Your Wi-Fi Connection Is Never Secure or Safe
03 April 2015

Your Wi-Fi Connection Is Never Secure or Safe

Newer software brings spying on Wi-Fi networks to the masses

Simple hacker-derived software lets anyone sitting next to you at your local coffee shop Wi-Fi hot spot watch you browse the Web and potential assume your identity online.

Newer software brings spying on Wi-Fi networks to the masses without requiring deep technical knowledge. Afree program called Firesheep, released in October 2011, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited. The ease of using Firesheep points out the lack of end-to-end encryption and it's impacts to your online safety.

For example, the password you initially entered on website like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted and therefore secure. However, the Web browser's cookie, a bit of code that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep can grab that cookie while the website is exchanging it with your web browser, allowing anyone listening in to have full access credentials and can log in as-if they were you.

Millions of people have downloaded Firesheep and it is incredibly easy to use.

Website Encryption is Becoming Essential

The only sites that are safe are those that enable the cryptographic protocol transport layer security or its predecessor, secure sockets layer, throughout your session. You will recognize this by the padlock icon in your web-browser address bar and the protocol prefix "https://".

PayPal and banks use Web session encryption, but a startling number of sites that people trust to safeguard their privacy do not.

Many websites are not encrypting all their communication because it slows down the site and would be a huge engineering expense. The expense of losing traffic may be more expensive and eventually this will become a necessity for all websites.

You will notice that Gmail and Google Search made end-to-end encryption its default mode. Facebook has also enforced encrypted connections for all sessions.

Many websites offer some support for encryption via "https," but they make it difficult to use. To address these problems, the Electronic Frontier Foundation in collaboration with the Tor Project, another group concerned with Internet privacy, released a browser add-on called "Https Everywhere". The extension, which can be downloaded at eff.org/https-everywhere, makes "https" the unchangeable default on all sites that support it.

Since not all Web sites have "https" capabilities, if you're doing anthings with sensitive data, don't do it at a Wi-Fi hot spot. Do it at home, preferably on a wired connection not on a Wi-Fi connection.

Protecting Your Home Wi-Fi Connection, It May Not Be possible

Home wireless networks are not safe either, because there are free and widely available Wi-Fi cracking programs such as "Gerix WiFi Cracker", "Aircrack-ng", and "Wifite". These programs work by impersonating legitimate user activity while collecting a series of so-called weak keys or clues to the password. The process is totally automated, allowing anyone to recover a wireless router's Wi-Fi password in a matter of seconds. All WEP-protected network are susceptible to this kind of attack.

A WEP-encryption is not as secure as a WPA, so it's best to use a WPA on your home Wi-Fi connection. It is an option in your secure connection password settings. The bad news is that anyone can use the same free software programs to discover WPA password-protected networks passwords. It takes weeks and requires more computer expertise but it is possible.

Using such programs along with high-powered Wi-Fi antennas that cost less than $90 USD, hackers can pick up signals from home networks two to three miles away. There are also some computerized cracking devices with built-in antennas on the market, like WifiRobin ($156 USD). But experts said they were not as fast or effective as the latest free cracking programs, because the devices worked only on WEP-protected networks.

Make sure you change the Service Set Identifier or SSID of your wireless network (the name you see when you search for your Wi-Fi connection) from the default name of your router (like Linksys or Netgear) to something more personal helps, and make sure you pick a long and complicated alphanumeric password with some special characters thrown in.

VPN Connections Enable Encryption No Matter Where You Are

Setting up a virtual private network, or VPN, which encrypts all communications you transmit wirelessly whether on your home network or at a hot spot, is even more secure. The data looks like scrambled noise to a snooper as it travels from your computer to a secure server before it is blasted onto the Internet.

Popular VPN providers include VyperVPN, HotSpotVPN and LogMeIn Hamachi. Some are free; others are as much as $18 a month, depending on how much data is encrypted. Be careful of free versions that tend to encrypt only Web activity and not e-mail exchanges.

Categories

Security