Free public WiFi is a godsend for users. It helps them avoid data caps and gives them faster browsing speeds. But a recent report shows how hackers could use it to automatically connect to devices.
A report by Ars Technica and NPR finds that some popular WiFi networks have phones automatically connect to them within range. For instance, AT&T’s “attwifi” network and Comcast’s “xfinitywifi” have hotspots all over the country.
But because smartphones and other mobile devices connect to these hotspots based on the name alone, a hacker could easily set up a malicious WiFi network by the same name.
Then, any user who passes by the open network would automatically try to connect to it.
Fallout from the WiFi impostors
The danger here is that hackers could misdirect users into logging into their accounts while stealing information or infecting phones with malware. It could also be used to launch man-in-the-middle attacks, stealing sensitive data while it’s entered on the phone unbeknownst to the user.
What can you do
If you (or your users) are on an AT&T iPhone or some Android devices, you can disable the automatic connection to “attwifi.” But it’s equally important to remind users about smart WiFi usage.
- Public spaces are dangerous. Hackers are going to go where they can hit the most users at once. Places like airports, cafes or restaurants that advertise free WiFi are prime places for them to set up a fake network. Users should be extra careful logging in here.
- Public WiFi isn’t for work. No matter what other protections you have in place – VPNs, anti-malware, etc. – connecting to free WiFi is risky. Work should only be done on secure, trusted networks.
- Review your settings regularly. Even if you’ve taken steps to avoid these networks, a lapse is always possible. Check your devcies’ list of trusted wireless networks, and instruct it to forget old ones or ones that you haven’t used in a long while.