“If we were the bad guys, we could have taken a number of actions to infiltrate these devices using known exploits, phish for login credentials or credit card data using bogus splash pages, or snooped for other sensitive data with Man-in-the-middle attacks.”
The above quote comes from WatchGuard Technologies—a threat management company—following an experiment they ran at last year’s RSA conference. They set up eight rogue access points with common network names (SSIDs such as “CoffeeShopWiFi) to see how many conference-goers they could trick into connecting with their smart devices.
Depending on how you look at it, the experiment was a success. Nearly 2,500 attendees’ devices connected—including smart phones, tablets, and smart watches—most likely without any human interaction (auto-connect). In a similar experiment at this year’s RSA conference, using the exact same SSIDs, they managed to trick nearly 4,500 WiFi clients into connecting. WatchGuard, of course, didn’t do anything but serve the unsuspecting clients with a good internet connection. But when this happens in the wild (at an airport, for example), the results are much more damaging, as noted in the quote above.
It’s scary enough to think that our devices can be duped into connecting to a bogus network, but our concerns don’t end there. Legit networks pose just as much of a risk. The information that travels over public connections can easily be stolen if it’s not properly encrypted.
In short, public WiFi is a security hole and we all need to take extra steps to protect ourselves. With that in mind, our friends over at TheBestVPN.com created a great infographic detailing 10 ways to stay safe. Check it out below and be sure to share with your friends and family!