In 2021, how safe are internet users?
At the height of their glory, the Blue yster Cult got a few things right. Their name had a superfluous umlaut, as any 1970s band should. “(We can be as they are) Come on, darling,” one of the lines from their song, Don’t Fear the Reaper, says. If you’ve ever been envious of someone you’ve been with who connects to public Wi-Fi at the mall, café, hotel, or airport on the spur of the moment, you’re not alone.
We are suddenly out and about much more than before, as many parts of the world appear to be finally getting a grip on the pandemic and more people can consider their approach to getting back into the world. As we travel, shop, and socialize again, we will inevitably require internet access. Is it finally safe to just “link” over ten years after Edward Snowden revealed that we were being spied on online?
We’ve made significant work in enhancing the baseline of security by altering how encryption is applied behind the scenes to ensure that our communications remain secret.
Let’s take a look at the risks associated with using public Wi-Fi in light of recent advancements in the core security methods employed by modern websites and mobile apps.
Checklist for a Wi-Fi attack
The majority of public Wi-Fi is unencrypted, which means that anyone within radio range (up to 100 meters or 300 feet) can see what you’re sending over the connection. This used to be an issue because it provided a lot of opportunities for someone to snoop on or hijack your communications.
An attacker’s initial condition is to be within radio range and do one of the following:
-Use a “evil twin” Wi-Fi station with the same name that has a stronger signal than the real one.
-Persuade you to use the attacker for name lookups (DNS) so that they can redirect your queries to bogus pages or through proxies.
-Just keep an eye on your communications to see whether any unencrypted data is being sent between you and your intended destination.
This isn’t that difficult, but the physical factor makes it impractical. Attackers must approach their victims physically, limiting possible victims to those in their local vicinity. This isn’t a crime they can commit anonymously from Moldova using Tor.
Next, attackers must estimate which websites their victims will visit and whether or not these websites are protected by HSTS. If this is the case, attackers will be unable to intercept traffic unless they can persuade a certificate authority to provide them a valid certificate for the protected domain.
Attackers might, of course, simply snoop on unencrypted traffic and hope for the best. Unencrypted connections account for less than 5% of all connections, and the great majority of these are marketing and ad trackers. There were no prominent destinations that didn’t have encryption.
Attacker issues a challenge
If cybercriminals are identified, Wi-Fi-based attacks are a low-yield crime with a high likelihood of arrest. If there’s one thing I’ve learned over the years, it’s that crooks are usually lazy and go for the easiest prey. However, the danger of such attacks varies depending on your risk profile. I’ll get to that later.
However, even encrypted websites are vulnerable to being hacked. An opponent can “downgrade” a website that does not use HSTS to use an unencrypted connection, letting them to tamper with or intercept your data.
This amounted to 61.03 percent of the locations assessed in this scenario. That sounds terrifying, but keep in mind that they’ll need to be close by and either target specific locations ahead of time or downgrade only the sites that don’t support HSTS to HTTP, which is a difficult, if not impossible, task. HSTS is not present at any of the sites.
Most people’s risk level
So where does that leave us? In two words? Mostly risk-free. Everything the majority of us use on our phones or while traveling on our laptops in public areas is safeguarded to an extremely high level.
Is that to say it’s impossible? Obviously not. There are always hazards and worries that you might decide isn’t suitable for you, so let’s look into why you shouldn’t trust public Wi-Fi and what alternatives you could utilize to mitigate the risks.
Sensitive targets’ risk level
Are you a well-known target? Do you work as a journalist, politician, celebrity, or perhaps a spy? You could find that using public Wi-Fi is too unsafe for you. In many countries, mobile phone data is inexpensive enough that it is unnecessary to connect to Wi-Fi.
Additional safety measures
However, there are a few things that privacy-conscious users may do to make it a little safer, and this applies to any network:
Use a password manager to keep track of your passwords.
Passwords should be long, strong, and unique. They also defend against phishing and interception by a machine-in-the-middle (MiTM) attack.
- Use DNS instead of HTTPS.
-In Firefox, type: Go to Settings -> Network Settings -> Settings -> Advanced -> Advanced -> Advanced -> Advanced -> Advanced -> Advanced -> Advanced DNS over HTTPS should be enabled.
-In Google Chrome: To enable Secure DNS, go to Settings -> Privacy and Security -> Security -> Use Secure DNS. With:
-In Edge, go to Settings -> Privacy, Search, and Services -> Settings -> Use Secure DNS -> Use Secure DNS -> Select a Service Provider
-The DNSecure app is available for MacOS and iOS users.
- Make use of mobile data
Switch to your mobile phone data plan if you’re concerned about mobile banking or other sensitive information.
For the most part, Wi-Fi is quite adequate for most individuals. Opportunistic thieves have far better ways to compromise victims without exposing themselves to the physical dangers of being within shouting distance of their crimes.
Have fun with it. You can spend as much time as you want on Facebook, Twitter, and Gmail. You’ll be alright if you take advantage of all those online Black Friday and Cyber Monday discounts while you’re on the go. And if you’re a bit more paranoid like me? Take the advice above to be a step ahead of the rest.