A recent CBS report shows that many Dutch people use Wi-Fi networks that are not secured. This means that the Wi-Fi networks do not require a password. If you are using an Apple device, you are warned when you try to connect to such a network. But does this mean that a secured network, by definition, is safe? You would think so, but this is really not the case. I am bothered by this created perceptions. Putting a password on something is not the same as securing it. A password is a form of security, but not if everyone knows this password. That would effectively render your password useless.
Calling a network with a password secure, gives people the idea that it does not matter what they do online once they have connected. They are, after all, safe. Right? The answer is no. It is true that a secured Wi-Fi network does not allow everyone to see your data, but it does allow everyone with the password to do so. On many locations the password is freely available. Think about restaurants or hotels, where you can find the Wi-Fi password on the wall or the menu. Everyone with that password can see your data without the end user being able to monitor or control it. And even when you are the only one to have the password to a Wi-Fi network, only the wireless part of the network is secured.
Many tools are being developed nowadays, including tools for intercepting data on ‘secured’ Wi-Fi networks. These apps are meant to share Wi-Fi passwords. Apps like this know where to find Wi-Fi points and know the password. So there are no secret login codes and the ‘secured’ network is practically the same as a public network. In addition, free software is available, Whireshark (software to make network traffic visible), that automatically gives you the option to make the traffic from secured networks visible too when you enter the password. And if you know the password to a public hotspot, anyone else can know it too.
To be safe on a Wi-Fi network (secured or not), it is necessary to take the same security measures as on any other network. In short that means: use SSL. Does the site you are visiting not support SSL? Do not enter any personal data. And for the more important things, like online banking, it is advisable to use the bank’s app. Those apps always include a number of checks, so you cannot accidentally do something to endanger your data. Recent research from BIT shows that many people are not always able to recognise ‘wrong’ URLs.
As a business you do not want your employees to unknowingly spread data across the internet, where malicious users can have their way with it. Blackmail, data leaks and fines are some examples of the consequences. That is why it is of the utmost importance to help the Wi-Fi user a little. Only then we can work together to make the internet a little safer again. Compare a secured Wi-Fi network to locking the front door of your house, but hanging the key next to it. You would not do that either, would you?
By: Alex Bik