Just one month after we reported on a company that carried out random cyber security attacks against 10 prominent hotels across Ireland, there’s an eye-opening article from Irish tech experts highlighting the dangers of using public WiFi.
The New Republic, Ireland’s top technology website, covered many of the threats that public WiFi users face. It included a video from Ronan Murphy, the CEO of Smarttech.ie, who detailed how many people are in the dark regarding the security risks they are exposed to when using public WiFi.
Unsecure Hotel WiFi and Man-in-the-Middle Attacks
Murphy’s IT security firm, Smarttech.ie, selected 10 random hotels around Dublin, and analyzed their WiFi networks. What they found was unsettling.
Murphy claims that even a novice hacker would be able to easily hack into these hotel networks and steal everything from email passwords and credit card numbers to social media passwords for any guests using the network.
Hackers do this by using a man-in-the-middle attack, a form of active eavesdropping in which an attacker within range of a public WiFi network can redirect all network traffic through his computer, usually by imitating another WiFi network. Users have no idea if they are logging into a legitimate WiFi network or a fraudulent one.
Another man-in-the-middle attack can occur when an attacker creates a fake website that poses as an online bank or merchant, and then steals user login information. The attacker can then log onto the real website using victim-supplied information.
Free WiFi is Everywhere – And Totally Unsecure
Like everywhere else, Ireland is seeing more and more free public WiFi networks installed daily. Users are happy for the Internet access – and completely in the dark as to what risks they face when not encrypting their communication.
Almost all public WiFi networks transmit data without encrypting it. WiFi signals are just radiowaves, and anyone with the right software can easily steal it out of thin air. Hotels and other places which offer public WiFi for their customers could use a secure Internet protocol known as WPA2 to protect the network traffic. But this would mean giving customers a cumbersome key in which to connect, and so many businesses simply do not do this.
Murphy says that companies should take the lead in training their customers on how to use public WiFi safely and securely for all of their devices.
Finally, Brian Honan, one of Europe’s foremost experts on IT security, says VPNs (like PRIVATE WiFi) are the only way to stay completely safe when accessing public WiFi.