It’s hard to imagine the modern world without the Internet these days. We use the worldwide network daily to search for information, communicate with friends and relatives, and work. However, we shouldn’t forget about the safety of connection to the web that may be dangerous for keeping your data and transmitted information safe. Telling about such dangerous connections, we should talk about wireless access points usually found at railway stations, in restaurants, malls, or hotels. At first glance, they may seem to provide us with immeasurable comfort because thanks to them, we can access the network ‘on the go’, but such points may also hide all kinds of cyberattacks. One of the most popular types of attacks via Wi-Fi points is called ‘man-in-the-middle’ or a ‘mediator-man’ in other words.
This type of attack (MitM) occurs when perpetrators intercept the connection between two parties, i.e. you and the addressee of the information; this may be a website or another object of the Internet network. The most frequent type of this attack is when the user’s request for website access is intercepted; in this case, the user receives the response with a fraudulent website. The website is disguised as the original website, which makes it difficult for a user to distinguish it from a fake one. A similar attack method may be applied to any web resource starting from social media to the website of your bank.
Let’s simulate a situation with this type of attack. You are in a restaurant and decide to access online banking to check the balance of your card. While you’re trying to enter the website of your bank, the attacker succeeds in standing in the way between you and the website, thus poaching you to the fraudulent website. You continue and enter the data that the attacker instantly receives. After that, he may use this information the way he wants, which results in serious consequences.
In other words, a person that gets in the way between you and the final object may intercept any information that you send: banking cards, passwords, messages, etc. Such an attack aims to obtain your information for further machinations, that’s why you should always be vigilant with the websites you have got onto eventually.
It is a type of MitM attack when a perpetrator using public Wi-Fi monitors the actions of any device connected to this network. Intercepted information may vary from personal data to Internet traffic. Usually, it becomes possible because attackers create a copy of an existing Wi-Fi point and use the identical name. Such Wi-Fi networks are located near popular shops, restaurants, hotels and use their names for malicious purposes. If you are in an establishment and notice several access points with similar names, most likely one of them could be created by fraudsters. What makes this attack really dangerous is that all types of devices are vulnerable to it. Since they, being connected to such a network, are subject to information leak, and attackers can access your personal and banking accounts, read your conversations eventually.
The method of attack described above by us is one of the numerous possible dangers when connecting to a public access point, so we recommend that you avoid using such Wi-Fi networks, and in cases of urgency and the need for Internet connection not to check banking accounts or other key services. If you have doubts about the Wi-Fi network’s authenticity, you may always verify this information with the employees of an establishment you’re visiting.
An additional type of attack is traffic analysis when specialized software for data interception is used. Initially, this software was used by IT specialists to analyze the digital network traffic and detect issues to further be fixed. The software also helps to track the dynamics of Internet use in organizations. But perpetrators utilize the technology to intercept users’ data. If you’re using a public network, there is no evidence your data has been intercepted until you find out that hackers have already used the stolen information. This may be say unauthorized access to your accounts, stealing money from banking cards, or sale of your personal information.
The introduced above attack method is among the most dangerous ones: it makes it easier for hackers to access your data and accounts and provides them with your personal info. Cookies serve as a packet of data collected by the browser during your use of it. Usually, the packets include user information. The data itself is stored directly on a device as text files; with the help of this data, the website identifies a user during repeated resource attendance.
Due to this technology, it’s easier for a user to manage the websites he visits frequently: they load faster, save the set parameters, and identify the user, so entering a login and password isn’t required.
As we have said above, a cookie is stored in text format, so it can’t be harmful to users. Nevertheless, cookies themselves may be dangerous in terms of confidentiality. Since having stolen these files, perpetrators may get access to the collected information.
They may intercept or even steal cookies that you use daily when visiting websites and make use of the received information from these files against you. This type of cookie theft is often called session interception (session hijacking) that we’ve described in the section above.
Having received your cookie, hackers may impersonate you and use that or another website on your behalf. It means that they may use your e-mail, online banking, or other services stored in your cookie files. The easiest way to steal these files is particularly public Wi-Fi since they are more vulnerable and have more active users.
Year after year, the use of the Internet is becoming more and more dangerous because the types of cyberattacks are evolving and are being constantly developed, that’s why it’s always required to remember about precaution. In this article, we’ve shared the information on types of attacks executed via public Wi-Fi, and how to protect yourself from them. Although a Wi-Fi connection without a password can’t be fully secured, if you follow these pieces of advice, you’ll minimize the risks. And remember that it’s always better to avoid such connections.