August 17, 2014
How to Protect Your Mobile Data
Beware of "Free Wi-Fi." Cyber thugs set up sites known as "evil twins" that can steal your signal and leave you vulnerable.
Beware of “Free Wi-Fi” or “Totally Free Internet,” as this offer probably is too good to be true. These offers are likely set up by thieves to trick you into getting on a malicious website.
AT&T and Xfinity have provided many hotspots for travelers to get free Wi-Fi all over the country. Sounds great, right? However, these services make it a piece of cake for thieves to gain access to your online activities and snatch private information.
AT&T sets mobile devices to automatically connect to “attwifi” hotspots. The iPhone can switch this feature off. However, some Androids lack this option.
Cyber thugs can set up fake hotspots called “evil twins,” which they can call “attwifi,” that your smartphone may automatically connect to.
For Xfinity’s wireless hotspot, you log into a web page and input your account ID and password. Once you’ve connected to a particular hotspot, it will remember you if you want to connect again later in that day, at any “xfinitywifi” hotspot and automatically get you back on.
If someone creates a phony Wi-Fi hotspot and calls it “xfinitywifi,” smartphones that have previously connected to the real Xfinity network could connect automatically to the phony hotspot—without the user’s knowing, without requiring a password.
None of this means that security is absent or weak with AT&T’s and Xfinity’s networks. There’s no intrinsic flaw. It’s just that they’re so common that they’ve become vehicles for crooks.
Smartphones and Wi-Fi generate probe requests. When you turn on the device’s Wi-Fi adapter, it will search for any network that you’ve ever been connected to—as long as you never “told” your device to disregard it. The hacker can set the attack access point to respond to every probe request.
Your device will then try to connect to every single Wi-Fi network it was ever connected to, at least for that year. This raises privacy concerns because the SSIDs that are tied with these probe requests can be used to track the user’s movements.
An assault can occur at any public Wi-Fi network. These attacks can force users to lose their connections from their existing Wi-Fi and then get connected to the attacker’s network.
Two ways to protect yourself:
#1 Turn off “Automatically connect to WiFi” in your mobile device, if you have that option.
#2 Use Hotspot Shields software to encrypt all your data on your laptop, tablet or mobile device.