The down side of free Wi-Fi
Nov 12,2013 1 Comment
As the public and private sector strive to deliver internet access to all, Wi-Fi hotspots present a viable solution to the challenge of cost-effectively delivering access to the many. Free Wi-Fi was recently rolled out in parts of Cape Town, for example, with free or low cost Wi-Fi networks intended to be rolled out in lower income residential areas such as Khayelitsha and Mitchells Plain too.
While access for all is a commendable goal, there are security risks in extending free and low-cost Wi-Fi access in public places. Frequently, the cost of the service is kept to a minimum by eliminating ‘extras’ – like effective security. In addition, many people who will now be using the internet for the first time as a result of the free access, may not have been informed about the risks of cyber crime, and so could be vulnerable to identity theft, fraud and abuse.
Cyber criminals tend to look either look for individual, high end victims or launch mass attacks on a large number of low end users. In an inadequately secured free Wi-Fi hotspot, this puts large numbers of new internet users at risk. Those who have not been introduced to the need for anti-virus tools, secure passwords and the risk of phishing are liable to fall victim to even simple social engineering as they embrace the benefits of online banking, shopping and mobile money.
An increasingly common tactic abroad is to remotely lock users’ devices and demand a ‘ransom’ in order for them to access the device again. While this has focused mainly on PCs and laptops in the past, we can expect this practice to move to mobile phones next. There is also the risk of devices being infected with botnets, which are becoming more commonplace. Botnets are extremely difficult to detect, and run in the background, connecting the victim’s device to command and control centres, who can harvest information or use the devices for denial of service attacks or for sending spam. Botnets are also moving from the domain of the PC to mobile devices – typically those running Android.
When more schools begin rolling out tablets and other devices to school pupils, the beneficiaries will also be put at risk once they leave their schools’ controlled Wi-Fi zones and use their devices in unsecured hotspots. They need to be protected from inappropriate content, bullying and abuse.
Education is the most effective tool for countering cyber crime and protecting users. New internet users need to be informed of the risks of identity theft, cyber crime and bullying. The onus is on the public and private sector, as well as the media, to inform people of the dangers online, and outline ways to secure their transactions and avoid falling victim to cyber criminals.
Ideally, the entity rolling out a free Wi-Fi hotspots will ensure that the public network is as secure as possible, even going so far as to enforce safe search on the network, to protect children from inappropriate content. Building Wi-Fi hotspots without ensuring that the users are educated and the networks are as secure as possible would be rather like giving people cars without their needing drivers’ licences – sooner or later, somebody will get hurt.
By Jonas Thulin Security Consultant at Fortinet