelling, and rather inconvenient case for why you shouldn’t connect to an insecure network. We all do it, without a thought. Maybe we have grown accustomed to assuming that it must be safer now than it used to be. Maybe we are unconsciously trusting in our anonymity to protect us.

But using free Wi-Fi is still risky. The author sets a scene familiar to all of us: You walk into a quaint coffee shop, and eventually take your place among the other people waiting on their orders to be crafted. You connect to the wireless network (probably password-free). Then, you sit back and help yourself to some free Wi-Fi while waiting on your slightly coffee-flavored milkshake.

We’ll let Jack Wallen take the wheel for a bit:

“Eventually, you leave and think nothing of your experience (other than how delicious the coffee was and how on point your Twitter game is).

Later that day (or maybe the next day) odd things begin to happen. Your phone isn’t working exactly as expected and you start receiving a deluge of what appears like harmless spam.

Okay, fineā€¦all in a day’s existence, right? But then you get a warning from your bank. And you start seeing reactions to things you didn’t post or send. You check in on your bank account to find your balance is at zero. Panic sets in.

What happened? You’ve always been so careful with your bank account credentials and you never share that kind of information with anyone.

This can’t be real, can it?”

It’s not just fear-mongering

He continues: “It can and it most likely all started with you connecting to a simple password-less wireless network.

The truth is, you are not safe. Your information isn’t safe, your identity isn’t safe, your mobile devices aren’t safe. Because of this, you have to take every precaution you can, which means never (ever, ever) connecting to an insecure network.”

Why are insecure networks so bad?

Because when you connect to insecure Wi-Fi, you open your device to anyone who is also connected to that same wireless network. Why is that so bad? So what if other people can see my device on the network?

Because not every application on your mobile device encrypts your data. Which means you could be submitting usernames, passwords, and even text messages in plain text.

Now, when you use an app that works with encryption, any data you send or receive is encrypted so that it’s very difficult to read. So instead of sending the plain text “password” (which you should never use), it’ll send something unintelligible, like good encryption should be. Which would you rather a complete stranger on the same public, free Wi-Fi you are on network see: This: “Fluffy_my_pet_cat_12345,” or:

“hQGMA0mnhEQQ+utUAQwAixnPWw4LcXk1Njq0zHc8RRYnlN1424RASIT+s0d9DAHewIwzrLemIKo0Z97aZ97g0FdmlbWbPELt4Er7O0L/4ERvaWRhW3hf7WsipX0/PAVDKz99IN/TT6srb6T08f6wpVCn4kuKl60Dl2630QvFxe4HtmbgzqnzqdUZ53sFknX4TlRJw8K8lZ+/o5nW88JG+3MfKq/gd5eHIxDWLUZg5MDORhPy6FckeuF4ejWjKfzMWCkNP+IEq7trZ6/H724HES8nHxIiaH9CaI1D7cHckR0cvF40Xo+rCIP9Qu6AhaxyOHqKmDhjfjV11H4MVZrhjn2zFI5jBahmUvZc0+JvtHuI/Bd26buo50Xg3co01emkog0P9GKTNMtIuxupiSMryNM0l18FjWzso6ojf662nF4nDpiUQmJVCcpRhSNHOtwXM1tvmNSjN0OTf6hiU3tD4iE1N5FhTSkeq7Rz9DunraO7aILNArpt8ndbOssV5gt5eWnsGMUR/7EK6htvA0kQBgHjl0o98rjTcvTF+pZtQSr3omSQTiafRXDxHBbT7xbMWyNxWQ91PEDWuTtaMbqlDkxbUmqlFFJ6XgvyzqjsRqaTuCQ===psm9” ?

The latter example is encryption. The thing is, unless your applications are all using it, you’re sending plain text over a network. A message that anyone can access. Once connected, a bad actor could use a sniffer to intercept your plain-text data and read it. And the tools used to capture those packages are readily available to anyone.

Jack Wallen again:

“Here are the reasons why you should never connect to an insecure wireless network: Anyone with the knowledge can steal your data.

That’s really the only bullet point you need. And although I’d like to sugar-coat this for you, the truth is the longer you ignore this advice, the more at risk you are. “

What should you do?

If you absolutely must connect to an insecure wireless network, consider the possible options:

– NEVER send any passwords or sensitive information when connected to that insecure wireless network.
– Use a VPN (such as Tunnelbear) when connected to those insecure networks (as it will encrypt and anonymize your data).
– Use a more secure web browser (Brave, Firefox), so you can enable features like always use HTTPS and secure DNS.
– Enable secure DNS in your web browser of choice (so all of your searches are encrypted).
– Enable end-2-end encryption in the Android Messenger app (Settings > Chat features > Enable chat features). Thus all of your SMS messages are encrypted.
– Disable sharing features as needed (so you’re not opening your device up for even more unwanted connections from bad actors).
– Invest in an unlimited data plan for your phone. That way you never have to bother with connecting to an insecure network.

And it’s not just phones

The same thing holds true when using a laptop. It’s especially true when using a Windows-based laptop. If wherever you’re working only offers an insecure network, your best bet is to tether your laptop to your mobile device. Then, just use the phone’s data plan for connectivity.

Given how easy it is for unwanted eyes to look at your wireless communications in an unsecured environment, this is something you should take seriously. Do not connect to insecure wireless networks. Period. If you value your privacy and the security of your data, you will follow this advice.

And, if you have any questions about this topic, or about any IT and networking security products, you can email us or call Corporate Armor at 877-449-0458. Thanks for reading!