author avatar
    Technology Manager of Test Dept.
 

Summary
Users prefer to connect to WiFi when using the smartphone. But are you clear about the potential risk of connecting to a free WiFi in public places? What can we do to avoid these security risk?



Risk of Data Leak when Connecting to Public Free WiFi

免費WIFIAs the popularity of Internet and the improvement of mobile
phone functions, using mobile phone to surf the Internet has become an important activity in our life. Also, the number of Internet users has kept increasing. The number has reached over 3.89 billion until Dec, 2017 which includes 3.763 mobile Internet users and the covered rate of Internet has reached 51.7% according to the global report of Internet Development. There is 3.763 billion Internet users surfing the Internet with mobile phone which occupies 97.5% if total Internet users.  The development of mobile phone users promotes the development of mobile payment, ride-hailing service, etc.

More and more App are installed in our mobile phones which make our life more convenience. Also users prefer to connect their cell phone to WiFi instead of using Cellular network especially when they watch TV and play games which require a large data flow.

Free WiFi  could be found everywhere like home, office, shopping malls and public places. Nevertheless, there are more and more risks associated with public free WiFi. So does using free WiFi harm our personal information?

What are the Risks of Public Free WiFi?

Generally, using the WiFi which was set up by ourselves is the most secure, it is inevitable that we may use the free WiFi provided by shops. Is this kind of WiFi dangerous? Depending on the different security standard and attacks, the risk of free WiFi network could be divided into 3 levels: low, medium and high.
LowEmbeded Advertisement: Annoying advertisement will pop up without clicking when users visit websites.
Embeded Hidden Link: Automativally click the advertisement in the background to make malicious promotion. Users are hard to find this behavior.
MediumDNS: Attackers intecept the request of domain names in the hacked network. After analyzing the domain name, they will pass the requests which are off their scan list. Otherwise, they will return to attackers’ IP and make users can not visit certain websites or go to some malicious websites.
ARP: Attackers can perform IP address spoofing with fake IP addresses and MAC addresses. This can create lots of ARP traffic to make a network congestion. Attackers can send the fake ARP package to change the IP-MAC in ARP cache. As a result, the Internet is break and the middle man is attacked.
HighSSL: SSL is a classic MIMT. Attackers can get access to the users’ information by hacking the SSD certification or lower the secure level of SSl certification and lead to the password and data leak.
Redrict to Phishing Sites: Hackers can get access to users’ sensitive information for frudenlent. There are mainly two types of such sites, one is to get users’ information via fake winning website and the others is to make users to pay with fake payment website.
As we can see, once we connect our devices to a dangerous WiFi, our activities will be in danger. But even we connect to a public free WiFi with medium risk level, we will not make a great lost if we pay attention to our activities especially making payment and leaving personal information.

According to a report about public WiFi security, risky WiFi only occupies 1%  of free WiFi. And WiFi with high risk level occupies 0.009%.  However, such WiFi usually pretend to be public free WiFi and we should still pay more attention when connecting to a free public WiFi.

Does the connection to risky public free WiFi lead to economic lost?

It is believed that the bank account till be hack once we run App like online back or Paypal after connecting to risky WiFi and lead the economic lost.

Actually, it is not. Such payment App uses bi-directional communication. Even such data is hacked when transferring, hackers can not decrypt or modify it. So, it is almost impossible to steal the password of the account via WiFi.

How to Avoid Data Leak after Connecting to WiFi?

Even the proportion of risky WiFi does not reach 1%, mobile phone users should still pay more attention especially when connecting to public free WiFi. Here are some aspects we can do!

1. Use router and related firmware produced by reliable manufacturers

Being the device of providing WiFi connection, routers produced by reliable
manufacturers will not share the underlying management authority. Besides, we should not change the firmware of the router. Once hackers get the underlying management authority, all data go through the router will possibly be intercepted.

2. Do not root the Android devices or jailbreak iOS devices

Similar to routers, system in mobile phone also limits the authority of advanced management. If users root or jailbreak the devices, parts of app can get access to the advance management authority to control the device.

3. Choose the reliable public WiFi

According to some report, phishing WiFi like to make SSID to be the same name of operators or famous router brands like TP-link, D-link. Users should pay more attention when connecting to free WiFi and choose reliable
free WiFi provided by shops or safe facilities.

4. Disable the automatic WiFi connection

Free WiFi provided by hackers will not require the password. If you enable the automatic WiFi connection function, your device may get in a dangerous place.

5. Check the App before install

It is strongly recommended to download the applications on official sites, to avoid downloading malicious software.

Related Hot Guidance: