The advantages of city-wide, free WiFi seem obvious. Internet access for people of all income levels, convenience and constant connectivity are attractive to most urban-dwellers.

However, municipal WiFi is one of the most dangerous places to conduct online activity. It is a hotbed of lurking commjackers. These commjackers take advantage of the open network and the thousands of trusting users.

Commjacking an Entire City

While this may sound far fetched, it really is not. A city equipped and connected with free, public and unsecure WiFi places an entire population at risk of personal data theft and consequential cyber crime. A cybercriminal can gain access to users’ phones, tablets or laptops with even the most limited knowledge of hacking. With under one hundred dollars and some open source software, [Tweet “#commjackers can set up fake WiFi networks to lure public users to connect.”]

If you’ve been following this blog, you’ll be aware of the numerous examples of commjacking over the past 18 months, from hotels to airports and airplanes. Even the CoroNet CSO experienced an attack from using an airline’s free WiFi. Some hotel chains have routers susceptible to easy hacking, which puts customer information and access to the hotel’s reservation database and keycard system.  

A commjacker walked into a Dutch café and in minutes could see the online activity of everyone around him. He discovered one patron had recently traveled from Heathrow airport and was staying at a hostel in Amsterdam. “So what?” I hear you say. Well for one, this commjacker now has your personal login credentials for many of your accounts. Secondly,  knowing this, imagine the same patron receiving an email along the lines of, “We’ve found your credit card at Heathrow Terminal 5.” You’d click on that, right? Maybe even give your contact details? Bingo, that is an excellent phishing email  that comes as a result of knowing personal stuff about you. Even the smallest amount of data can be telling of an individual’s history. And knowledge, as we know, is power in the wrong hands.

Mitigating the Risks

Free WiFi and a connected world are the way forward but as with all good things, precaution is required to ensure public safety.

Don’t leave your wifi security up to the municipality. One of the best ways of staying safe on a public network is to always use an SSL session when conducting private activity, such as email, credit card transactions or anything involving personally identifiable information. If accessing a highly-secure network from public WiFi, it is smart to use a VPN or IPSec to protect all data being transmitted across networks. These tips should keep users safe if they are practicing wise Internet behavior.