Top Tips: Wireless Security

For this blog, I hope to keep the technology easy to digest for the general user. There are going to be weeks where we hover at the surface and some where we dive into the granular details. Please excuse any computer science nerdiness along the way. My main goal is to give you easy, actionable guidance on security. Let's jump in.

We have an "always on culture" when it comes to devices, where convenience dominates in the form of saved connections to networks or Bluetooth devices. Is your Bluetooth always on? Do you click that "remember this network automatically" button when moving from network to network during your day?

All the grand features of our devices like microphones, cameras, and peripherals have permission to transmit data when told to by operating systems. Wireless connections have become tough to manage as lack of security and attacker exploits can force these components into the always on state, giving off a steady data stream.

Let's explore popular places like airports, shopping centers, hotel lobbies, or coffee shops with their open "Free WIFI" hotspot. Most attacks happen due to flaws in simple human behavior.

Are you waiting at the gate for a flight and your streaming app with your saved movies won't open without an update? Need Wi-Fi for that. Are you scrambling to get a last minute gift before liftoff and want the item to be shipped in time? Too many users nearby, cellular data won't work. Let's try the Wi-Fi...Hey! I'm connected and the site is loading...

Urgency and the desire for our devices to work flawlessly can lead us into traps.

Here's the issue:

The "Airport WIFI" may be a safe to use network provided by the airport, or is it the "Airport Free WIFI"... or is the nearest "Coffee Shop Wi-Fi" better... are they all safe to use? Are they all a risk to connect to?

First, broadcasting and naming is unrestricted when it comes to networks. Unless an area has an elevated level of security, there will not be rules on who can create or name a network. In reality, it can be anyone. Evil twin networks can even mimic the name of a legitimate network nearby.

Now you may be saying, why does this matter if I can connect and my order for a father's day mug goes through? Email account information, phone numbers, and payment information are the big ticket items captured by bad actors in the space.

Here's the science:

Replacing the payload on a packet can be automated in the digital age where high compute power is available. Imagine you hit that send button for the mug order and the order submission takes a pit stop before going where you intended. A man in the middle attack is an effortless way for attackers to grab at the information being sent, then forward it to your destination. At a busy airport, thousands of people could fall victim to this process throughout the day while an attacker sips coffee nearby, letting a computer do all the work.

They could siphon the email address you provided in your account info, your phone number you provided for the order, and payment data (if cryptography is not present). For a general user, it looks like your order went through normally. In a few days, your email or phone are full of spam messages, and someone has tried to buy one hundred pairs of shoes with your payment information.

How to avoid the problem:

A small shift in behavior to avoiding open networks and being more aware of our tech use can remove this risk completely. Bank from, shop from, and punch in account information from a secure, home network.

Reading an article or using search on an open network can be okay. Just remember- do not fill out any forms, plug in any information, or access any applications that have your data stored on them. Attackers will walk away with only your browsing history and device data, moving on to juicier targets.

Sometimes, it isn't even the user's fault. Apps that gain popularity in a number of weeks by hitting a viral sensation gold mine, may be the source of another issue. Not everyone follows a security by design method, and they push their app to market while focusing on user features. Internet traffic may be easy to view with a simple packet sniffer. Attackers can capture your traffic and simply read your password or information submitted in the app. There's a general shift toward security in this regard by encrypting all traffic as standard. If you are testing a new app for a friend or jumping on the latest trend, give some thought to holding back on what information you provide.

My top tips for wireless security:

1. Carve out 30 minutes a week to update apps, access sensitive accounts, or manage money from a place of security, rather than on the go wherever it may be available.

2. Only use trusted networks for anything more than browsing.

3. Use a single device on a wired connection to manage finances with no connections to other devices or networks.

4. Consider closing off connections to open Wi-Fi hotspots after use or avoiding them all together.

5. Turn off Bluetooth when not in use and disconnect from any stale devices.

Please like, subscribe, and comment with any questions. Thanks for reading!

Join us again next week for more tips on using technology to your advantage while avoiding the risks.