It was once the case that travellers used free or paid-for Wi-Fi hotspots without a care in the world. Then the security flaws were revealed. We share some essential insights and advice to keep your holiday free from cyber invasion next time you go online.
Security experts warn that travellers who use free and paid-for, passcode-protected Wi-Fi hotspots at hotels, bars, airports, restaurants etc, are vulnerable to hacking by cyber criminals snooping around on the network – trying to steal users’ bank details, passcodes, personal contacts and other information. All they have to do is spot users on a network and attempt to hack into any unsecured phones, tablets or laptops or see what their users are doing online and gather data that might prove useful in a criminal act.
How do they do it?
Craig Stillman, Marketing Executive, Cellhire Group explains, “One popular method is to fool customers into thinking they have a connection to the Wi-Fi hotspot, whereas in fact they have connected to someone [the criminal] who is between them and the hotspot. Each Wi-Fi hotspot provider issues their own passcode to their customers, passcodes that can also be accessed by cyber criminals posing as customers – this is all the information they need to set up the alias connection also known as an “Evil Twin” connection.”
The “Evil Twin” connection
The “evil twin” connection is a spoof network that uses the name of a hotel, café or shop etc – and enables the creator access to devices when their owners click the network name and try to log on.
Once connected, customers send information – which might include credit card details and emails, complete with their email address, of course – to the criminal’s device, not to the intended destination.
When criminals have personal information, they can masquerade as the customer at will, whenever they want, until [or if] caught out.
Another risk is malware
Criminals can trigger a pop up message advising users to upgrade their software. By clicking the message – in good faith! – the customers infect their device.
None of this means we should shun Wi-Fi hotspots. But it does mean we should be vigilant when we do, and take precautions, or use our own private MiFi hotspot instead.
Steps you can take to help safeguard you from attack
- Don’t be an easy target. Ensure you really are connecting to the Wi-Fi hotspot, not a spoof connection. If in doubt, double-check the precise name of the connection with the hotspot owner. Hackers might set up a near-identical connection name and trick the unwary.
- Use a VPN [Virtual Private Network]. That way, any data you send will be encrypted, meaning that even if a criminal has broken into your connection, they’ll be more likely to dump the data rather than try to decrypt it, unless they have good reason to believe your data is of value.
- Turn the “sharing” option off on your device, if it’s “on”. That will help ensure your data isn’t shared with anyone on the network.
- Browse the web using a secured browser. It will make you safer online and help keep you away from rogue, phishing websites, but cannot guarantee 100% security. However, it’s another step in the right direction.
- Keep your anti-malware program up to date to help guard against viruses and spyware. That’s key even if you believe your device is safe because you’ve taken steps like those above. Determined hackers will still have a go and might succeed in getting your device infected.
- Use a device that contains no confidential information. Smartphones can be hired, a useful option if you want to go down that route. Hired smartphones can be particularly useful when visiting the US, because strict regulations there mean that a traveller’s smartphone can be taken away for inspection and its passcode demanded, potentially putting its data and information at risk. A hired smartphone will carry no personal data or information, if it has not been used by the traveller.
- Create your own hotspot – a mobile, MiFi hotspot – that goes where you go and which reverts to 3G where a 4G signal weakens or disappears or isn’t even available.
Using internet security solutions such as anti-malware and anti-phishing programs are only part of the picture. Our online behaviour such as keeping backups of data and information is also important.
If you are a victim of a ransomware attack, and face a demand to pay £x to unlock our infected device, having a backup will get you out of the situation. You can simply ignore the demand and load your backups onto another device. Using cloud-based options for storage is fine, but if you have confidential work or personal information, an offline backup better. Offline backups are unhackable unless the computer it’s attached to is connected to the web. Always perform backups when disconnected!
Mobile Hotspots explained…
A mobile hotspot is generated via a MiFi, a small, portable, battery operated router that has its own passcode – a robust first-line defence against easy or determined hacking.
A MiFi can be hired for use on holidays or business travel, it is small enough to fit in your pocket, and it comes with country – and, in some cases, continent-specific data SIM cards.
Apart from their security aspect, A MiFi often provides noticeably superior web surfing speeds compared to Wi-Fi hotspots – perfect if you want to keep on top of business or social media while you are travelling!
Remember – you aren’t just vulnerable to cyber crime on holiday – criminals are known to use the same techniques the world over. Your smartphones and MiFis are the value of the information they can access, not just what they cost.