Criminals use insecure WiFi to steal passwords and put viruses and spyware on your device.
WiFi has been around for 22 years. That’s long enough that millions of people can’t remember a time without it. They surf the internet from the comfort of their local coffee shop, blissfully cord-free, unaware that things were ever any different.
Unfortunately, WiFi’s convenience also includes a hidden danger: the man-in-the-middle (MITM) attack. NetMotion data in Verizon’s Mobile Security Index 2020 report shows that people connect to an average of 2-3 insecure WiFi networks every day, and our own data indicates that 1 in 20 networks are undergoing an active MITM attack.
Snooping and spoofing
A man-in-the-middle (MITM) attacker inserts themselves into a victim’s internet session. Everything that passes between the victim and the internet silently flows past the attacker, allowing them to spy on it, or even modify it (perhaps by injecting ads or inserting malware into something you’re downloading).
And one of the easiest ways for criminals to make themselves the man-in-the-middle is to set up a “rogue” WiFi hotspot that victims willingly connect to.
For example, a victim might be in a coffee shop and see a network named “Free customer WiFI” but this may not be owned by the shop at all.
Traced CTO Matt Boddy warns:
“The attacker is now your gateway to the internet, which enables them to do some evil things. For example, they might redirect your browser to a fake version of Facebook, GMail, PayPal, or any other site, and steal your username and password. Then they can lock you out of your own account and do whatever they want with it – run up credit card bills, scam your friends or even steal important information from your business, putting them at risk of massive GDPR fines.”
It’s depressingly easy for an MITM attacker to operate – they can buy WiFi hacking devices online and just hide them wherever victims are likely to congregate. Or they can just sit unobtrusively in the corner of a coffee shop, sipping everyone’s traffic re-routed through their laptop.
Hacked at home
Don’t assume that staying at home will save you. A recent case reported by Ars Technica saw hackers infecting peoples’ home routers with malware in a variation of the MITM attack.
Home routers usually double as WiFi access points. When you visit a website, the router uses the Domain Name System (DNS) to find it. The attackers pointed the hacked routers to their own DNS servers, enabling them to misdirect victims to spoof versions of popular websites. These sites would display a fraudulent popup that offered to install a COVID-19 information app. Of course, the app was malware.
There is technology to protect people from MITM and other attacks. One of the most popular is HTTPS, an encrypted version of the protocol that lets your computer talk to a website. Many sites still don’t use this. Even those that do can still be spoofed or snooped if they don’t implement it properly, or if the user doesn’t request the HTTPS version of the site.
Protect yourself
WiFi protection is your first line of mobile threat defence. Minimise your risk of compromise via WiFi with these steps:
- Be vigilant about which networks you connect to.
- Use your employer’s VPN (Virtual Private Network). VPNs encrypt all your traffic, keeping it out of sight of attackers. However, they can also be used to run MITM attacks, so if you use a VPN it’s vital you know who’s operating it!
- Use the Traced mobile app, available on Android and iOS. It protects your or your employee’s mobile device by running its own checks on the WiFi networks you connect to, and detects active MITM attacks. That way, you can surf wirelessly at your leisure.
Watch a MitM attack in action, and how Traced detects it:
