To “avoid public Wi-Fi” means to refrain from using or connecting to wireless networks that are publicly available and accessible to anyone in a given location.
When you venture outside and find yourself in public spaces such as restaurants, hotels, coffee shops, malls, and libraries, you not only have the opportunity to engage with others and savor the atmosphere of these venues but also enjoy several additional benefits.
One notable advantage of being in these establishments is the ability to connect to their provided public WiFi networks and access the internet without incurring any costs.
It’s quite appealing for the average internet user to take advantage of this complimentary service, enabling activities like streaming music, downloading large work documents, and watching high-quality videos on social media apps without having to pay a dime.
Public Wi-fi network Attacks :
1. Man-in-the-middle attack (MitM)
The most prevalent hacking attack on public WiFi networks today is the man-in-the-middle attack.
According to Amit Bareket, CEO of Perimeter 81, a cloud-based VPN vendor, approximately one in every five individuals using public WiFi will fall victim to this type of attack.
So how does it work? Hackers intercept the data packets as they travel between the victim’s device and the public WiFi network.
The attacker’s primary tactic is eavesdropping, allowing them to gain access to and view the victim’s messages and data.
Recently, Europol apprehended a gang of cyber criminals based in Europe who were involved in man-in-the-middle attacks targeting medium to large companies in Italy, Spain, Poland, the UK, and Belgium.
These hackers employed social engineering tactics to infiltrate the targeted organizations’ networks, planting malware and ultimately deceiving them out of a staggering $6.8 million
2.“Evil twin” attack
In the scenario known as the Evil Twin, a deceptive wireless access point masquerades as a legitimate one, leading unsuspecting individuals to connect to it.
In this rogue setup, hackers are able to deceive users and intercept their valuable data. One common location where WIFIPHISHER or Evil Twin attacks occur is the free airport hotspot.
Here’s how it works: Let’s say you’re at a Starbucks coffee shop and you see a WiFi network named “Starbucks” on your smartphone.
Since you’ve been to this particular Starbucks before and your device recognizes it, it automatically connects.
This type of hack is particularly dangerous because it doesn’t require the individual to actively connect to the fraudulent WiFi network.
According to Bareket, these attacks are often targeted at specific individuals. Consider the scenario of a competitor aiming to steal data on a new project.
WIFIPHISHER or Evil Twin attacks are commonly employed by intelligence communities seeking to extract sensitive information from governments and businesses.
One notable incident involving an Evil Twin attack took place during the 2016 Republican National Convention.
Approximately 1,200 attendees unknowingly connected to a fake WiFi network named “I VOTE TRUMP WIFI” that was set up outside the convention center.
3. Password Cracking Attack
Password attacks exploit weaknesses in the system’s authorization vulnerability and utilize automated password attack tools to accelerate the process of guessing and cracking passwords.
By employing various techniques, attackers gain access to and reveal the login credentials of legitimate users, thereby assuming their identity and privileges.
The username-password combination has been a long-standing method for account authentication, allowing adversaries ample time to develop numerous approaches for obtaining easily guessable passwords.
Moreover, applications relying solely on passwords as the authentication factor are particularly susceptible to password attacks due to the well-known vulnerabilities associated with this approach.
The repercussions of password attacks are extensive, as they can lead to unauthorized access to sensitive information, identity theft, financial losses, and compromised systems.
It is crucial for individuals and organizations to adopt robust password security measures and implement additional layers of authentication to mitigate the risks associated with these types of attacks.
The impact of password attacks is significant, as malicious individuals only need to gain unauthorized access to a single privileged account or a few users accounts to compromise a web application.
The consequences of such compromises can be far-reaching. Depending on the data stored within the application, compromised passwords can lead to the exposure of sensitive information, distributed denial-of-service attacks, financial fraud, and other sophisticated forms of exploitation.
It is crucial to recognize the potential risks associated with password attacks and take appropriate measures to enhance the security of passwords and implement additional safeguards to protect against these detrimental outcomes.
4. Packet Sniffing Attack
A packet sniffing attack, also known as a sniffing attack, is a type of cyber-attack that entails intercepting and exploiting the content transmitted through a network in the form of packets.
The attacker captures and examines these packets, often leading to unauthorized access to sensitive data. Unencrypted email communications, login passwords, and financial information are frequently targeted in packet sniffing attacks.
Additionally, attackers may employ sniffing tools to hijack packets by injecting malicious code directly into the packets.
This code executes upon reaching the intended target device, enabling further compromise and exploitation.
DNS cache poisoning serves as a notable example of a packet sniffing attack. DNS (Domain Name System) is the protocol responsible for translating domain names into IP addresses for computers to understand.
To avoid unnecessary lookups, web browsers store the IP addresses of frequently visited servers in their cache.
In a DNS cache poisoning attack, an attacker intercepts the DNS requests using tools like Burp Suite or other interception tools and modifies them to point to malicious DNS servers.
This altered information is then stored in the cache, allowing the attacker to perform DNS amplification attacks and exploit the compromised DNS resolution process.
5. Session Hijacking Attacks
Session hijacking, also referred to as TCP session hijacking, is a technique employed to seize control of a web user’s session by stealthily acquiring the session ID and impersonating the authorized user.
By gaining access to the user’s session ID, the attacker can assume the identity of the legitimate user and perform actions authorized by that user on the network.
An additional consequence of this type of attack is the ability to gain entry to a server without the need for authentication.
Once a session is hijacked, the attacker no longer needs to authenticate themselves to the server as long as the communication session remains active.
Since the compromised user has already authenticated to the server prior to the attack, the attacker can enjoy the same level of access to the server as the compromised user.
Session hijacking can be carried out through various methods, including session sniffing, predictable session token IDs, man-in-the-browser attacks, cross-site scripting, session sidejacking, and session fixation.
Session sniffing involves using tools like Wireshark or proxy servers like OWASP Zed to capture network traffic and extract session IDs exchanged between a website and a client.
With a valid session token, the attacker can gain unauthorized access to the user’s account.
Predictable session token IDs are generated using custom algorithms or patterns by web servers. If the session token follows a predictable pattern, attackers can analyze captured IDs to predict valid session IDs and exploit them.
In a man-in-the-browser attack, the attacker infects the victim’s computer with malware, enabling them to modify transaction information and perform actions without the user’s knowledge.
This attack is difficult to detect, as requests are initiated from the victim’s own computer.
Cross-site scripting (XSS) exploits vulnerabilities in servers or applications to inject malicious client-side scripts into web pages.
If session cookies lack proper protection (such as the HttpOnly flag), attackers can access session keys through injected scripts, facilitating session hijacking.
Session-side jacking involves packet sniffing to intercept session cookies after a user has authenticated on a server.
If encryption (TLS) is only used for login pages and not the entire session, attackers can hijack the session and impersonate the user within the targeted web application.
Session fixation attacks steal valid, unauthenticated session IDs and trick users into authenticating with them.
Once authenticated, the attacker gains access to the victim’s account. Session fixation exploits weaknesses in the management of session IDs, often hidden in URL arguments, form fields, or session cookies.
Session hijack attacks are commonly targeted at busy networks with a high number of active communication sessions.
The abundance of sessions provides more opportunities for attackers, and the high network utilization can provide cover for their activities due to a large number of active sessions on the server.
How to Remain Safe in Public Wi-Fi
Here are some additional recommendations for maintaining system security while using public Wi-Fi:
Disable automatic connection: Ensure that your device does not automatically connect to any available Wi-Fi networks.
This way, you have control over which networks you connect to and can avoid unintentionally connecting to insecure or malicious networks.
Enable two-factor authentication (2FA): Utilize 2FA for your online accounts. Even if an attacker manages to acquire your username and password, they would still need an additional authentication factor to gain access.
This adds an extra layer of security to protect your accounts.
Forget network after use: After using public Wi-Fi, make sure to remove the network from your device’s saved networks or forget the network.
This prevents your device from automatically connecting to the same potentially insecure network in the future.
Avoid financial transactions: It is best to refrain from conducting sensitive financial transactions, such as accessing your bank accounts or making online purchases, while connected to public Wi-Fi.
These networks are more vulnerable to interception, and conducting such transactions can expose your financial information to potential risks.
Consider using your smartphone as a hotspot: If possible, use your smartphone as a hotspot instead of relying on insecure public Wi-Fi networks.
By creating your own secure Wi-Fi hotspot using your mobile data, you can ensure a safer and more private internet connection.
By following these recommendations, you can enhance your security and protect your sensitive information while using public Wi-Fi networks.
Cyber Writes is a Cyber Security content platform focused on cybersecurity. Backed by a team of knowledgeable writers, we create high-quality blog posts, case studies, and white papers to help businesses. Whether you’re looking to develop a content strategy or stay informed, Cyber Writes has got you covered.