Public Wi-Fi where the wild things are


Los Allamos

Telecommuting has increasingly become the new normal as we have all adapted to pandemic life. You can work from your bedroom, kitchen, or maybe take it on the road and work from Starbucks or any other public place. But… should you? Public Wi-Fi can be dangerous; think twice before using it for work or any additional sensitive information, and take precautions to keep your data secure.

LAST WEEK, the National Security Agency (NSA) released an announcement about the dangers of public Wi-Fi, especially for telecommuters: connect.

It’s important to remember that data sent over public Wi-Fi, especially open public Wi-Fi that doesn’t require a password for access, can be stolen or manipulated by an adversary. Even if a public Wi-Fi network needs a password to connect, you have no guarantee that data sent over that network is encrypted.

If the data is not encrypted in transit, it is much easier for a malicious actor on the network to steal your data. It is also possible that a network is simply misconfigured and a malicious actor could convince the network to use unsecured protocols or steal the PSK (pre-shared key) from the network and use it to access your data. .

Another Wi-Fi vulnerability is known as the “evil twin” network, where a malicious actor can configure malicious access points, an access point to the wireless network that mimics an official access point. So, if a wireless network at Starbucks is “Starbucks Wi-Fi Official”, a malicious actor can set up another access point and call it “Starbucks Super-Fast Wi-Fi”. Suppose they can trick users into connecting to this bad access point. In this case, they can use it to access users’ devices and potentially redirect websites, inject malicious proxies, and spy on network traffic. Any data sent over this compromised network can easily be stolen.

The NSA recommends if you need to use a public Wi-Fi network, you use either a corporate or personal (Virtual Private Network) VPN. What is a VPN and how does it work? You install VPN software on your device, allowing you to take a private network and extend it to a public network. VPN allows users to send and receive data as if they were sending it over this private network rather than the public network. VPN providers include NordVPN, PulseSecure, ExpressVPN, PureVPN, and many more. You can research VPN providers online and figure out which one best suits your needs within your price range.

How does a VPN work?

  • When you connect to a VPN service, it authenticates your device to a VPN server.
  • This server applies an encryption protocol to all the data you send and receive.
  • The VPN service will create an encrypted “tunnel” over the Internet. This “tunnel” secures the data flowing between you and your destination.
  • To be sure that every data packet remains secure; the VPN wraps it in an external packet, which is then encrypted. This is the key element of the VPN tunnel and it protects your data during the transfer.
  • When the data arrives at the server, the external packet is removed through a decryption process.

For a simple one-and-a-half-minute explanation, watch the PC Magazine video on YouTube that explains how a VPN works… with Legos: connect.

If you connect to a public Wi-Fi network for work or for other sensitive reasons, be sure to use a VPN provider, work or personal. Using VPN is the best way to protect your data when you are forced to connect to an unsecured public network.

Editor’s Note: Becky Rutherford works in the information technology field at the Los Alamos National Laboratory.


Comments are closed.