This blog was written by Bruce Snell.
I was in New York City last June and had a morning free to do a little bit of walking around. That’s when I happened across one of the new LinkNYC hubs. Of course I had to stop and check it out. There was a relatively quick sign up process and I was able to get great speeds in the middle of Manhattan.
Naturally I started thinking about the security ramifications of the service. One problem with Wi-Fi networks is how easy they are to spoof. Spoofing is the process of setting up a Wi-Fi network with the same name (SSID) as a trusted network. In order to make it easy on users, our devices automatically join a network they have connected to in the past. If they didn’t, you’d have to rejoin your home network every time you get back from work. Cybercriminals take advantage of this by creating Wi-Fi networks with common names and wait for devices to automatically connect. At this point, all the traffic can be seen by the cybercriminal as it goes from your device to the Internet. This is often referred to as a “man in the middle” (MITM) attack. LinkNYC has taken steps to tackle spoofing by offering 2 networks, a free and a private network. The private network provides a certificate you can install on your phone which helps verify that the LinkNYC you are connecting to is a legitimate network. It’s great to see a company going an extra step in providing security for their users.
The New York Times recently published an article about the reaction of New Yorkers to the new services. There was a mix of concern and skepticism to this service, but overall people seem to be taking advantage of the connectivity. If this project succeeds, we could see more cities moving to implement free Wi-Fi networks in high population areas. Networks such as these could help people save on their mobile data plan and extend battery life (your cellular connections tend to use more power than Wi-Fi). It could also be a boon for tourists from other countries who would like to stay connected on their vacation without racking up expensive overseas data charges.
However (you knew there would be a “however”), there are some precautions people need to take when accessing free Wi-Fi.
- Be suspicious – If you see your device is connected to Wi-Fi when you didn’t expect it to be, take a look at the network you are connected to. Some mobile carriers have Wi-Fi hotspots in popular areas, but it could also be someone spoofing a popular coffee shop network. If you don’t recognize the network you are on, disconnect from it immediately.
- Limit your activity – When connecting to a free Wi-Fi network, it’s a good idea to limit your financial transactions and shopping. While most banks offer enhanced security for their mobile apps, the safe bet is to limit any such connect to a time when you are on a trusted network at home or at work.
- Use comprehensive security software – If you are connected to a spoofed network, a cybercriminal could easily inject malicious content into your browsing and infect your system. With mobile and Mac OS malware on the rise, it’s extremely important to run at least anti-virus on your devices. If your connecting on your laptop, having a good firewall adds an additional level of security.
It’s great to see more companies like LinkNYC taking steps to help us stay more connected. With a little bit of attention to security, you can feel safe while taking advantage of increased connectivity.
Stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.