There’s been a lot of press recently about the security of Public Wi-Fi Hotspots. But is it really the responsibility of the Wi-Fi Provider to keep your data safe? After all, we’re not the ones storing confidential information.
Facebook is particularly vulnerable to such attacks and it’s possible to gain access to someone’s account in a matter of minutes – without needing their username and password. All you need is some freely available (legal*) software. I demonstrated this to some colleagues today by logging into their account in less the 2 minutes. And, once you have the required information, it’s possible to login with their details when you’ve left the Wi-Fi Hotspot. And after they’ve logged out.
Look out for encrypted pages
If you’re using a Public Wi-Fi Hotspot, make sure the site’s using full encryption – there should be a padlock displayed in your browser and the address should start with https.
Facebook’s vulnerable because only the first login page is encrypted. Because subsequent ones are insecure, it’s quite simple to simply hijack the required information and gain access.
Gmail had problems with this too earlier this year but now all their pages are encrypted. Online banking sites have been secured properly for years so you should be safe with those.
It’s not just Facebook that’s vulnerable. Others include Flickr, Fourquare, Hotmail, Tumblr and WordPress.
But don’t be put off – just make sure the site you’re logging into using encryption throughout, not just on the home page. We’ll cover some more ways to protect yourself later.
* It is not legal to use such software to gain unauthorised access to someone’s information.