Using a public WiFi-hotspot is a risky business these days, as one never knows whether or not the connection is secure. F-Secure product manager Janne Pirttilahti strongly feels that consumers should be more concerned about using public WiFi-hotspot connectivity, and even suggest the usage of 2FA and a VPN to encrypt traffic. Especially for Bitcoin users, public WiFi-hotspots pose a serious risk.
Rogue WiFi Hotspot Connectivity is a Real Threat
It doesn’t take much for an assailant to “replace” a regular public WiFi hotspot with a rogue network. For the end user, everything would seem normal, but on the back end, things are vastly different. In the worst case scenario, assailants will not only monitor all traffic but use it to infect devices with malware and keyloggers.
The topic of WiFi hotspot security has been kicked around for many years now, and there is still no proper solution to this problem. Or to be more precise, there are solutions available, but these requires participation by the end user. Using a VPN, or even two-factor authentication for all platforms accessed online, is not very convenient for most consumers, although additional layers of security are never a bad thing.
To demonstrate how easy it is to set up a rogue access point: all an assailant would need is a laptop and a WiFi-dongle. There are no requirements regarding whether or not more expensive materials work better, as even the cheapest of devices can be used to pull off this trick. By using these two tools, an assailant can then broadcast a signal to the existing WiFi hotspot, and order it to disconnect all users.
A little-known fact about access points is how their signal strength is not the greatest, and it is quite easy to broadcast a stronger signal to overpower an existing network. As a result, previously connected devices will attempt to connect to a network with the highest signal strength. Once this occurs, all hell can break loose, and the assailant can snoop on internet traffic and intercept various types of data, ranging from images to passwords.
VPN connections can solve this problem although they are not very user-friendly. Many industry experts feel that enabling VPN connectivity should be as easy as pressing a button. Also, most consumers do not trust third-party VPN providers, as these companies lack transparency.
Bitcoin Users Are At Risk
The ongoing issues with public WiFi hotspot connectivity pose a serious threat to Bitcoin users as well. Even though it is not possible to steal a wallet data file without much more effort than just creating a rogue WiFi access point, this attack could be used to install malware. Once a device is infected with malware, anything could happen to it.
Bitcoin users should lead by example, by ensuring their Internet traffic is encrypted at all times when accessing public WiFi hotspots. Whether that is through a VPN, 2FA, or other tools, is of less importance. Any financial service used while connecting to a public WiFi hotspot is subject to attack by someone, and taking the necessary precautions should be the new norm.
What are your experiences with public WiFi hotspots so far? Do you know of anyone who had their data snooped on? Let us know in the comments below!
Source: Tweakers (Dutch)