It all starts out innocently enough. You decide to stop into your favorite coffee place. You order a drink, sit down, and pull out your laptop or other mobile device. You don’t want to use your precious data from your wireless plan, so you think “No worries, they offer free wifi here.” You connect to the free wifi and start browsing. You check your email, your bank account and then online shop while you finish your drink. A perfectly innocuous afternoon…or so you thought. Little did you know that the person sitting across from you, seemingly having a day similar to yours, was capturing all of your online movements and information. They were then able to check your email, access your bank account and shop online using your PayPal and Amazon accounts.
They were able to gather all of your information using a fairly simple program called a packet sniffer (or packet analyzer). These programs are easy to install and use, but best of all, some of them are free, or so a hacker would say. Because it is so simple, this exploit is used all of the time with free wifi.
When you go online using a wireless connection, you communicate via packets with the router. Packets contain all of the information for the web page that you are using, including any text that you may type, such as your credit card information or passwords. One web page can consist of multiple packets. A packet sniffer can connect to the same wireless network and collect copies of these packets. It then will put the packets together like you would piece together a puzzle. Once the sniffer has put the pieces back together, the person implementing the sniffer has the information of everyone on the network for the entire time that they were there.
The reason that packet sniffers work with free wifi is because there is no encryption algorithm in place. If the wireless router employs an encryption technique, the packets become encrypted, and thus, unreadable to the sniffer. They can still collect your packets, but they can’t do anything with them. It would be like someone having a puzzle where none of the pieces fit together. With encryption, the router knows how to decrypt your packets, but no one else can.
If you are required to enter a password for the wireless network, that normally means that it is encrypted. However, if the password is known to everyone, then the packet sniffer knows as well, and you are back where you started. Therefore, you want to connect to a network that has a protected key.
Before connecting to a network, look to see the encryption type. You want to make sure that it is WPA2. Two types of networks that you want to stay away from are WPA and WEP. These are easily hacked and thus, should never be used. If you are on a WIndows machine, to see the encryption type, click on the wireless indicator and select your network. The encryption type will be displayed under “Security Type”.
But wait, I still want to be able to use free wifi…is that even possible?
It is possible to save your data plan and still make use of the free wifi when you employ a virtual private network, or a VPN. When you use a VPN, it encrypts the packets for you only, thus making your packet puzzle impossible for a packet sniffer to solve. Using a VPN is easy, as you just sign up for a VPN account with one of the many VPN providers. The cost is normally less than $50 per year.
You can use your VPN account with all of your devices. Generally, tablets come with the functionality for a VPN connection built into the settings. You will need to consult the VPN service that you signed up with for specifics. If you want to use the VPN on a laptop or desktop, you will generally need to download an executable program from the VPN service and install it. Then, every time you want to connect to a free wifi network, you will launch the VPN program first, sign in, and then feel free to safely browse the internet in obscurity.
I don’t want to sign up for a VPN and I don’t mind using my data.
If you don’t mind using your data in your phone plan, then connecting to your phone or tablet’s personal hotspot is the most secure option. Simply turn on your hotspot and connect your device. You may be using your data plan, but you can do so knowing that your data is safe.