Tips on Using Public Wi-Fi
Free Wi-Fi facilities are available at various local and overseas public areas such as shopping malls, coffee shops, hotels, airports or government premises. Users should pay attention to the security risks when using Wi-Fi services.
Potential Security Risks
Messages transmitted via Wi-Fi communications may be intercepted.
The mobile device may inadvertently connect to the Wi-Fi network set up or compromised by hackers. Users may click the links to fraudulent or malicious websites leading to leakage of account or personal information, or infection of the mobile device by malware, etc.
All software, in particular security applications and browsers, should always be kept updated.
Verify the service set identifier (SSID) of the selected network. Do not use unknown or dubious Wi-Fi networks.
Employ prevailing encryption standards, if available, on Wi-Fi communications. Avoid using WEP and WPA encryption standards which are with potential security vulnerabilities.
Avoid handling personal or sensitive information via e-services including social media platforms, e-banking services, etc. when using public Wi-Fi. If necessary, appropriate encrypted connections should be taken such as HTTPS or Virtual Private Network (VPN).
Avoid clicking any links from suspicious web pages.
Disable the auto-connection function at mobile devices. Turn off the Wi-Fi connection at your mobile devices when not in use.
Tips for End-users on Internet Surfing When Using Public Wireless Services
Once your wireless device (such as a notebook computer or a hand-held PDA device) is connected to the Internet via a public wireless hotspot, you are exposing yourself to potential violations by remote attackers. However, the following security tips may help you avoid the traps laid by these attackers:
Don't leave your wireless device unattended.
Protect Your Device With Passwords: Enable your device's power-on login, system login authentication, and password-protected screen saver.
Disable Wireless Connection When It Is Not In Use: Wi-Fi, infrared, and Bluetooth
Keep Your Wireless Network Interface Card Drivers Up-to-date: A network interface card driver is just a piece of software, and like any software, is not immune to bugs. Keeping the drivers up-to-date assures that wireless devices have the latest protection and support from product vendors.
Protect your device with anti-malware software using the latest definitions. This can minimise the risk of infection by malware.
Encrypt Sensitive / Personal Data on the Device: Even when an unauthorised user gains access to your device, encryption will keep your data away from an opportunistic thief.
Turn off Resource Sharing Protocols for Your Wireless Interface Card: When you share files and folders, your shared resources may attract attackers attempting to manipulate them.
Remove Your Preferred Network List When Using Public Wireless Services: Some operating systems offer a feature for you to build your own list of preferred wireless networks. Once you have this list defined, your system will keep searching for a preferred network and try to connect to the preferred network automatically. By capturing this information sent out from your system, an attacker could set up a fake wireless access point, which meets the settings of a wireless network on your Preferred Network List. In doing so, your device would automatically connect to the attacker's fake wireless network.
Turn off Ad-Hoc Mode Networking: "Ad-hoc" mode networking enables your wireless device to communicate with other computers or devices through a wireless connection directly with minimal security against unauthorised incoming connections. This should be disabled to prevent attackers from easily gaining access to information and resources on your device.
Do Not Enable Both Wireless and Wired Network Interface Cards at the Same Time: When a device is connected to a wired LAN with the wireless network interface card still enabled, there is a possibility that attackers can sneak into the wired LAN through an open wireless network if network bridging is enabled.
Check the Authenticity of a Captive Portal: Captive portal web pages are commonly used in public hotspots as a means of user authentication and for deterrent protection. When connecting to a public hotspot, the user will be redirected to a captive portal page. However, attackers could also set up fake captive portals to harvest personal information. Therefore, when using public hotspots, it is important to check the authenticity of a captive portal by verifying the server certificate from the website.
Don't Send Sensitive / Personal Information When Using Public Wireless Networks: Public wireless networks are generally considered to be insecure. You should not transmit sensitive or personal information over a public hotspot without proper security controls.
Encrypt Your Wireless Traffic Using a Virtual Private Network (VPN): If transmission of sensitive or personal information over a public wireless network is unavoidable, a VPN solution can help ensure the confidentiality of communications using cryptographic technologies. If you want to learn more about VPN technologies, please refer to the article on "Virtual Private Network Security".
Disable Split Tunnelling When Using VPN: It is possible to connect to the Internet or other insecure networks while at the same time holding a VPN connection to a private network using split tunnelling, but this may pose a risk to the connecting private network.
Remove All Sensitive Configuration Information Before Disposal: If you dispose of old wireless components, it is important to erase all sensitive configuration information, such as Service Set Identifiers (SSIDs) or encryption keys, on the devices to be disposed of.
Though there are a number of other security measures you can take, these security tips provide a good start for protecting wireless devices and your personal information when connecting to a public wireless networks.