This should be a given, but in case it’s not, do not ever do any banking, purchasing, or other financial transactions on public wi-fi and/or large networks!
Note that this is a security blog so when I tell you “do not ever,” I mean 99%+ of the time. If your child’s life depends on some purchase that must arrive in a day and it’s 11:30am and you have no choice, well….. Try to use your cell phone’s data line first, try to have your significant other do it from a secured line, and if that doesn’t work, then quickly get your business done and get off public wi-fi. And make sure you know for sure that the network that you connected to is the proper one in addition to only sending data to a site that you are connected to via httpS.
The reason for this advice is that attackers can set up what’s called a Man In The Middle or MITM attack which is pretty much exactly what it sounds like. How do you know that the Wi-Fi network that you are connected to is really the official library one? Or the coffee shop? Or the bakery? Etc… It can be tough to tell, sometimes even for a security expert. If there are several “Library Guest Wi-Fi” listings, for example, one could be an attacker’s computer, OR they could all be perfectly legitimate. You could always ask the business, but no guarantees so do not think that just because a cashier, clerk, or even IT person tells you something, that you can now start doing banking at work on your huge “secure” network, coffee shop or library, etc… Also note that there are variations of MITM attacks that can still happen even if you’re seemingly connected to the “legit” wi-fi.
Yes, HTTPS is supposed to help keep you secure from this but there are methods to try and get around the encryption and compromise your data anyway, which is why the best policy is to simply not do sensitive things on work and public wi-fi; especially “open” public wi-fi which doesn’t even have a password at all! In fact, you’ll often note that these organizations have a disclaimer about how they could be monitoring your traffic. Believe them. Everyone is always monitoring your traffic.
Now, ways to solve this problem that can be more secure are: Use your personal data plan instead. If I’m out and I don’t trust a network, I just set up a wi-fi hotspot and use that. If you don’t have the option and you’re not alone, ask your friend if you could jump on theirs real quick… provided your friend is not a bonehead who downloads all kinds of shady apps of course 🙂
Another way which can really help prevent much of this is to find a wired connection to the net and hook into that via Ethernet. It’ll be faster and you’ll avoid the entire wireless issue to begin with. How will people listen if you aren’t sending radio signals? But either way, don’t do sensitive transactions on public networks or large work networks if at all possible. Happy friday!