Why you should probably be wary of “free” public WiFi

Cover art Erka Inciong

logo

Words by

Publisher

In today’s fast-paced and hyperconnected world, convenience often outweighs security, especially when it comes to conducting transactions on mobile phones. Filipinos are spoiled for choice when it comes to free public WiFi, and many do not hesitate to connect to unsecured networks, unmindful of the security risks that come with them.

“There are many digital conveniences that we take advantage of, either to save money or time,” said Jonathan B. Paz, BPI’s data protection and enterprise information security officer.  “This can lead to practices that can endanger our data and privacy—people not regularly changing their passwords, transactions that don’t come with an additional step for validation of purchase, and, riskier than most, connecting to unsecured WiFi networks commonly found in many public spaces.”

Why you should think twice before using free WiFi

The widespread availability of free WiFi has contributed to the increased threat of cyber-attacks. A quick search on the Internet shows numerous videos and tutorials showing hackers how to take advantage of public WiFi networks—some videos even have millions of views. But even as cyber-attacks have become a common concern in the Philippines, not enough people are aware that there are real risks in cyber fraud or having their information stolen.

One of the most common cyber-attacks people should be wary of is called “man-in-the-middle,” where hackers redirect connections from the free network to their own fake websites, making users think that they’re sending their private information to the legitimate website. For example, when users access their bank account through the bank’s website, the information is instead sent to the hacker, rather than to the bank.

Another method is known as “Evil Twin,” where hackers mask their computers to imitate a free WiFi network. Users think they are accessing secure pages, but the Evil Twin computer monitors and views email passwords and bank information, should the user access those pages.

Paz noted, “Though it depends on how free WiFi networks are set up, it’s definitely much safer to err on the side of caution and expect that these networks are not secure. To protect your data and prevent yourself from becoming a victim of cyber-attacks, it’s best to wait to carry out your transactions for a later time when you’re using a secure Internet connection.”

Necessary steps to security

To secure their clients’ data, many banks and other institutions have adopted Advanced Authentication, a more rigorous method of authenticating a user’s identity. This method requires a password, and a second step that asks a user to verify the transaction with a second factor device — most often, the user’s mobile phone, through One Time Passwords (OTPs). OTPs are unlike typical passwords, which are static. They are unique for every transaction.

“This feature, which may be viewed by some as contrary to the conveniences afforded by online and mobile transactions, was put in place for additional protection for users. However, OTPs are not fool-proof and still rely on the practices of the user. Protecting data is something that we need to work on together—both the bank and its clients,” said Paz. “Convenience and security don’t usually mix. To have more security usually means additional checks and additional effort.”

It’s a delicate balance, but with new developments in technology, consumers may soon have both. In the meantime, it’s best to be careful, or at least know the risks.