WEBINAR: Live Date: December 14, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Modernizing Authentication — What It Takes to Transform Secure Access REGISTER >
Unfortunately, there's more to mobile security than the data you store. If your mobile device has Wi-Fi capability and you connect to unsecured Wi-Fi hotspots for Internet access without knowing it, there are more security concerns. Even worse, mobile devices don't incorporate security features to directly combat Wi-Fi threats.
The first thing to know is most public Wi-Fi hotspots are NOT encrypted. This means anyone within range (many hundreds of feet in all directions) can eavesdrop on what you send and receive. The same applies when using a laptop on a hotspot, or your computers at home on your own wireless router if it isn't encrypted with WEP, WPA, or WPA2 security (which most are these days).
Eavesdropping on Wi-Fi connections isn't rocket science. It just takes a curious individual with few free software tools (the modern-day burglar's crowbar) and some spare time. And there is a lot of software out there that can capture in flight and display it. Some programs show just the raw data packets but others make it much quicker and easier to get to the real prize – your personal information. For example, programs such as Firesheep and SniffPass simply listen for and show login credentials to unsecured sites or services, like social networking sites and Web-based or POP3/IMAP email accounts. Scaryier programs like EffeTechHTTPSniffercan even capture and reassemble the webpages you are viewing and files you transfer.
Free Security Resources
Wi-Fi Upgrade Guide: Make an Intelligent Wi-Fi Investment
The growing need for users to be productive on their mobile devices is driving organizations to look for ways to cost-effectively build and support Wi-Fi networks that deliver the best connectivity and user experience.
Aruba Networks surveyed over 4,000 individuals to better understand the current pain points and unique requirements of Wi-Fi buyers. Based on this research, we've outlined the top 6 factors to consider when choosing the right Wi-Fi solution for your small or medium business.Download
Though eavesdroppers can capture data from your online banking transaction, for example, that data is encrypted if it's secured with SSL so what they get is just a bunch of gibberish. Most sensitive sites do this. The same goes with other services. For instance, if you check your email through the browser or a client app on the device and it's secured with SSL, you don't have to worry.
The first line of defense to combat Wi-Fi eavesdroppers is to make sure any sensitive website you login to or service you setup on the phone (like email), is secured with SSL encryption.
If a website connection is secured, its address will begin with https:// instead of just http://, and you should see a padlock or other indicator showing SSL encryption is in use somewhere on the browser screen (usually in the lower right hand corner). However, the problem is many popular sites like Facebook, Twitter and Yahoo that aren't highly sensitive still don't fully use this encryption.
If you use the device's email client rather than a website to check your email, open your account settings and make sure SSL encryption is set for both the incoming (POP3 or IMAP) and outgoing (SMTP) servers. Unfortunately, many email providers don't support encryption so this may be a problem for you.
Now, not all Wi-Fi hotspots are unsecured. Some larger hotspot networks (such as T-Mobile and iBahn) use WPA/WPA2-Enterprise security with 802.1X authentication to protect you from snoopers. When using encrypted connections like this you don't have to worry about local eavesdroppers capturing any of your data -- even if you are not using SSL encryption. Keep in mind this is NOT the case if the hotspot is secured with WEP or WPA/WPA2-Personal (PSK) as other people on the network can still capture and decode your traffic.
Use the data plan Instead of Wi-Fi
One way to mitigate Wi-Fi security issues is to limit your usage of hotspots. When out and about, away from your home or work network, use a 3G or 4G (if you can get it) cell data connection instead. Though it's slower, most cell service providers encrypt the traffic between cell towers and your device.
Use a VPN for full security
If you're really concerned about your mobile Internet security, consider using a virtual private network (VPN) on both your Wi-Fi and cell data connections. When connected to a VPN, all your Internet traffic travels through an encrypted tunnel, guarding it from local eavesdroppers. It protects your traffic and passwords not already encrypted and gives encrypted traffic 2X encryption. In addition to encryption, VPNs can also give you secure remote access to files and network resources at work or home, like remote desktop services.
Apple's iOS (iPhone, iPad, and iPod Touch) and Android are two popular mobile platforms that include native VPN support. Most other platforms include some type of VPN functionality but usually require you to have a special server in addition to a VPN server. For devices that support regular VPN connections, you can use a VPN from work if they provide one or setup your own VPN server at home using Windows or a third-party server. You can also use hosted services, such as from Witopia or try free services: MobileVPN.net or Hotspot Shield.
Encryption is key to securing your Wi-Fi traffic. Use HTTPS/SSL encryption, try to use secured hotspots, or avoid hotspots altogether by using cell provider's data plan. If your device supports VPN, consider using it.
Wi-Fi is only one of the many security concerns you should have about your mobile gadgets. Remember to also regularly backup your device and set a lock-screen or device password. For the best security, consider a mobile platform that has full device encryption, such as iOS or BlackBerry. This will protect the information stored on it from even the most determined hacker.
Eric Geier is the founder of NoWiresSecurity, which helps businesses easily protect their Wi-Fi networks with the Enterprise mode of WPA/WPA2 security by offering a hosted RADIUS/802.1X service. He is also a freelance tech writer. Eric can be reached at email@example.com.