Johannesburg - Public wi-fi hotspots are great. They cost nothing, save mobile data, and are often faster for downloading.
However, as much as we love the convenience, hackers love these hotspots too - to snatch your banking details.
Experts advise that people should never, under any circumstances, do online banking transactions or share any personal information with others while using public wi-fi unless they are sure the connection is legitimate and secure.
Keoma Wright, the chief executive of internet service provider OpenWeb, said public wi-fi should be seen as a necessary evil. “It’s fantastic that you can visit your local mall, airport or restaurant and get complimentary internet access.
“However, the dangers are frightening and real. There are at least a thousand different ways a naughty individual can infiltrate a public wi-fi system.”
Wright says one of the more common methods for hacking public wi-fi is connecting to a system and scanning for open ports on the server.
“Once a port vulnerability is detected, the hacker will inject malware into the network. All that is left to do is to write a script that will store all the data of all the devices connected to the system until the network admin actually realises there is a problem.
“I’m aware of a case in Sandton where a popular coffee shop's wi-fi was infiltrated. This particular hacker was, however, only interested in the banking details of the unsuspecting users.
"Without breaking confidentiality, all I can say is he got away with a lot of money.”
A personal information-hungry cyber-goon can also easily set up their own wi-fi hotspot and give it a similar name to a reputable network, such as Always On.
But instead of the letter "O" it could easily be the number "zero" on the word On. This kind of cyber attack is called the "Evil Twin".
The fake hotspot may not require a password. Since the user may be familiar with the premium service Always On, they may login and all their personal information will be up for the picking.
Emmanuelle Salon, the executive tower head at Always On, warns that users need to be sure they are connecting to the correct network.
“Wi-fi networks that do not require a login and password create unencrypted network connections that leave users vulnerable to hackers.”
Unsecured hotspots sre great targets for hackers looking for login details and passwords.
“Personal communications such as e-mails and social media logins, files you send and passwords used to log into sites are at risk.”
Another advanced assault is the Man-in-the-Middle attack.
The first isabelo smart bench installed in Cape Town may be a benchmark for internet crime too. Picture: David Ritchie/ANA
With this, Nastassja Poorter, enterprise sales director at DRS, a Cognosec AB company, says a hacker intercepted communications between two parties.
“While they may think their communications are private, and that data is being shared directly between the server and the client, the link is in fact being intercepted by a third party.”
Poorter said the attacker could then alter the communication, and display, for example, a fake or phishing website, or send a message of his own.
To protect themselves, users are advised to be very suspicious should two network connections show up that have a similar name.
If possible, make use of a virtual private network. Once connected to public wi-fi, users should also check for secure sites, that start with "https://" in their urls instead of just "http://".
“Certificates denoted by the 's’ mean the website is more secure, and offers a decent level of encryption, so only use such sites when accessing personal information,” says Poorter.
Wright insists that users should not work with their internet banking or other sensitive apps while connected to a public wi-fi system.
“Turn off your file sharing. You can Google steps on how to do this on a smartphone or laptop.
This gives hackers less accessible information if they do happen to get through to your device.”
Turning off your wi-fi when you are not using it could save you more than battery life on your device," he adds.