Wi-Fi is a type of wireless local area network (WLAN) technology that enables an electronic device such as a laptop or smartphone to exchange data or connect to the Internet using radio waves. The core technology behind Wi-Fi is a device called an access point, which acts like a bridge between the wired network and the Wi-Fi network. The access point, in turn, typically connects to the Internet via a network router.
To prevent attackers from stealing data, Wi-Fi includes a set of protocols for user device authentication and data encryption. These protocols, which reside on both the access point and the connecting device, use a pre-defined passphrase or other form of unique identification to authorize the user and encrypt data so that it can only be accessed by a designated device. WPA2, the currently recommended security standard, uses a pre-shared key (PSK) in the form of a series of text letters to authenticate users and encrypt data. Below is a high-level description of how an electronic device and an access point communicate using the WPA2 protocol (i.e., the "four way handshake").
Public Wi-Fi risks
Public access points, called "hotspots," allow many people within a specified area to tune into a specific radio transmission. In other words, everyone sitting in a Starbucks cafe can access the "Starbucks Wi-Fi" channel to connect to the Internet. Unfortunately, public hotspots also allow anyone within the area to potentially read data that is not addressed to them. Below are some common ways that your privacy can be breached while using public Wi-Fi.
* Network Sniffing. To steal your personal information all an attacker needs is a "sniffing" application that intercepts and gathers all visible traffic on a channel. Although WPA2 encrypts each connection between a Wi-Fi network and a user's client, it is only designed to keep people who do not know the PSK off the network. If an attacker sniffs the four-way handshake and captures the PSK, he can decrypt all the traffic designated to your device until the PSK is changed. Even if the attacker doesn't have the PSK, he may try to sniff the data itself and then try to use brute force to discover the key. The quality of the PSK that a wireless network administrator selects (i.e., length, different letter cases, use of symbols or known words) can have an impact on how easy or difficult it is to obtain the key.
* Third-Party Data Gathering. Even without the presence of active data hackers, your privacy is never guaranteed when you access a public hotspot. Often the biggest breaches of privacy are performed by the very establishments offering free Wi-Fi. Sometimes Wi-Fi is used to identify potential customers who are located in the vicinity of the access point, and sometimes it's used to track the websites that a user visits for statistical or advertising purposes. Although not specifically malicious, this third-party data gathering can still be intrusive. Below are some common techniques that hotspot providers use to obtain information about Wi-Fi users.
* Malicious Access Points. Since there are often multiple networks to choose from, you often guess which hotspot belongs to a specific venue. Some Wi-Fi users will even connect to a completely unknown network simply because it is unlocked. Obviously this practice poses some serious risks, especially if the access point is malicious or being manipulated by an attacker.
One of the biggest threats is "page spoofing," where a malicious access point controls a domain name resolution (i.e., how a domain name is translated into its numerical IP address). In the normal DNS resolution process, a user's client will communicate with a server in order to connect to the Internet.
In a spoofing attack, a hacker creates a fake version of a website in order to steal credentials. For example, you may be asked to "like" something on Facebook before you can access the Internet and then be directed to a fake Facebook login page that looks like the real thing. As you log in, this fake page would record your credentials, show a login error, and then redirect you to the real Facebook page for a "second attempt" at logging in. Before you're even aware of what has happened, your social identity has been stolen.
Another tactic, commonly referred to as the "Evil Twin Attack," leverages a fake access point to hack your data. This tactic is most often attempted in public parks or other large, unmonitored areas. Using a laptop with a wireless card, the attacker will access a legitimate access point to create an "evil twin" access point with a similar name. Imagine for a moment that you are at your local park, and your iPad detects a free Wi-Fi hotspot named "CityPark1." Many of us would probably connect to the network based on its name alone. However, by not confirming the legitimacy of an access point before connecting to it, you enable attackers to gather an even wider range of personal information.
Strategies for securely using Public Wi-Fi
Even without an elaborate phishing scheme, it is impossible to completely secure a public hotspot. In fact, most venue access points will only display an end-user agreement (EULA) or advertisement before allowing users to connect to the Internet. While some venues do print out the PSK on a receipt so only patrons can use their Wi-Fi, it is still a shared key for all patrons. As such, data can be passively collected from radio waves and then decrypted at a later point.
To ensure secure communication, each user must obtain a unique PSK before connecting to an access point, which is simply too difficult for most public venues to manage. Some network operators like Verizon enable users to more securely access hotspots by obtaining credentials via a secure cellular network and then authenticating users to the access point, but this approach is currently limited to cellular network providers and has its own set of security concerns.
Even though technically there is no connection between the public Wi-Fi network and a user's home network (i.e., different SSIDs and IP addresses), there is still the concern that a hacker can connect to a network hosted on the user's device and exploit any potential vulnerabilities.
Although you always run a certain amount of risk when connecting to a public Wi-Fi hotspot, there are certain measures you can take to protect against attackers. Here are the most common precautions:
It is easy to take free Wi-Fi access for granted. Unfortunately, as public hotspots become more prevalent, so will hackers. Your best protection against data theft is a solid understanding of Wi-Fi and its vulnerabilities and taking a few commonsense precautions.
Kasten is AVP, Business Development, Okhrimets is Senior Project Manager, and Kharchenko is Director of Engineering at GlobalLogic. With headquarters in Silicon Valley, GlobalLogic is a 6,600-person full-lifecycle product development services company with design and engineering centers around the world. The company works with more than 80% of the world's top technology brands to create products, discover new revenue opportunities, and accelerate time to market within digital media, electronics, healthcare, infrastructure, finance, retail, and telecom industries.