Posted 14 September, 2021 at 11:08
Since the COVID lockdown measures have been eased, I have noticed that the coffee shop keyboard warriors have returned. I dropped into one yesterday for my caffeine infusion, and there were 4 people with their laptops open, working away on business issues. At least 2 had spreadsheets open (and easy to read if you were sitting behind them), and all had their email open.
Of course, this is nothing new, it’s been ‘a thing’ for years now, but is it a safe thing to be doing? A recent survey suggests that a high proportion of the connections to unsecured Wi-Fi networks result in hacking incidents, often from working in coffee shops, restaurants, airports, and other public places.
If you are among those Wi-Fi lovers, there’s bad news for you… your online privacy and security are at risk, as long as you rely on the weak to non-existent Wi-Fi security protocols at coffee shops. This means that you could be exposed to various threats such as identity theft which has over 15 million cases each year, data theft/breaches, introducing malware to your business network and that of your customers/suppliers. This list is not exhaustive.
Free or public Wi-Fi’s are hotspots for hackers and data snoopers who want to steal your private data or financial information. Needless to say, it is pretty easy for hackers to do that nowadays. You will be surprised to know the different ways hackers can compromise your device or your private information and why you shouldn’t rely on Wi-Fi security at coffee shops as they come with certain risks.
One of the favourites is the Man-In-The-Middle attack. As the name suggests, it is a type of attack where the attacker intercepts a transmission between two parties. The attacker can record the data for later viewing and even change or modify it.
MITM attacks are usually caused by exploiting vulnerabilities, through malware or malicious tools like “hotspot honeypot.” Man-in-the-Middle (aka MITM) attack is perhaps the most common type of Wi-Fi attack. In fact, a security survey of 500 CIOs and IT decision makers from 5 countries, conducted by iPass on Mobile Security, reveals that Man-in-the-Middle poses the greatest threat to mobile security than others.
Another favourite is the Network scanner. The Internet is brimming with network scanning tools that are built to compromise networks or devices. They work by:
In the Mobile Security Report 2017, by iPass, it suggests that hotspot spoofing is the third most greatest threat (after lack of encryption – almost never imp0lemented in coffee shops) when it comes to mobile security. Wi-Fi lovers wouldn’t think twice what network they are connecting to and whether the network is safe or not.
Hackers are well aware of the psychology of Wi-Fi users and they exploit it by creating spoofed hotspots. These hotspots may have the label of the coffee shop, but in reality they are fake networks created by hackers. When you join a fake or malicious hotspot, the attacker can trick you into using your credentials on fake websites or to gain access to your company network. For instance, when you try to purchase something online using your credit card, the hacker might create a fake website and retrieve your credit card number.
With such details in wrong hands, you might fall victim to threats like identity theft. The following could potentially happen:
Coffee shops are the most popular spots for people to sit and relax, drink coffee or eat their preferred food items. Perhaps, their popularity is what makes them dangerous when it comes to mobile security. When you rely too much on the Wi-Fi security at coffee shops, you fall into the traps that hackers have laid out for you.
Coffee shops may be considered as dangerous venues when it comes to your online security. However, it doesn’t necessarily need to be! Security awareness amongst employees and individuals is of paramount importance, and there are a number of technical implementations that can be undertaken to allow for this practice to continue safely.
For more information, contact Kevin Hawkins of H2 Cyber Risk Advisory Services:
T: 0845 5443742
M: 07702 019060