Cyber Attacks Via Public Wi-Fi

People who work remotely, travel frequently or simply want to quickly check their email and social media while they are out and about, find public network Wi-Fi to be of great convenience. However, open Wi-Fi has historically been denigrated as a risky internet environment where your information is at risk. Spyware and rogue websites designed to lure you into giving up passwords or installing malicious software are among the top online security threats. Some of the common attacks are discussed below in this article.

Man in the middle attack

A man -in -the-middle (MITM) attack is a sort of cyber attack where an attacker can eavesdrop on and alter communication between two parties.

Hackers can easily mimic a network’s SSID causing reoccurring clients to connect to it automatically without the user realising they are not on the right network. The victim can connect to the internet and send data without having caused to suspect their security has been compromised since the hacker frequently configures their own laptop as a proxy server for internet access. After that, the hacker starts intercepting all packet traffic and data passing through this action is known as man-in -the- middle attack.

Session Hijacking

A session hijacking attack occurs when an attacker takes control of your internet session, for example while you are paying bills, checking the balance on credit cards or shopping online. Usually, browser or online application sessions are the targets of session hijackers. The attacker who hijacked your session may then perform anything you could do on the website. In essence, a hijacker tricks the website believe that they are you. A session hijacker can take control of an internet session and cause a lot of trouble for the user.

In order to access internet sessions, attackers have employed the following session hijacking exploits and tools

• CookieCadger
• DroidSheep 
• FireSheep

DNS Spoofing

The word spoofing in the attack refers to the threat actor’s employment of a malicious website that closely resembles a user’s familiar official website. Due to the importance of DNS for the internet communication, poisoned records provide an attacker with the ideal phishing situation for obtaining sensitive information. Passwords, banking information, credit card number, contact information and geographic data can all be collected by the threat actor. The attacker can easily run a phishing campaign since the victim believes the website to be legitimate. The spoof site features aspects that the user can recognise and ideally does not have any warning signs that it is a fake.

How to prevent our own wifi with hacking?

There are some ways to prevent our wi-fi from getting hacked

1. Set strong passwords i.e use mixture of uppercase words,lowercase words,numbers and special keys.
2. Disable wps function from wifi admin panel.
3. If there is need to use public wifi then avoid it specially while doing online payments.

References

References

1. Ali, S., Osman, T., Mannan, M., Youssef, A.:On privacy risks of public WiFi captive

portals. In: Data Privacy Management, Cryptocurrencies and Blockchain Technology, pp. 80-98 (2019)

2. Cisco, V.: Cisco visual networking index: Forecast and trends, 2017–2022 White

Paper, vol. 1,p. 1 (2018)

3. Fang, Z., Fu, B., Qin, Z., Zhang, F., Zhang, D.: PrivateBus: privacy identification and protection in large-scale bus WiFi syste In: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, vol. 4 , pp. 1–23 (2020)
4. Cheng, N., Wang, O., Cheng, M., Prasant, S., Aruna, : Characterizing privacy leakage of public wifi networks for users on travel. In: 2013 Proceedings IEEE INFOCOM, pp. 2769–2777 (2013)
5. Sombatruang, N., Kadobayashi, Y., Sasse, M., Baddeley, M., Miyamoto, D.: The continued risks of unsecured public Wi-Fi and why users keep using it: Evidence from Japan. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–11 (2018).
6. Google: HTTPS encryption on the web. https://transparencyreport.google.com/

https/overview?hl=en. Accessed (2020).

7. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1388–1401 (2016)