Go to top of page

Free wi-fi hotspots are a data risk: SSO Alert Priority Moderate

14 March 2014

Subscribers should be cautious about using free wireless hotspots. In particular, you should avoid sending sensitive or personal information over these untrusted networks.

In Europe recently, the head of the Europol (European law enforcement agency) Cybercrime Centre has warned the public about the growing risk of using free wi-fi hotspots. On unsecured wi-fi, the data you send can easily be intercepted. In Australia, just like Europe, the number of wi-fi hotspots is flourishing.

Free wi-fi hotspots can be found in coffee shops and public establishments, offering convenient internet access over a wireless connection. You can connect to these hotspots using devices such as mobile phones or laptops with wireless capabilities. However, it is important to be aware that most of these hotspots are unsecured, meaning that all the information you send across them is vulnerable.

Europol’s Troels Oerting warned that criminals are using hotspots to steal data such as usernames, passwords and banking details. He warns that the number of attacks is increasing and there are some examples of criminals actually creating a free hotspot exclusively for the purpose of and accessing the data of connected users.

Free hotspots can be a valuable service if you are confident the information you are sending over them is not sensitive, such as browsing the internet, but you are advised to be cautious.

Do not use free wi-fi to send any sensitive information. This includes logon information to websites, online services, banking, shopping and email. For these activities you should only use trusted wireless connections that have good security controls including data encryption and password access restrictions (such as you should have at home or work).

Connecting to hotspots

Most computers and phones will automatically detect nearby wireless connections, but they will ask you if you would like to join the network before making the connection. You can simply reject these networks.

Some operating systems may attempt to automatically connect. You should change this option in your wireless networking settings.

Some mobile phones may also try to automatically connect to available wireless networks. You can stop this by either turning the wi-fi off or by setting your phone to ask for permission whenever it is trying to connect to a wireless network.

On an iPhone, wi-fi can be turned off in Settings > wi-fi. Here you will also find the option 'Ask to Join Networks' which you should ensure is switched on.

For Android and other mobile devices, wi-fi settings will vary, but options will be found in Settings > Connections, or similar.

The simplest solution is to just switch your wi-fi off whenever you are in public, turning it back on only to connect to a secure wireless network you trust.

More information

The comments from Europol cybercrime centre head Troels Oerting can be found on the BBC News technology website.

Stay Smart Online’s website has good information on staying safe when using public wireless networks.

To stay safe online it is important to keep your computers’ and devices’ software updated by setting automatic updates on your operating system software, using and updating security software and installing and using a firewall.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.

Feedback

Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.

Disclaimer

This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

CONTACT US

Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web:  www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved