In This Section

The Wild, Wi-ld West of Wi-Fi

Mar 4, 2020
Would you want a hacker to have your credit card number or an international trafficker to hack into your daughter’s phone? Would you believe these things are possible with unsecure Wi-Fi at home, coffee shops and hotels? Chances are your Wi-Fi connection may not be as secure as it should be, so how secure are YOU when on Wi-Fi?

Digital Revolution

WhatsApp with Wi-Fi


Have you heard of WhatsApp? Probably not, as it’s used outside the U.S. more so than inside.

With “end-to-end encryption,” WhatsApp is one of the most secure messaging platforms in the world and also the most prevalent—it’s now used by over 2 billion users.

Recently, the leader of WhatsApp said: “For all of human history, people have been able to communicate privately with each other, and we don’t think that should go away in a modern society.”

It shouldn’t. However, governments around the world—including the U.S. Federal Government—are urging Facebook, the owner of WhatsApp, to slow down their plans for encrypting other messaging platforms, such as Facebook Messenger and even stop encrypting messaging altogether.

Indeed, throughout human history people have struggled with keeping communication between individuals private, but none more than today.

Here is a video I like to show people at conferences that gives an overview of what the Internet is, and the recent history of communicating over the Internet. This is a good starting point to begin to understand the struggle of keeping your communication over the Internet and Wi-Fi secure.

E-avesdropping


It used to be that people needed to be present at the location of a face-to-face conversation in order to eavesdrop or wiretap your phone line very nearby to hear what you are saying. However, people can now be anywhere in the world to hear what you are “saying,” as so much of our communication (including telephone) travels over the Internet.

Regarding Wi-Fi: an eavesdropper, for the most part, does indeed need to be nearby, but that’s easy to do in places such as a hotel, coffeeshop or next door to your office. The reason is that, simplistically speaking, Wi-Fi is like a traditional radio—such as AM, FM, CBs, or Shortwave—that broadcasts in all directions.

Wi-Fi is used to transmit information from a mobile device—smartphone, tablet, laptop computer—to an access point where it can then travel mostly via wires to other destinations—other smartphones, Internet servers, and so forth. Wi-Fi began giving us more freedom to travel with our laptops inside our office or house around 20 years ago. Without this freedom, it would have been impossible for the introduction of the smartphone.

However, with convenience also comes a reduction in security. In general, in regards to cybersecurity, the easier it is to do things, the less secure you’ll be. And the opposite is also true—the more secure you are, the harder it will be to get things done. This is a tradeoff every business must consider. The more secure you are, the harder it will be to do business.

Enter Encryption


When Wi-Fi was first introduced, there wasn’t much security or encryption. Information was being sent over the “airwaves” for anyone and everyone to hear (like an FM radio that WANTS to be heard by anyone and everyone). However, shortly after the introduction of Wi-Fi, WEP (Wired Equivalent Privacy) was introduced to encrypt the Wi-Fi radio traffic.

The problem with encryption is that ever since the beginning—in human communication during times such as war—someone has always been trying to crack the encryption. In the digital world, with encryption for Wi-Fi, for example, ever-stronger encryption must be used as more and more powerful computers are being employed to crack the encryption. Here is a YouTube video that explains encryption in fairly simple terms.

Side Note: This is one of the reasons the U.S. sees it as upmost importance it stay at the top of technology innovation versus China. If China begins to beat the U.S. at creating better technology, they will have the upper hand at encrypting their communications AND decrypting the U.S.’s. Think of recent reports which purport the Chinese government has listened in on the President’s phone calls.

One thing to keep in mind when thinking about encryption is that we talk about data being encrypted either “in-motion,” “at-rest,” or, better yet, both.

“In-motion” means it is encrypted when traveling from your device to its destination and then back.

Example: If you are sending text messages to a friend, “in-motion” encryption is encryption when the message is traveling between your phone and your friend’s.

“At-rest” means that it is encrypted on the actual device, such as your smartphone. “At-rest” encryption is when that message referenced above is encrypted while sitting on both your phone and your friend’s phone.

Having one of those two types of encryption without the other leaves you at a much greater risk.

If your data is not encrypted, hackers can see things such as:

 

  • Usernames and passwords
  • Messages
  • Financial information
  • Spreadsheets and other documents

Hackers can see anything that is sent over an unencrypted Wi-Fi connection. So, it is important to make sure you are using an encrypted connection.


Wrangling Your Wi-Fi


How can you know if you are using an encrypted Wi-Fi connection or not?

OPEN: Your connection is not encrypted if you didn’t get a key for the network to enter on your device. Some examples of the worst open Wi-Fi networks are coffee shops, hotels and other public areas that provide Wi-Fi without giving you a key or passcode to connect to it. I highly recommend you do NOT use these networks, but instead continue using your cellular connection with your Wi-Fi turned off while in those places.

SAFE: Your connection is encrypted if you entered a Wi-Fi key when you first connected to the network. This is pretty much mandatory in business offices today and used most of the time in homes as well. See this picture of a network requesting a security key when trying to connect to it on a smartphone:

Safe Smartphone
The icon for a wireless network will often have a lock as well if it is encrypted, whereas it won’t if it is not encrypted. See locked on the left:
WiFi Signal
Beware of fake Wi-Fi hotspots as well. The vast majority of people choose to automatically reconnect to a “known” hotspot (or SSID) each time they are in range of one—think “Starbucks” or “Hilton.”  However, you could be at your favorite local coffeeshop, when your phone finds and auto connects to a “Hilton” Wi-Fi (because you’ve connected to “Hilton” before while staying at one), even though there is no Hilton hotel anywhere close. A hacker could be sitting a few tables away broadcasting that they are a “Hilton” access point. Once your phone automatically connects to their hotspot, on their computer, they can now start stealing your information!


At the very least, it would be best to regularly review the known hotspots on your phone, tablet and computer, and remove all but your home and office remembered hotspots, or at least the well-known/common ones.

Here are some other recommendations:

  • Use Anti-Malware/Virus Protection—Windows Defender, Norton, Trend, Kaspersky, ZoneAlarm and XProtect (Mac) are good choices.
  • Keep your apps updated on your mobile devices by turning on auto update.
  • Patch programs on Windows or Mac as soon as they are available.
  • Wi-Fi Usage & Mobile Device Protection should be added to your Computer or Company
    • Do not use open public Wi-Fi from your company phone
    • Do not use your personal phone on company networks
    • No personal hotspots on company property
    • Mobile apps updates applied automatically
    • Notify IT of any strange connections or activity
    • Have a Guest Wireless Acceptable Use Policy 
  • For your office and home Wi-Fi access points (AP):
    • USE WPA2. WEP is WAY too easy to crack now in just seconds.
    • Set up two (or more) SSIDs (Wi-Fi network connections): One for employees, ene for Guests. Almost all APs can broadcast multiple SSIDs.
      • Segment/Firewall the traffic from guests so they can only access the Internet.
    • Hide the Employee SSID.
    • If you need a visible SSID for devices, create a different one and segment that off as well.
    • Don’t Use MAC Filtering. It isn’t very secure, and not worth the headache.
    • Turn on logging in your AP and Firewall.


Today it definitely is still The Wild, WI-LD WEST of WI-FI. It is hard to overstate the cybersecurity risk we all face today. Even if you are not an internationally known target, cyber thieves would love to have your credit card number or personal information.



Load more comments
Thank you for the comment! Your comment must be approved first
avatar
New code

Chris Werling
About the Author

Chris Werling is a writer, speaker, management consultant, and cybersecurity expert who has successfully founded and exited multiple companies in software, cybersecurity, consulting, and non-profit.  He has personally consulted with Fortune 500 companies such as Hallmark Cards & Toyota, but also medium and small businesses, including family-owned.

After graduating from Rose-Hulman Institute of Technology with a Computer Engineering degree, Chris co-founded Indiana’s first cybersecurity firm in 1998, which he sold to global cybersecurity firm Optiv, providing them with a solid base for the Midwest.

After starting and running a non-profit, a management consulting firm, and a software startup, Chris is now back in cybersecurity. Since founding Cornerstone Information Security, he currently writes and speaks at conferences, while building a team to consult with small to medium-sized businesses to help them secure their information in today’s insecure world.


Learn More