The UK is now a smartphone-orientated society. People use their mobile phones for everything from messaging their friends, checking their email to managing their banking. To some, their lives are held on this small device – their personal and professional lives easily accessible at all times, and these devices are secured with a PIN, a password or a fingerprint to prevent this data falling into the wrong hands if the device is stolen. Physically stolen, that is. What most people do not realise is that despite their best efforts to secure their devices, they are still leaving themselves wide open to having the very data they are trying to secure stolen.
People use Wifi all the time – Wireless internet at home or in the office, in cafés and coffee shops, hotels and bars. The majority of wireless networks at home or in the office are secured – encrypted with a password, however, ‘free’ internet, which is available in shops and other public locations more often than not are ‘open’ – no password, no encryption, and therefore insecure, or the wireless password is available to everyone, free for the taking. With a little patience, someone can set up a laptop or tablet to pretend to be this free internet, waiting for unsuspecting customers to connect, and then sit back and record everything that they send and receive online.
An example or a request that has been ‘sniffed’ from a wireless network
So that’s scary. But wait – what about SSL? My bank says its secured with SSL, so is Facebook, and Twitter and everything else, so surely they can’t read my private data?
Sorry, but they can. Whilst SSL does offer a greater level of protection there are ways around this too- the same software packages used to create these fake wireless hotspots also has the software which can get around the security that SSL offers. This is something called a Man-In-The-Middle Attack.
Imagine there are two people - Bob and Peter. Bob wants to get a message to Peter, so he sends Peter a letter through the post. A Man-In-The-Middle attack is the equivalent to someone getting hold of the letter before it gets to Peter – in this example it could be someone who breaks into the post box, takes the letter, copies it, and puts a new copy back in the post. Peter will get the letter none the wiser, and the attacker would also have a copy too. As with these kind of attacks, Peter could see that it was not the original letter if he were to look at the letter and envelope closely, but if he tore the letter open, threw away the envelope, and skimmed through the letter, he wouldn’t know.
That’s a basic example of how people can still steal your information even if it is encrypted with SSL, by pretending to be both the victim and the website at the same time.
Who could do this? Some kind of master hacker? Scarily no. Nowadays the software is freely available for download. Anyone with a couple of hours’ spare can set their laptop up with the software, and then sit in a coffee shop with their laptop, and as they drink their coffee, their laptop is storing a copy of all the traffic coming from the unsuspecting customers.
The big question now is ‘How do I protect myself from this?’. Thankfully this is incredibly easy and does not cost much at all, and it is called a VPN (Virtual Private Network) connection.
A word of warning though to anyone who looks into this – there are free services which offer a secure ‘tunnel’ to the internet, however, there is no such thing as free – many of these services will sell your browsing history, log the sites you visit and may also actively inspect your internet traffic – the very thing you are trying to avoid!
A VPN connection is a super secure tunnel from a device to a server in which all internet traffic gets sent through. Unlike SSL, a VPN connection cannot be attacked with a Man-In-The-Middle attack, since both sides have enough information to make it impossible for anyone to pretend to be the VPN server.
This may sound complicated, but thankfully not. I use a company called Private Internet Access (www.privateinternetaccess.com), who provide a mobile app on iPhone and Android that has just a simple on/off switch. Simple as that. Goldenfrog’s VyperVPN offer a similar service too.
As a general rule, my mobile phone has a VPN connection on all the time – whether I am connected to my home network, through my mobile data connection, or any other wireless network. I’m happy that I know all my data is safe and secure.
Another added benefit to using a VPN service is that with a couple of clicks, your device could be connected to a different country – from Sweden, America, Switzerland to India, Japan, Brazil to name but a few.
So how much would you think this would cost? A lot of money you might say? Not at all. For me, it costs just under $40 a year, so around £30. Putting it simply, around £2.50 a month depending on exchange rates, so less than the cost of one coffee per month.
Is it worth it? Yes. If you want to protect yourself, you need more than just a password on your device, you need to make sure your connection to the internet is completely secure. You don’t know who could be watching your internet access.