We’ve all been there. We’re taking the 4,5 or 6 train downtown – perhaps to Wall Street. Maybe our journey started on a Metro North train from Stamford, Connecticut and passed through Grand Central Station or perhaps, we live in the city and walked to a subway station. Whatever the situation, we know the feeling of having important work to do with no wireless connectivity besides WiFi. So we log onto the subway WiFi in the hope that it is secure. We then need to do something sensitive, like opening a document or transferring money between accounts, etc.
The question is… Is it safe to do so?
The honest answer is that it is a crapshoot. The odds of being hacked are not generally high across all public WiFi but if there is one thing we have learned about hackers… They strike where the money is. This could mean on or near Wall Street, in a Silicon Valley Starbucks or near the White House or Capitol Hill.
The answer then is a resounding – be careful out there. If you have to get on WiFi, don’t do anything important. But then again, if you are in email, you may not know what attachments or information are being sent and subsequently intercepted.
The internet has lots of tips on cybersecurity – 10 Tips to Make Your Computer More Secure, and Cybersecurity Essentials are a few good ones.
Lauren Cook writes a compelling article about subway WiFi. In it she interviews Omri Admon, corporate innovation specialist for SOSA, the firm tapped by the city Economic Development Corporation to launch its Global Cyber Center.
The two main concerns with public Wi-Fi, according to Admon, are “evil twin” and “man-in-the-middle” attacks.
A man-in-the-middle attack might involve a fake access page that looks similar or identical to the Transit Wireless Wi-Fi landing page. Once the user clicks through, the hacker can access the phone’s data.
“So if I type something that is a password or card information, that can definitely cause a problem. And that’s something that any public network is in danger of, especially one that is used by so many people,” Admon said.
An evil twin attack, meanwhile, is when someone sets up a fake Wi-Fi network that has the exact same name as the authentic one to trick unsuspecting users into connecting to the wrong one. Additionally, if someone has previously logged into the authentic Wi-Fi and has automatic connect engaged on their phone, they could be instantly and unknowingly brought to the fraud network, where the hacker can then access the phone’s data.
Justin Dolly tells us if you have to use public WiFi, make sure you use a VPN or SSL which is HTTPS instead of HTTP in the web address bar. Often, your site determines if HTTPS is available but most important sites do have this option.
Norton by Symantec reminds us not to use banking or shopping sites while we are on public WiFi – for any reason.
The short answer here as you have likely guessed is try not to use public WiFi if you can help it. If you are doing work for your company and your organization falls under compliance organizations like PCI, FINRA, HIPAA, GDPR or The NY Shield Act, you should be extra careful not to do company work on a public network.
If you have questions, the experts at Apex are available to help. If you are a customer or not, just reach out and we’ll be happy to help.