Free WiFi at your event: a BAD idea! by @djstomp

Wireless internet connection at events has increasingly become a primary need for participants – due to preventing roaming costs or poor 3G data network coverage. So when people see an open WiFi hotspot, they connect to it without realizing the possible dangers.

Let’s have a look at the potential risks of connecting to an open WiFi network. From the participants and organizer point of view.

Yeah right, what’s the point?

WiFi is nothing more than a data transmission system. Free and open WiFi is accessible to anyone, and yes, that means ANYONE. In theory all data transmitted through WiFi network can easily be intercepted by any computer user. And yes again, that means ANY user.

Uhm I can see a privacy issue coming …

Correct! Keep in mind that the data you transmit through an open WiFi connection and network is most likely readable by others. It’s not secure ….. You’d better be aware that all critical services that requires authentication by password are a potential risk if they’re not running over a secured connection like SSL.

What do you mean by that?

Ok, a little bit of tech talk here: data is sent over the internet in packages. Information, for example e-mail messages or login information, is constructed from several packages together. If you want to log in at your e-mail account over a non-secured connection, the data is transmitted in human readable format. So everyone who get’s the package on his computer is able to display that information and now possess your login credentials. With SSL, the packages of information are encrypted. If someone intercepts the information, they can’t do anything with it. Intercepting data is not an easy task to do, but you want to avoid the people who put effort in managing it…

I’m with you. Now what should I do?

As a visitor you should keep these things in mind:

• don’t dive into every free hotspot you encounter, there are people waiting for your credentials
• when you see a free hotspot, check the source of the hotspot. You can see if the WiFi source is a laptop, tablet or phone. Those can be suspicious, especially when they’re called “Free WiFi” or “Free hotspot”.
• certify yourself that you’ve the right WiFi network. Currently “Evil Twin” networks are becoming increasingly popular at large events or venues for phishing attacks. Imagine you think you’re dealing with an AT&T network and you’re asked for credit card payment ….
• if you have access to a VPN (virtual private network), connect to it when you are connected to an open WiFi network.
• avoid sending files with sensitive information over an open network. If you have to password protect them or use encryption.
• check your webmail via SSL connection. Be sure to see https appear in the URL field.
• by checking your e-mail via your e-mail client, your username and password is sent over the WiFi network. Be sure you use SSL for both incoming and outgoing messages.
• you’d better avoid internet banking or doing some Amazon payments over a WiFi connection, as there’s the risk of transferring personal and financial information.
• always keep your firewall and (security) software up to date, and turn of file and printer sharing.
• password protect your computer.

As an organizer:

• deploy a secure WiFi network, get an expert to help you.
• communicate the right network name and credentials to your visitors.
• monitor suspicious WiFi network activity and act upon on it.

Data connection is becoming a primary need. And thus very interesting for people that have malicious intents. By providing a properly secured WiFi access to your visitors, you’ll serve them a lot. But be aware and be prepared!