Over the past few years, wifi networks have been popping up everywhere so that people can use their laptops to surf the internet and get work done in coffee shops, restaurants, hotel lobbies, and even truck stops.
With the explosion of internet enabled mobile devices, wifi networks are even being set up in bars and other places that want to encourage people to stay longer, driving more business. However, its very convenience presents a security risk, since wifi sniffing is on the rise. What is wifi sniffing?
In simple terms, wifi sniffing is the practice of finding a wifi network. This can be done legally using common software, and in fact many people practice wifi sniffing to find a hotspot in order to decide where to go.
You might even remember that Google’s Street View team “accidentally” practiced wifi sniffing during its picture captures. However, wifi sniffing can also refer to locating a network and eavesdropping on the traffic over the network, usually with the intent of committing a crime like identity theft.
Using a combination of software and equipment, identity thieves will search for poorly controlled wifi networks from moving vehicles, which is called wardriving. Once a wifi network is located, these criminals engage in wifi packet sniffing, monitoring and identifying the bundles of data being carried over the network. Readily available tools like the wifi sniffer Kismet can be used for this, even though they also have a legitimate use.
Are You at Risk for Wifi Sniffing?
Should you be worried? If you ever use wifi, whether from your laptop or other mobile device, you should be aware of the risks of using a wifi network, which include becoming a victim of wifi sniffing. In my opinion, incautious wifi use is the equivalent of allowing someone to stand over your shoulder at an ATM to find out your PIN code and account balance.
Using an unsecure wifi connection to visit unsecure sites can invite trouble into your life in the form of identity theft. Criminals without much experience can use a wireless packet sniffer to find out what sites you are visiting, the log in information you are sharing, and the data you are viewing. They can then use this information to hack your accounts and your identity. Many areas of your network traffic can put you at risk:
- Most banks allow you to access FAQs and bank hours without logging in to their site, but visiting the bank site in the first place is a good indication of where your accounts are located.
- Visiting a common site like Facebook or Twitter might seem harmless, but your user name and log in can be captured easily since neither of these services default to secure log ins.
- Simply being prompted to log in to an otherwise secure site can give identity thieves your user name, even if you don’t log in; these prompts are usually not encrypted and are easy targets for wifi abusing criminals.
You might think that a busy wifi network would mask your activities since there are multiple people logged in at once, but this is not the case. Each computer on the network is identifiable by a unique IP address, and with a wireless packet sniffer, identity thieves can connect web activity to an individual machine and piece together the keys to your identity, potentially costing you thousands of dollars and hundreds of hours of your time.
How to Avoid Becoming a Wifi Sniffing Victim
The only way to completely erase the risk of identity theft over wifi is to avoid using wifi altogether. This is not always practical, especially if your home internet service is wifi based. If it is, make sure that you have set up a virtual private network and do not allow the name or log in information for your network to remain factory defaults or anything common or easy to guess. Make sure that you also password protect the network.
For using wifi in public hotspots, here are a few more tips to protect yourself:
- Don’t assume a personal firewall will protect you, since once information leaves your computer, it is outside of the firewall you have in place.
- Even if you don’t purchase a private wifi connection, you can set up private wifi on a public network using services like Hotspot Shield.
- Ask the wifi provider if the network is encrypted with Wi-Fi Protected Access, or WPA, a wifi specific form of encryption.
- Always use the “https://” address when visiting a site; this will introduce an encrypted site, which is one more layer identity thieves will need to unravel to get to you, and might prompt them to pick an easier target.
Wireless connections can never be completely secured, because the traffic is travelling through the air just like radio waves. Now that you know the answer to “what is wifi sniffing?”, by taking a few simple steps to protect yourself, you can reduce your risk of becoming an identity theft victim through wifi use.