Public Wi-Fi networks are like mushrooms.
* They grow everywhere
Just like mushrooms grow freely in the woods, public Wi-Fi access points are cropping up everywhere around our cities, in public places such as restaurants and museums.
And it is increasingly easy to set up a new Wi-Fi network access point. It could be in my pocket or in the pocket of the person sitting next to you outside a restaurant. I can share my connection with you (secured or otherwise) and convince you to trust me.
* They are dangerous to consume if you don’t take the right precautions.
Is it really dangerous to eat a mushroom that you have not identified? Well, cases of mushroom poisoning are surprisingly common. Mushrooms are free and they grow in profusion in the woods. And it can be very hard to distinguish between the edible and poisonous varieties.
When people are poisoned by mushrooms, it is usually because they have mistaken them for an edible variety.
So is it dangerous to connect to insecure public Wi-Fi networks?
A hacker could set up in a restaurant or outside a café, and create (from the mobile in his pocket) a network with the name of the establishment. He can also connect to the café’s own Wi-Fi network, and watch your data as it passes through, in a man-in-the-middle (MITM) attack. In this way, he might eventually pick up your access codes and passwords for your banking application.
A MITM attack works by sitting between two parties who think they are communicating without any intermediary between them. It can be passive, where it just listens to the data passing; or active, where it actually modifies the data as it passes.
It’s a bit like sending a letter and having the postman open the envelope, without your knowledge, to inspect the contents before sending it on to the recipient.
If you really feel you must connect to a public Wi-Fi network (just as you want to pick mushrooms in the woods), then here are few precautions to minimise the risk:
- Be aware of the dangers, and think about what you are doing.
- Avoid using applications that involve you sending passwords and access details, as these could all be detected by a potential hacker.
- Don’t do online banking – keep that for home.
- If you must surf online, choose sites with https in their URL.
- On holiday, either stay offline altogether, or pay to use a properly secured network.
- Use a VPN.
This is the English translation of an analogy that was originally published on 30th July, 2015, and is also available in French and Polish: