I’m at Starbucks. There are four wireless connections available. Starbucks of course. Then there are Home Depot, some cement contractor and an unidentified place with something like ‘Lansky’ . How do I know which are public and which are just unsecured private wi-fi places?
Were I not at Starbucks does it matter if I use any unsecured hot spot?
Someone said it might be criminal to use someone’s private unsecured hot spot. Is that true?
Yes I believe it is illegal in some fashion to use a wifi signal that belongs to someone else. Like siphoning their electricity or cable to your house.
Public signals will not have a small lock icon and you’ll be able to connect to it with no problems. Most signals are secured so you can’t crack the data being transmitted, however when people normally say “an unsecured signal” they usually are referring to a lack of password, allowing anyone to access it when it probably should have a password.
EDIT: The way you tell the difference between a deliberately public signal like Starbucks or Home Depot is that the modem or router are usually named something that will let you know it’s designated as a business signal. For example, Starbucks, Home Depots or AT&T Hot Spot or the like. If there is a business near by named Lansky then I’d be okay assuming it’s deliberately public, otherwise, it’s probably just someone that doesn’t have a password on their router. Which I’m not sure how people do, considering in my experience wifi signals come with a password by default.
Every home wifi router I’ve ever owned or helped set up was open by default. Putting a default password on them would only give a false sense of security – the default password wouldn’t be very secret.
Lots of people don’t even change the name of their router. In an apartment complex, often you’ll see several ‘linksys’ wifi networks open. I wonder how the residents know which one is their own.
Is there any way to verify that you’re connected to the actual wifi of the business instead of a hacker? For example, in the airport there will often be many wifi servers, all with the same name. A hacker could plug in his own router, give it the same name, and allow people to connect. Now he can capture all the network data for the clients who connect to his router. As a client, is there any way to know which “Free Airport Wifi” servers are real and which are from hackers?
All data traveling over an open WiFi network is accessible to anyone on the network anyway. I cannot think of any advantage a “hacker” would gain from setting up his own network. He can simply listen to the traffic traveling over the public network.
Equivalently, even if you did accidentally connect to a “hacker”'s network instead of the public network, you would be at no additional risk.
There are things like Firesheep which can hijack sessions because authentication cookies are transmitted in plain text, even though the actual login was encrypted. This is poor design on the website’s part, and as you say, you can be at risk whether you’re on a hacker’s wifi or a public one.
There are potentially more sophisticated hacks that could go on, such as spoofing DNS to make it look like you’re connecting to your bank, when you’re really connecting to a fake site designed to steal your password. Browsers have some safeguards against this, but there are still vulnerabilities, not least of which is users clicking “Proceed anyways” on a giant flashing red warning screen. At this moment, I don’t think attacks like this are common place, but all it takes is one turn-key software solution to make it a real threat. But, there are methods of performing these kinds of attacks on a public wifi which don’t require the hacker to have setup their own.
I don’t worry at all about connecting to public wifi for doing non-sensitive things. I am confident that my devices aren’t going to be directly hacked back into, and I might not feel that way if I was running an unpatched copy of Windows. Browser session hijacking is a small concern, but the damage will really be very limited if somebody watches me browse yelp reviews to pick a place to eat dinner. I may elect to use a VPN if I need to access genuinely sensitive sites.
This definitely used to be the case, but now many home wifi routers seem to come with a random password enabled as the default setting. The password is typically written on the bottom of the router. And by random, it often seems to be the ethernet MAC address, or something similar.
As to the OP, probably the best way to protect yourself is similar to other generally recommended computing advice: Make sure you have the latest security patches for your device to prevent direct hacking. When browsing, use the https:// sites whenever possible. Pay attention to warnings and errors your browser puts up, particularly unrecognized certificates for well-known sites. Don’t connect to anything genuinely sensitive from an untrusted location.
If it has the store’s name and isn’t password protected, it’s probably fair to use it. Usually store wifi will make you click an “I agree” button anyway.
If you are worried about security, there’s not much difference. You need to bring your own.