Wireless hotspots are convenient, and with mobile devices such as the iPhone, Blackberry, iPod Touch, Android phones, the iPad and other wireless gadgets, its not just laptops connecting anymore.
With a free and unencrypted connection in a public space, its just as easy and convienient for someone else to monitor your internet traffic.
Here’s what you can do to secure yourself and your mobile device in a free public wireless hotspot.
General Web Traffic:
General web traffic is always passed unencrypted in clear text. This means that on public wireless, everything can be captured and recreated. The pages you visit, videos you watch, items you download, forms you submit and anything sent over a standard non-encrypted HTTP connection.
Think of it like someone staring over your shoulder, loking at the screen. Only they aren’t behind you. Most likely, its viewed it at a later date in another place from a saved capture.
With this in mind, be mindful of your web browsing on public wireless. Don’t do any browsing that could be considered personal and would bother you if a stranger saw it.
Passwords, and Logins:
Any login or password that’s sent over wireless in unencrypted clear text, is as good as writing it down and giving it to someone. Common examples of unprotected passwords are:
- FTP Passwords.
- Basic Authentication webpage security – a pop-up login prompt.
- Telnet Passwords.
- Any website login that’s not using SSL/HTTPS encryption.
Since a wireless capture can be saved for later viewing, it can also be saved for later, offline, password cracking. In this case, an encrypted password can be run against cracking algorithms and in time can be deciphered.
For this reason, in addition to using security / encryption, you must use proven, strong encryption like HTTPS for secure web traffic, SSH instead of Telnet, and SFTP (FTP over SSH) instead of FTP.
Webmail logins for Yahoo!, Hotmail, Gmail and others are HTTPS. This protects your password. However, once you’re in and viewing your actual mails, the connection switches back to unencrypted HTTP. So, while your login / password is protected from view, your emails are sent in a format anyone that’s within WiFi distance can read.
To secure your email, just use the iPhone / iPod Touch’s Mail app. Apple has set the defaults for Gmail, Yahoo!, AOL and .Mac to use POP/IMAP secure. As long as you haven’t modified their settings, you should be OK. Just remember port 993 and 995 are the secure port settings for readng. 465 is the secure setting for sending.
If you’re using another device – Blackberry / Android phone, follow their instructions to use IMAP Secure when setting up the email acounts.
Since webmail interfaces switch to unencrypted traffic for your actual emails, avoid them when connected to a public hotspot.
Note: If set properly, Gmail will encrypt its entire webmail session. Adjust the settings to “Always use https”.
Less considered but equally a concern is traffic coming from various iPhone Apps. It doesn’t really give you any option to use SSL and you aren’t told whether its running in SSL or not. While most iPhone apps are benign, there’s a good chance the banking and shopping apps are using SSL – but is the Amazon or eBay app securing your login only, and not your browsing? What about the Twitter apps? The Facebook apps? Foursquare and any other location tracking social networking app? I’d assume they’re securing the login but not the traffic.
If you’re using an iPhone, Android phone, Blackberry or other cellular wireless (3G) device, turn off Wifi and just use the mobile data connection. 3G data isn’t completely secure, but its less likely to be captured. If your plan allows tethering, tether your laptop or other device to the mobile datat connection.
Remember, many of these devices will automatically connect to and prefer WiFi connections when in range to save the carriers some of the traffic load. Turn off WiFi to be sure it’s not connected. As a bonus, without WiFi your battery performance will improve significantly.
Advanced, Proven Protection:
What do you do if you have an iPod Touch, WiFi only iPad or other WiFi only device? What if your mobile data connection is horrendously slow? What if you don’t have an unlimited data plan?
In this case, use the public hotspot and secure your connection through a Virtual Private Network (VPN). VPNs are highly secured tunnels created just for people to securely talk from one computer to another through the public internet.
In a VPN you won’t be directly accessing the internet, you will be directly accessing another computer or device which the accesses the internet for you. You can set up your own home based VPN to use your home connection or you can use one of the following services:
Just remember, with a free VPN service, you may have a bandwidth cap or slow speeds due to high traffic volume. The best way to get a good VPN experience, other than creating your own, is to purchase one of their paid service levels. I’d only recommend this for people who frequently use wireless hotspots and need to use a VPN often.