As Wi-Fi becomes more ubiquitous, more people are spending more time online. By and large, this is a good thing. However, hackers have developed tools to exploit Wi-Fi locations as easy-access points to Internet surfers’ private information.
The New York Times reported last week on simple software that’s publicly available for download that lets people snoop on your online activity, or even assume your identity online. The program, called Firesheep, lets people access your computer using a shared hotspot. They can view all of your activity as you are surfing, and in doing so, can watch as you enter sensitive information like passwords and logins. And the snoopers need only the most rudimentary computing skills to do so.
Firesheep works by snatching your computer’s cookie, a line of code that identifies your computer, it’s settings, and other sensitive information. While sites like Facebook, The New York Times, Flickr, Twitter and Amazon may encrypt your password as it’s blasted off to the Internet, your cookie often remains unencrypted. Firesheep then uses that cookie to access your computer.
According to the NYT, the program is widespread and easy to use: “More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius).”
Firesheep highlights the need to protect oneself while on public Wi-Fi. But other methods can be employed to tap into your private Wi-Fi at the office or at home. As people use PC’s, laptops, smartphones, and tablets to access a growing number of sensitive sites and services–banking, email–and things like NFC, which turns your smartphone into a mobile credit card, directly linked to your bank account–the prudent Internet surfer should be aware of the dangers.
Here are some helpful tips to protecting yourself on both public and private Wi-Fi Networks.
Private (At-Home Wi-Fi)
- Strong Password – For your encryption key–the password to access your network–be sure to use a lengthy (14 characters) alphanumeric password.
- Hide Your SSID – Your SSID, or Service Set Identifier, is basically the name of your network. The manufacturer of your router typically has them set to default, so that when you set your network up it usually takes the name of your router’s manufacturer. Common ones include Linksys and Netgear. Simply changing this name to something less predictable will help keep you off the radar of would-be hackers.
- Use WPA not WEP–WEP and WPA encrypt the data sent between your PC and your wireless router. Of the two, WPA (or WPA2) is much harder to crack. While it is not full-proof, WPA takes a matter of weeks to crack, while WEP can be done in a matter of hours or days.
- Temporal Key Integrity Protocol (TKIP) – To protect from WPA hacks, log in to your router and turn off TKIP encryption mode. Instead use Advanced Encryption System (AES).
- Safe Surfing – If you’re in a coffee shop, hotel, airport or any place using a public network, avoid going to web sites where you are prompted to log in. Sidejackers–those who prowl for your information–may be able to access this information as you do.
- Vary Your Password – Don’t use the same password and username across all of your media. If a hacker accesses your password in one place, they are likely to try it on all of your other services too.
- Avoid Unencrypted Sites – Some sites do a good job of encrypting your information, but others don’t. If you must enter a log in, ensure that the site begins with “https” not just “http.” Also, look for a lock in the corner of the Web page. The lock ensures the site is encrypted. Another approach is to download this service, which installs a plug-in for Safari that turns all of the sites you surf too into https encrypted sites.
- Use a Virtual Private Network (VPN) – VPN’s encrypt all of the information sent over your network, send it to a secure server, and then blast it onto the Internet. These can be used on all of your devices and will work on your home network as well. A VPN is the most secure route you can take. Some popular ones include: VyperVPN, Anchorfree Hotspot Shield, Barracuda Networks.