Skip to main content

1.3 The Dangers of Public Wi-Fi

Topic 1.3: The Dangers of Public Wi-Fi

Cyber adversaries can be categorized based on their skill level and motivations. Low-skilled adversaries, often called "script kiddies," rely on pre-made malicious tools and scripts created by others, which they can purchase or find online. These tools typically exploit well-known vulnerabilities, and the adversaries using them often lack a deep understanding of how the attacks work. Their motivations can range from financial gain to simply a desire for recognition or causing disruption. In contrast, high-skilled adversaries possess the expertise to develop new malicious tools, modify existing ones to evade defenses, and discover previously unknown vulnerabilities, known as zero-day exploits. These actors are often well-funded and highly motivated, driven by goals such as financial profit, political ideology, or espionage.

Wireless networks, particularly public Wi-Fi, are frequent targets for adversaries due to their open nature. One common wireless cyberattack is the evil twin attack. In this scenario, an adversary sets up a fraudulent wireless access point (WAP) with a service set identifier (SSID), or network name, that is identical or very similar to a legitimate one nearby (e.g., "Cafe-Free-WiFi" instead of "Cafe_Free_WiFi"). Unsuspecting users may connect to this malicious network, believing it to be legitimate. Once connected, the adversary can intercept all the user's network traffic, a process known as an on-path (or man-in-the-middle) attack, allowing them to steal passwords, financial information, and other sensitive data.

Another threat to wireless networks is a jamming attack. This is a type of denial-of-service (DoS) attack where an adversary uses a device to flood a physical area with a strong electromagnetic signal in the same frequency range used by the wireless network (e.g., 2.4 GHz or 5 GHz). This interference overwhelms the legitimate Wi-Fi signal, preventing users from connecting to the access point or causing existing connections to drop. The goal is simply to make the wireless service unavailable to its intended users.

Adversaries also gather information about wireless networks through a technique called war driving. This involves moving through a physical area, such as driving or walking, with a device equipped to detect wireless network signals. The adversary can identify the names of nearby networks, determine what type of security they are using, and map out the physical reach of the wireless signal. This reconnaissance can reveal weakly secured networks or areas where a corporate network's signal extends beyond the building's physical security, providing a potential entry point for an attack.

Individuals can take several measures to protect themselves from these attacks. First, always verify the name of the wireless network before connecting. In a public place like a coffee shop or airport, ask an employee for the official Wi-Fi network name. Second, avoid joining unprotected wireless networks that do not require a password. These networks do not encrypt traffic, making it easy for anyone on the same network to intercept your data. Finally, for an added layer of security, especially on public networks, consider using a virtual private network (VPN). A VPN encrypts all of your internet traffic, creating a secure tunnel between your device and the VPN server. This ensures that even if an adversary manages to intercept your traffic, the data will be unreadable.