PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name, “Perspectives From The Campus Series”, we invite experts – immersed in the pursuit of educating their students – to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the latest installment of this series, David Dungan, who serves as the Executive Director at the Center for Security Services and Cyber Defense at Anderson University, discusses the importance of protecting yourself when using public Wi-Fi.

By David Dungan

When accessing public Wi-Fi, there are two main cybersecurity issues you should stay aware of: fake access points and packet sniffers.

A fake access point, also referred to as a “pineapple”, is a Wi-Fi network -- disguised as a public access point -- which is controlled by a malicious actor who may be trying to steal your information. Let's say you are sitting in a Starbucks, and you see an open Wi-Fi network called “Starbucks_Official” that offers full bars of connection. What you may not have noticed is that farther down on the list of networks is another Wi-Fi network called “Starbucks”. The fact is, the “Starbucks_Official” access point is not legitimate and it’s coming from a device that’s been designed to let you access the internet while, at the same time, snooping on all the information you access through it.

Often times, it’s not unusual for threat actors to make it appear as though their fake networks are stronger and, as a result, more convincing than the network they are trying to impersonate to encourage more people to click on them.

Another threat to be aware of are “packet sniffers” who maliciously use legitimate tools, such as  Wireshark, Firebug or Fiddler, that are designed to receive all the information going through a Wi-Fi network. While it can’t see encrypted information like a pineapple may be able to, you might be surprised by just how much of the information you send and receive online is unencrypted.

According to the National Security Agency (NSA), the two most important things you can do when using public wi-fi and to stay safe from packet sniffing is to use a personal or corporate-owned VPN (virtual private network) and to visit websites that you connect with that includes https:// in the address bar and not just http://.

If you don’t have a device of your own, most libraries have public computers for anyone to use. While using their devices are a useful resource for accessing the Internet, it’s important to stay safe when using them. Public devices allow almost anyone to have uninterrupted access to them making them susceptible to tampering. It's important to be aware that devices and programs can be used to log keystrokes and steal data from public devices. These tools can be hard even for professionals to detect, so the best practice is to act as though they do exist and determine what risks you are willing to take based on that information.

Also, any time you use a public device, it’s a good idea to imagine that someone is looking over your shoulder and seeing everything that you are doing. This means that you should avoid putting any kind of personal password into these devices, so as to avoid making any searches that could raise any flags and avoid accessing online banking and shopping portals. The Cybersecurity Infrastructure and Security Agency (CISA) also offers a great tip card on staying safe when using public Wi-Fi

Remember, any time you are using public resources to access the Internet, it’s OK to ask yourself as to what information you might be revealing to other people and how much of a risk you are willing to take with sharing that information. Stay safe out there!