Got a question? Call 1800 853 276   |   

Free public WiFi: would you throw your wallet into a fire just because it is there?  Using free public WiFi is fraught with even worse dangers.  While it may be convenient to use a city, airport, shop or fast food restaurant’s free WiFi system to catch Pokemons or perform any other action on a mobile device instead of using a Telco plan’s data, beware of hackers.

It is relatively simple to set up a man-in-the-middle attack on unsuspecting free WiFi users (marks).  All it takes is a hacker with a small WiFi transceiver configured with the same SSID (Service Set Identifier) as the target free WiFi system, such as ‘shopname’ free WiFi.  This WiFi transceiver is connected to a computing device, such as an Android/Linux/Unix/Windows phone or tablet, which is finally connected to the ‘shopname’ free WiFi.  The mark/customer connects to the hacker’s WiFi transceiver due to the stronger signal than the free public WiFi transceiver.  The connection then goes via the hacker’s device to the correct public free WiFi system, and the mark is none the wiser.

The connection path is: mark’s device -> hacker’s WiFi -> hacker’s computer/device -> free public WiFi.

This gives the hacker the ability to inspect, capture and change the entire communications between the mark’s device and the endpoint web server bank or email system the mark is connecting to; simply by using packet inspection software such as Wireshark (Windows/Unix/Linux) or Packet Capture (Android).

The end result is that by using public WiFi, the mark is opening the device up to interception, hacking and having trojans, worms, keyloggers or viruses placed on it; obviously without the knowledge of the mark.

Moral of the story? Don’t use public WiFi, regardless of how desperate you are to save the data on your phone or other device.  Especially, do not use public WiFi for internet banking.

Are you protected by Certified Ethical Hacker?

TerryPrincipal Technologist: Security

Feature Articles

Our AIICT brand expands portfolio with ten new courses to help address ICT skills shortage
The Australian Institute of ICT (AIICT) has introduced a new series of industry certified bootcamp programs and nationally-recognised qualifications to meet the surging demand for skilled ICT professionals in Australia.  The bootcamps support the Morrison Government’s recently announced Digital Skills Organisation (DSO) pilot, which recognises the importance of non-accredited training to support the development of skills of the future workforce. The bootcamp programs run for six months and comprise of several vendor-specific certifications. The courses include ‘Cloud Computing Certified Professional’, ‘Certified Microsoft Full Stack Developer’, ‘Certified Artificial Intelligence Professional’, ‘Growth Marketing Professional’ and ‘Certified Project Management Professional’. The decision to introduce the bootcamps follows the VET sector’s increasing move away from nationally recognised qualifications to vendor-specific, industry-certified training. According to the National Centre for Vocational Education Research, preference for accredited training courses has declined steadily in recent years, with employers increasingly less satisfied that these courses provide their employees with the most relevant and important skills for their business. This has led many organisations to preference non-accredited training provided by private technology vendors such as Microsoft and AWS.
Read more...