Users don't understand public Wi-Fi risks

Users have not fully comprehended the threats associated with accessing Wi-Fi via a public hotspot, and the proliferation of mobile devices and the move toward a wireless mesh network will only compound these network risks.

Norbert Kiss, vice president of network security at Astaro Asia-Pacific, told ZDNet Asia in an interview on Tuesday that public Wi-Fi users are aware of the threats such as data theft. However, he pointed out that people do not protect themselves when using such networks because they do not understand how the theft will be conducted, the money invested in cybercrime and how valuable the stolen information is.

He added that people view these threats as "theoretical" as the risks have been repeated too often without them understanding how real the threats are and how they will be compromised.

Benjamin Hodge, director of technical services at Astaro Asia-Pacific, added on to Kiss's point, saying that users do not see what happens when their user ID or passwords are obtained by cybercriminals. The payoff for the hackers could be for sending spam and malicious links or the money made by selling the information online, he explained.

"There is a real economy and industry for cybercrime," Hodge said. "It is more profitable than the drug trade and almost impossible to prosecute especially if the hacker and victim are in different continents."

The executives were responding to a recent study by Wakefield Research on behalf of the Wi-Fi Alliance, which found that close to 85 of respondents in the United States knew that they should turn off automatic sharing on Wi-Fi devices but only 62 percent actually did. It was also found that only 18 percent of the people using Wi-Fi in a public hotspot are using virtual private networking (VPN) software to protect their corporate network.

Mobile workers beware
Elaborating on public Wi-Fi vulnerabilities, Hodge said with the packet-sniffing software, which is "easily available" for free online, hackers can gain access to the data on one's computer via the network. This threat is particularly pertinent to mobile workers who frequent hotspots such as Starbucks or airports as cybercriminals can not only access information on the computer, but "insert themselves" into the network to launch man-in-the-middle attacks, he added.

"Thirty years ago, people looked through garbage and trash for company data," Kiss said. "Today, they can easily do that with Wi-Fi."

Wireless Encryption Protocol (WEP) was previously the main barrier against such network penetration but the Astaro director noted that it "has been broken many times". Newer devices today use Wi-Fi Protected Access 2 (WPA2) but the security code can be easily and quickly cracked using modern hardware, CPU and graphic cards, he stated.

Wi-Fi networks at home are not spared, too, even though they are encrypted as relying on such security measure is a "big mistake", Hodge said. The encryption can be easily broken so home systems are also at risk of being hacked, he noted.

The proliferation of mobile devices also contribute to the rise of users accessing Wi-Fi that are "dangerous", but would also depends on the prices of data plans in various countries, Kiss noted, adding that the use of 3G is safer than that of Wi-Fi.

The severity of public Wi-Fi threats is also directly related to the price of data plans in one's country, Kiss noted, adding that 3G networks are safer than Wi-Fi. In Singapore, for example, data plans are relatively cheap so people are less hesitant to sign up for and use 3G plans.

However, places that have more expensive data plans, such as Australia, would see more people turning to free Wi-Fi networks while countries that cannot afford to set up widespread 3G network infrastructure such as the Philippines, Wi-Fi is the only choice for mobile Internet access, the vice president said.

Countries are also moving toward a "wireless mesh network" whereby all systems are overlapping, constant connection is present and every device is connected all the time, Hodge added.

While this is "still very new", the fact that this will make countries "more wired" mean that threats will be more prevalent, he warned.

Ultimately, Hodge said mobile workers that use public Wi-Fi should always connect to their VPN (virtual private network) for secured access to corporate information. They should also check whether device settings such as firewalls are turned on, he suggested.

"Most importantly, be very suspicious when Wi-Fi is available but do not require passwords," Kiss urged. "Don't be in a rush to use the Internet and end up compromising security."