Hotspots are available in public places such as airports, hospitals, cafes, resorts, libraries, and so on. And, connecting to them can be convenient most of the time but they can also be unpleasant when it comes to hotspot security threats.
Public wifi networks are unsafe and leave your personal data vulnerable. You can start protecting yourself by getting a PureVPN.
What is a Hotspot?
Hotspots are access points generally enabled by one device to connect other devices and give them access to the internet. By accessing a hotspot, you can connect your laptop, smartphone or any other device with wireless connectivity to the internet.
Hotspots can be open, password protected, free or paid. However, connecting to an open public hotspot is not always a wise decision as they accompany certain security threats. Thus, we do not recommend our readers to connect to any open public hotspot without taking a few necessary precautions.
What Is The Difference Between WiFi and Mobile Hotspot?
Before discussing the hotspot security concerns and the measures that can be taken to avoid them. Let us explore the types of hotspot technology.
This type of hotspot refers to the internet access points that could be created using devices that are mobile and can be carried from one place to another. Mobile hotspots can be further classified into two categories: personal hotspots and portable hotspots.
With the advancement in technology, every cellular device has become a hotspot host. At first, hotspot devices could only be located at public places. Now, every individual carries a device that can turn into a hotspot access point. This is often referred to as a personal hotspot.
Using your smartphone (Android or iOS), tablet or an iPad, you can share your internet connection with other devices in the vicinity by creating a hotspot. – Allowing other devices to connect via Wi-Fi network. This hotspot can also be password protected – limiting it from any unwanted access.
With respect to hotspot security, personal hotspots encompass tier 2 security. Despite the fact that these hotspots are created on personal devices, host device could be infected with malware. This can compromise the security of hotspot network and put connected devices at risk.
As discussed before, technological advancements have enabled smartphones to become hotspot hosts; however, there is a limit to which smartphones can be used as hotspots.
First, to become a hotspot access point, you need to know if your cellular network allows tethering – allowing your device to share its data network.
Second, sharing the data with multiple devices connected to your smartphone can quickly drain your battery. Third, it is better to be safe than sorry; one must not casually allow others to share data using a personal device.
To address the discrepancies above, we have a solution called portable hotspot devices. These are mini devices that serve as hotspot on-the-go, offering a wide range of data plans. They also double as a dedicated hotspot to multiple devices. AT&T Velocity, Verizon Jetpack, Karma Go and MCD-4800 are one of the few examples of portable hotspots.
Portable hotspots can be classified as tier 1 in terms of hotspot security. Upon suspicion of network security being compromised, a user can either opt password reset or flash the device with hard reset.
Since these are dedicated hotspot devices backed by the support of telecom giants, chances of a hacker penetrating into their security are quite thin. Thus, if you are a frequent traveler and a security enthusiast, then a mobile hotspot device is a must-have.
In contrast to mobile hotspots that use cellular data to enable data sharing, WiFi hotspots allow people to get internet access via Wi-Fi technology. Using a router connecting to an ISP, a Wi-Fi hotspot cannot be mobile. A Wi-Fi hotspot can either be open or closed as per the host’s preferences.
Open Public WiFi
A WiFi router connected with an ISP that has intentionally or unintentionally turned off its authentication requirements could be called open public Wi-Fi. Any device within the range of that router can share its internet access without any limitation. The host of an open public WiFi often has no control over bandwidth allocation or cap over its usage. Open public WiFi hotspots are usually free, though, risky to connect to.
In terms of hotspot security, open public Wi-Fi networks are least secure in comparison with other substitutes. Lack of authorization at the time of establishing the connection is what makes these networks least secure. Anyone can connect to the network and infect its security. Since worms can infect devices via nodes, security of any device connected to the network is compromised.
Further, devices opting to connect to an open public Wi-Fi network are more susceptible to be connected to a fake network. There are multiple ways through which security of such hotspot networks can be exploited by hackers. Thus, we do not recommend connecting to such networks.
Closed Public WiFi
Unlike open public WiFi hotspot, closed public hotspots usually involve some management and control. Closed public hotspots have authorization access enabled. Hence, only users with credentials or privileges can access the network. The closed public WiFi hotspot hosts often manage bandwidth allocation, usage, upload and download limit or users along with access control – allowing only specific external devices to the Internet. Such access points are usually paid, but, sometimes free.
In comparison with open public Wi-Fi hotspots, closed public Wi-Fi hotspots are more steadfast in terms of hotspot security. These networks are closely administered and require authentication at the time of connection. These hotspots are likely secure from man-in-the-middle attacks. Moreover, due to authentication, chances for a user to connect to a fake network are quite slim.
What Are Hotspot 2.0 (HS 2.0) Networks?
Powered by 802.11u protocols, hotspot 2.0 enables roaming, grants access to enhanced bandwidth speed and facilitates service on demand. The 802.11u protocols allow a device to automatically connect to the closest network in the vicinity when in range. From the process of network detection to registration and requesting access, everything is automated in hotspot 2.0. This minimizes the hassle of manually connecting to a network each time.
The credentials used for authentication are used for all hotspots – allowing users to connect instantly. Further, the protocols also enhance the security of the connected device. Leading operating systems like iOS, Android, macOS and Windows 10 support hotspot 2.0. All you need to do is go to WiFi settings and enable hotspot 2.0. Usually, hotspots 2.0 are available in places like airports, hotels, resorts, and cafes.
Whenever you visit aforesaid public places, hotspot 2.0 will automatically detect the real network and connect your device to it. You do not need to manually connect your device or repeat the authentication process if required. Further, if you are using service of a particular internet provider and your ISP offers you unlimited access to its public hotspots. Hotspot 2.0 would enable your device to connect to the public hotspot of your ISP automatically when you are in reach.
What Are The Main Threats To Hotspot Security?
Connecting to an open Wi-Fi hotspot is never secure without necessary precautions. Though there are many security threats out there, let us explore a few significant ones.
Fake Networks – Rogue APs
As the name says itself, fake networks, also known as evil twin hotspots are rogue access points that can infect your device once connected. This network can infect any device that has a tethering ability, be it a smartphone or a laptop. Copying the same name along with similar security credentials, these fake hotspots are created to hack into the targeted devices when connected.
Another trick hackers use to increase the possibility for a device to connect to a fake network rather the original one is by making the fake network available in the proximity of the device. By default, the device catches the stronger signal or the one that is physically closer and gets connected to the fake network.
Further, the hackers can also take the original network out of the equation with a simple denial of service attack – leaving insecure devices no other choice but to connect to a fake and malicious network.
Wi-Fi Pineapple was never meant to be used for exploiting devices. The core purpose of creating the device was to pen test system vulnerabilities and find out loopholes in network or hotspot security. It was mainly used by ethical hackers to execute network penetration tests.
These penetration tests were ethical since the system proprietor was aware and had given his consent for them. In short, the access was authorized. The method gained popularity because it minimized the complexities for performing network penetration tests which required specialized software and OS. Nevertheless, the usage of this method is not confined to ethical hacking only.
If you have forgotten to turn off WiFi on your device, the Pineapple will intercept your device’s signal – connecting it instantly to a honeypot hotspot. It then initiates man-in-the-middle attack (explained later) by exploiting network SSID that is recognized by your device. Even though Wi-Fi Pineapple is connected to the network, the internet connection is not disrupted. Albeit the security of the network is sabotaged, a user has no idea of what is happening.
Man In The Middle Attack
As the name clearly states, man-in-the-middle attack refers to an unauthorized network interception. It happens when a hacker has successfully intercepted your network signal and has now access to the information you share or receive. Think of it as someone who is overhearing everything you are saying. What you speak, he listens. What you write, he reads. Such attacks are usually backed by the motives of unauthorized access to information and identity theft. The hacker now has access to your messages, emails, and information you send over the internet.
The hacker will also gain access to your credit card information and bank details if you intend to do online shopping while your connection is compromised. Further, they can even access the information that you have saved during previous transactions. Even though the websites you visit are Hyper Text Transfer Protocol Secure, the hacker can quickly get around the encryption by either routing you to the fake version of a real site or use a couple of tricks up his sleeve to remove that HTTPS encryption altogether.
Cookie side-jacking is another form of a man-in-the-middle attack and is also known as session hijacking. During this hacking attempt, the hacker gets access to a victim’s online account(s). Whenever you log in to your account, be it a social media account, online banking or any website requiring sign-in credentials, the system identifies your credentials and the server grants you requested access.
Something called a session cookie facilitates this process. This cookie is stored into your device as long as you are logged in. The moment you sign out, the server nullifies session token – requiring you to re-enter credentials the next time you sign in. Cookie side-jacking refers to the situation where a hacker steals your session token and uses it to grant himself unauthorized access to your accounts.
Worms – Hotspot
A worm is a malicious computer program that infects vulnerable networks to spread into the connected devices. The core objective of this malicious program is to replicate; thus, the moment it infects a device, it starts spreading. It usually targets devices with security vulnerabilities or loopholes and can spread through nodes.
Hence, it is safe to assume that worms can infect a device is connected to a compromised hotspot. Worms not only lower your device’s performance but, also make them susceptible to hacking attempts.
How To Secure Any Internet Hotspot
It is better to be safe than sorry. With thorough research and a lot of effort, we have compiled a list of ways you can secure any hotspot as the following tips serve as a vanguard to your device safety.
There are times you might have noticed different hotspot networks in a vicinity with similar names. Where one of them would be genuine, others may not. Most of the times people do not inquire and connect right away to the hotspot with the strongest signal. As discussed before, hackers might trick you – making their network’s signals stronger. Don’t fall into this trap. Inquire, choose wisely and connect to the right hotspot.
Secure Network > Open Network
It is always better and wise to connect to a secure network rather an open hotspot. These secure networks have lock icons in front of them – requiring you to enter the credentials to access the internet. If you are in a café, a hotel, a hospital or a resort, you can ask for the credentials from the front desk. Upon connection attempt, these hotspots would either inquire about the credentials right away or route you to a website where you can enter provided details to log in to the secure network.
Do Not Enable Your Devices to Connect Automatically
It is not wise to let your device automatically connect to any public hotspot available. You can enable your device to ask you before connecting to an open network. Devices that automatically connect to the strongest signals in the vicinity can easily fall victim to fake networks and hacking attempt. Thus, we strongly recommend you to turn off that feature on your device.
Bring Your Own Hotspot
This tip applies to a group rather an individual. If you are a group of friends, colleagues or classmates – seeking an open hotspot in a public space, we recommend you become one. Modern technology has enabled devices to act as hotspots and share the bandwidth.
Further, you can carry portable hotspots and become a secure shared network. This method might have its flaws such as limited speed or bandwidth usage, but, it is definitely the most secure one of them all.
Paid Hotspot Subscriptions
There are many services out there that give you access to their extensive network of hotspots in exchange of slight amount called a subscription fees. These are paid hotspot networks that might not be as satisfying to connect as the ones that offer access for free but are more secure. And since they are paid, you can expect more speed and bandwidth as compared to a free hotspot.
Encrypt your Data with a VPN
A VPN works as your vanguard against compromised hotspots and hackers. A VPN offer you end-to-end encryption – making your information invulnerable to unauthorized access. It creates a virtual tunnel between your device and the hotspot, the data traveling through this tunnel is encrypted and thus secure even if the connection is compromised.
Do Not Enter Personal Information
While being connected to an open public hotspot, refrain from doing financial transactions, accessing social media accounts, opening emails or accessing any other form of personal information. Even though your device is secure, does not mean the hotspot network is protected too. The network you had accessed through your device can be compromised, and you might accidentally share critical information to the unwanted eyes.
Do Not Give Away Your Passwords
While accessing an open public hotspot refrain from using websites that require you to sign-in or use any kind of credentials such as passwords.
Do not leave sharing enabled on your device. If you do not have your sharing option disabled and by chance, you are connected to a fake network, you are giving hackers access to critical information on a silver platter. So, we strongly recommend you to disable the sharing feature on your device.
Visit Websites with HTTPS and SSL Protocols
When connected to a Wi-Fi hotspot, we strongly recommend you to visit websites using HTTPS and SSL. When you visit any site, there is a flow of information between your device and the server. HTTPS and SSL protocols encrypt the data sent and received by your device. So even if the hackers can intercept the connection, they will not be able to make sense of the encrypted information, and your data would be secure.
Carry a Portable Hotspot
As discussed earlier, there are many kinds of portable hotspot devices available. Most of the leading carriers have now come up with a mobile hotspot device of their own. So, if you don’t mind spending a few bucks, we recommend you to carry your personal portable hotspot as it is the most secure option.
Keep your Device Up-to-Date
Updating devices and operating systems can be tedious but necessary. Latest app patches or operating system updates often fix security loopholes and glitches you never knew existed in your device. These loopholes make your device susceptible and more prone hacking attempts. Thus, we strongly recommend keeping your device up-to-date.
Do Not Disable Firewall
Turning on the firewall is our least preferred option as compared to a VPN, but, it sure adds some value to your device security. Allowing or prohibiting unwanted programs, you can control applications, and websites access on your device via a firewall.
Can Mobile Hotspot be traced?
Mobile hotspots can either be personal hotspots are portable hotspots. Personal hotspots are created and hosted by individuals themselves, whereas, portable hotspots encompass carrier devices. A personal hotspot, created by user on his smart device, is traceable if security of the device hosting the network already compromised.
Hotspot security of the host device can also be breached by hackers if it offers open access. Enabling password protection on a personal hotspot is an excellent way around to avoid this debacle and ensure hotspot security.
Portable hotspots on the other hand are carrier devices that allow you to access personal hotspots on-the-go. Hotspot security of these devices is steady as compared to mobile hotspots, because, portable hotspot devices are administered by telecom giants.
Traceability of such devices is almost impossible unless someone has physically created a backdoor on the device itself or infiltrated its hotspot security via Wi-Fi pineapple.
Can my Internet provider see what I am doing?
Unless you have shared your screen with your ISP or given them an access to your system, your internet service provider cannot see what you are doing. Nevertheless, almost all internet service providers maintain the logs of their users. They may not technically see what you are doing, but, they are aware of your online actions and activities.
A possible solution to ensure your online privacy is a VPN. A VPN allows you to mask your IP and hide your identity online. Unlike your internet service provider that stores logs of your every online activity, a VPN keeps a fraction of anonymous usage statistics. Further, a VPN routes your traffic through different servers – making it hard for internet providers to track your online activity.