Most people want to keep all their mod cons while on holiday – including a favourite Netflix series streamed via the hotel's public Wi-Fi. They also want to share stunning photos of top sights with their loved ones in real-time. Public Wi-Fi hotspots make it possible to be online anytime and anywhere. After all, it's convenient and free. But public Wi-Fi connections should be used cautiously – because they pose potential security risks. Security precautions are inadequate or even non-existent in many such networks. For many hackers, these unsecured connections provide an opportunity to tap data or monitor and manipulate data traffic. In the worst case, this leads to theft of sensitive data such as usernames, passwords, personal data and bank details. And business trips are no exception either: anyone who exchanges sensitive company data via inadequately secured networks risks it falling into the hands of cybercriminals. Read here how hackers exploit unsecured networks and how you can safely use public Wi-Fi networks on holiday.
The methods employed by cybercriminals
Not every public Wi-Fi hotspot is designed for users to go online to Google directions, find the best underground connection or quickly share a photo with friends. Hackers deploy so-called rogue hotspots to obtain sensitive data. A fake Wi-Fi network is set up to deceive the user. Often a similar name is used that looks deceptively similar to the ‘real’ hotspot. Instead of accessing the secure public network ‘Station_Official’, victims are lured into the rogue hotspot ‘Station_Official_NEW’.
Once users are connected to the wrong network, the doors are wide open for attackers to intercept the transmitted data. This is how they get hold of usernames, passwords and other sensitive data. They can then exploit this information for identity theft, financial fraud or other criminal activities. It's also a perfect way to launch phishing attacks: cybercriminals can create fake websites that ask users to enter their credentials. These fake portals can look deceptively real and trick users into revealing their access data.
Besides rogue hotspots, cybercriminals also utilise man-in-the-middle attacks to obtain sensitive data. In this method, attackers interpose themselves – physically or logistically – between the victim's device and the target server the user wants to communicate with. This allows attackers to intercept sensitive information and view the transmitted data. Moreover, attackers can steal cookies and other tokens – vitally important for authorisation and authentication processes – through session hijacking. As if that weren't enough, cybercriminals can inject malicious code into the intercepted data traffic – causing all manner of mayhem.
Wi-Fi security tips for travellers
Here are a few tips for safe Wi-Fi surfing abroad. Look before you leap: check the name of the Wi-Fi connection carefully before connecting to it. You should also ensure the connection is encrypted – typically with the security standard WPA2. And don't forget the golden rule: no sensitive data such as user names, passwords, or financial information should be exchanged via a public hotspot. Security measures such as antivirus programmes or a firewall should be activated and always up to date.
To be on the safe side, it’s advisable always to use an HTTPS connection for websites – to ensure encryption between your device and the web server. A Virtual Private Network (VPN) is a crucial defence in your armoury too. It can be used to transmit data in encrypted form via public Wi-Fi. Using a VPN has another advantage: services such as Netflix – often blocked by the hotel Wi-Fi or streaming with insufficient bandwidth – can be utilised to their full extent.
Don’t neglect data security while on holiday
To enjoy your holiday without any nasty surprises, it’s important to be aware of the importance of handling sensitive data securely. Be careful when you access public Wi-Fi. Better safe than sorry!