If your smart phone, Android tablet, or iPad has become a part of your daily business or computing life, you should take its security just as serious as you do with your desktop or laptop computers since mobile devices are so much easier to misplace or become stolen.
You could lose all your contacts, calendar info, documents, and other info you store on your mobile gadget. Strangers could possibly access your email account, social network sites, or view your documents.
Unfortunately, there’s more to mobile security than data. If your mobile device has Wi-Fi capability and you connect to unsecured Wi-Fi hotspots for Internet access, there are more security concerns. Even worse, mobile devices don’t particularly include security features to directly combat Wi-Fi threats.
Mobile Wi-Fi security threats
Most Wi-Fi hotspots aren’t encrypted, thus anyone within range can eavesdrop on the data you send and receive from the Internet and your mobile device. The same applies when using a laptop on a hotspot, or your computers at home on your own wireless router if it isn’t encrypted with WEP, WPA, or WPA2 security.
Eavesdropping on Wi-Fi connections isn’t rocket science. It just takes a curious individual with free tools and some spare time. There are many software programs out there that can capture and display your data that’s being transmitting through the air waves.
Some programs show just the raw data packets but some make it much quicker and easier to get to the real prize. For example, some programs such as Firesheep and SniffPass simply listen for and show login credentials to unsecured sites or services, like social networking sites and Web-based or POP3/IMAP email accounts. Some programs such as EffeTechHTTPSniffercan even capture and reassemble the webpages you are viewing and files you transfer.
Though eavesdroppers can capture data packets of your online banking and sensitive transactions when using Wi-Fi, the data is encrypted if it’s secured with SSL (like most sensitive sites are). The eavesdropper just sees a bunch of gibberish. The same goes with other services. For instance, if you check your email through the browser or a client app on the device and it’s secured with SSL, you don’t have to worry.
Combating mobile Wi-Fi security threats
The first line of defense to combat Wi-Fi eavesdroppers is to make sure any sensitive website you login to or service you setup on the phone (like email), is secured with SSL encryption.
If a website connection is secured, the address will begin with https instead of http, and you usually should see a pad lock or other indicator showing SSL encryption is in use. However, the problem is that many popular sites that aren’t highly sensitive still don’t fully use this encryption, such as Facebook, Twitter, Yahoo, and many others.
If you use the device’s email client rather than a website to check your email, open the account settings and ensure SSL encryption is set for both the incoming (POP3 or IMAP) and outgoing (SMTP) servers. Unfortunately, many email providers don’t support encryption.
Remember, not all Wi-Fi hotspots are left unsecured, either. Some larger hotspot networks (such as T-Mobile and iBahn) use WPA/WPA2-enterprise security with 802.1X authentication to secure your wireless connections from eavesdroppers. When using encrypted connections like this you don’t have to worry about local eavesdroppers capturing any of your data, even if you are not using SSL encryption.
Keep in mind: This isn’t the case if the hotspot is secured with WEP or WPA/WPA2-Personal (PSK) as other users on the network can still capture and decode your traffic.
One way to mitigate Wi-Fi security issues is to limit your usage of hotspots completely. When out and about, away from your home or work network, use the cellular data connection instead. Though it’s slower, most cell service providers encrypt the data traffic traveling to and from cell towers and your device. This greatly reduces the chances of an eavesdropper from capturing your traffic and intercepting passwords and sensitive data not already encrypted — and giving encrypted traffic double encryption.
Use a VPN for full security
If you’re really concerned about your mobile Internet security, consider using a Virtual Private Network (VPN) on both your Wi-Fi and cell data connections. When connected to a VPN, all your Internet traffic travels through an encrypted tunnel, guarding it from local eavesdroppers. It protects your traffic and passwords not already encrypted and also gives encrypted traffic double encryption. In addition to encryption purposes, VPNs can also give you secure remote access to files and network resources at work or home.
iOS — iPhone, iPad, and iPod Touch — and Android are two popular mobile platforms that include native VPN support. Most other platforms include some type of VPN functionality but usually require you to have a special server in addition to a VPN server.
For devices that support regular VPN connections, you can use a VPN from work if they provide one or setup your own VPN server at home using Windows or a third-party server. You can also use hosted services, such as from Witopia or try free services: Free Shield VPN or Hotspot Shield.
Remember, encryption is the key to securing your Wi-Fi traffic. Use HTTPS/SSL encryption, try to use secured hotspots, or avoid hotspots altogether by using the data plan. If your device supports VPNs consider using it.
Wi-Fi is only one of the many security concerns you should have about your mobile gadgets. Remember to also regularly backup your device and set a lock-screen or device password. For the best security, consider a mobile platform that has full device encryption, such as iOS or BlackBerry. This will protect the information stored on it from even the most determined hacker.
Eric Geier is the founder of NoWiresSecurity, which helps businesses easily protect their Wi-Fi networks with the Enterprise mode of WPA/WPA2 security. He is also a freelance tech writer. Become a Twitter follower or use the RSS feed to keep up with his writings.
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.