Wi-Fi Can Be Dangerous: Three Ways To Avoid Getting Hacked

Fast Company last week brought home the issue of online privacy with a chilling piece on in-flight eavesdropping. It turns out that USA Today’s Steven Petrow, while working on a story on the Apple-FBI battle over iPhone access, “had been hacked mid-flight” over an American Airlines Wi-Fi system. A man seated behind him had read his emails as well as those of other passengers on the flight.

The article doesn’t go into detail on how the man hacked into American’s Gogo Wi-Fi, but it’s not hard to guess what might have happened. More importantly, this incident is yet another wake-up call for being aware of this type of spying and to do something about it.

My guess is that what took place is commonly referred to as “packet sniffing.” Packet sniffers are software that can intercept “packets” of data sent over a digital network. They are vital tools for network security analysts, but with a bit of knowledge and the proper tools (many of them open source) it’s relatively easy to spy on unencrypted data sent over Wi-Fi and peak at what someone is looking at online. This can happen on a plane, in a coffee house, anywhere where someone has access to a Wi-Fi network.

In fact, with some of these same tools, hackers can sneak onto a wired Internet connection, as well.

So how do you reduce the chances of what happened to Petrow from happening to you?

No tool will give you 100% protection. The only way to get that is don’t go online. But here are three ways you can quickly and easily increase your security and privacy:

Use a Virtual Private Network (VPN)

A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Thousands of companies provide these services and some are better than others. Do some research, shop around, and find one that meets your needs. Prices vary but the cost is worth it.  Using a VPN makes it much more difficult to be spied on.

When looking for a VPN service, check its data retention policy – specifically, what the company does if asked by a legal authority to turn over metadata showing use of its service. Some providers don’t keep logs or automatically delete them after minutes or hours, providing users with additional security.

Currently, I’m using the AirVPN service and have also tried and liked Zenmate (which offers some services for free).

Remember to configure your mobile devices to use VPN services.

Use Tor

Tor is an anonymous online communication method that is free, with an easy-to-use Internet browser.  The documentation is also useful. Why Tor? Take a look at this post from the Electronic Frontier Foundation and make sure to review the “Tor is Not Foolproof” section.

Since Tor is free, it’s an important tool for those who can’t or don’t want to spend money on a VPN subscription. But ideally you should use both a VPN and Tor. If some form of packet sniffing was going on, these two tools would minimize the chances of someone eavesdropping on you.

Look for https Sites

The good news is that more and more content on the Internet is being transmitted in encrypted manner. Look for https:// in the URL, or web address. It’s much more difficult for someone using a packet sniffer to see an encrypted page.

The problem is that https use is far from universal, and even when used, the entire web page may not be protected. Sometimes, most of a page might be encrypted but links to content embedded on the page (an image or sound file, for example) are not. Another possibility is that cookies that include page data are being sent unencrypted.

The free HTTPS Everywhere tool from the Electronic Freedom Foundation works to maximize the use of https encryption.

Again, no method will guarantee foolproof security. But a few common-sense steps will add a needed second layer to safeguard your email, files, and most everything else on your computer.

Gary Price is director of GIJN’s Resource Center and a librarian, writer, consultant, and frequent conference speaker. He is the author of INFOdocket (@infodocket) for Library Journal, and was a co-founder and senior editor at ResourceShelf and DocuTicker. He previously served as contributing editor to Search Engine Land and director of Online Information Services at Ask.com.