We all have the need at one point or the other to connect to hotspots at public places like airports, restaurants, hotels, etc., the risks are increasing by the day. We have too often heard it said: “Public Wi-Fi Hotspots can be a hacker's paradise.” The truth of the matter is that Wi-Fi is insecure to connect to without adequate security safeguards. The Wi-Fi threat vectors have multiplied while users are increasingly demanding more connections and bandwidth. The convergence of user needs and insecure connections through hotspots carries significant risks. What then are the best ways to connect safely while in public places?
To begin with we need to answer another pertinent question to flush out the fundamental issue by asking “How do users connect outside your business office or house? Most user connections are through public hotspots. Some connect with their smartphone’s 4/5G service which are more reliable and perhaps more secure than shared public services i.e. hotel or coffee shop wireless. Also connecting with smartphone 4/5G service does not translate to more security. This is because enabling the mobile hotspot feature on a user’s phone doesn’t necessarily make it a more secure option especially in the case whether due to technical knowledge or any other reason a user is using the default settings for his/her mobile hotspot, it’s very likely this isn’t the case. With this comes the usual risks of an attacker having unauthorized access.
For best practices, users should follow the guides and basic security tips to ensure safe surfing and minimize the risk of identity-theft or data-loss:
- Chose the Correct Network
- Pick a Secure Network
- Ask to Connect
- Subscribe to Hotspots
- Use Hotspot 2.0
- Be Your Own Hotspot
- Use a VPN
- Avoid Personal Data in Hotspots
- Avoid Using Your Passwords
- Disable Sharing
- Use HTTPS and SSL
- Take Your Hotspot with You
- Keep Your OS and Apps Updated
- Maybe Use That Firewall
While following the tips listed above will make your mobile hotspot more secure, let’s examine some of the most important mobile hotspot security issues that users should implement:
A. Changing Default Hotspot Settings
Except for WPA2 Security users should change most of the default settings of their mobile hotspot. Since the passcodes that come with them are well-known for the different services, changing the default passcode is an essential basic security step to avoid falling victim to a host of security hacks including dictionary attacks on passcodes.
B. Adopting Unique Service Set Identifications (SSIDs)
SSID is the name you are going to give your hotspot so that other devices such as wireless routers in the vicinity can identify it. For example, when you go through the dropdown menu of available connections to pick a wireless network, all the visible wireless network names are their SSIDs. It is important to note that most hotspots come with default names such as “AT&T Mobile Hotspot.” So, it is best to avoid using the default names or even custom ones such as “Doe’s iPhone” for your SSID, since the default names gives an attacker an idea of the service and/or model device being used, which in turn allows them to target based on the default settings for these devices. Thus, when with a non-default name, attackers will have a more difficult time profiling your hotspot.
C. Enabling High-level Encryption (WPA2) Security
In general, there are options to change the security encryption settings in most hotspots. Typically, these ranges from options such as Open, which is no encryption or passcode needed, to WPA2 PSK or the newest, which is the latest standard and most likely uses the current highest level of encryption. Currently, the best option to use when setting up a hotspot is the WPA2. All smartphones or connection devices that provide hotspot functionality come with this as an option. Although the earlier version WPA even though it’s not as secure as WPA2, is still very secure when combined with a complex enough passcode (which is covered next). Not recommended for use are (i) WEP encryption which should be completely avoided since anyone with $30 and access to Google can gain step-by-step instructions on how to crack the passcode within about 5 minutes; and (ii) if the hotspot supports the option to use WPS, it’s best that this is disabled as well, as there is a known vulnerability that can allow an attacker to obtain the WPA passcode by bruteforcing the WPS PIN.
D. Using Difficult to Guess Complex Passwords
Having a complex password is not only a necessary first step but is one of the most important aspects to securing a mobile hotspot. It is patently false and therefore a myth that since a user’s hotspot is only on when access is required, therefore, it is not likely that an attacker will guess your passcode in the allotted time frame. Given how WPA works, sniffing and capturing a packet is easy as an attacker only needs enough time to capture the handshake, then can attempt to crack the password offline. There are many different good (and bad) methods to coming up with complex passwords. In the end, the goal is to make a user’s passcodes complex enough that an attacker cannot reasonably crack it in the allotted time, and even if they wanted to crack it offline, the cracked passcode would be useless because it will change the next time it is used. A simple rule is to use at least 3 of the following types of characters: (a) uppercase letters, (b) lowercase letters, (c) numbers, and/or (d) special characters.
E. Adjusting the Inactive Timeout period and Turning Off Hotspot When Not in Use
By turning off your hotspot you lower the chance a potential attacker might have to attempt hijacking access to your hotspot as well. Adjusting the setting on inactivity timeout to the lowest possible option provides added security. Most hotspots come with an inactivity timeout option, which will automatically shut it off after X minutes of inactivity.