Let me tell you a story about a pineapple.
This story isn’t about fruit though, it’s a cautionary tale of just how easy it is to lose your personal data when using public wifi networks. You see, the “pineapple” in question is actually a device built specifically to perform man-in-the-middle attacks on wifi networks.
A man-in-the-middle attack is one in which attackers secretly insert themselves between you and your intended destination.
For example, suppose you wanted to login to your bank and send a payment. In order to do so, you would either use an app provided by the bank, or simply log into your bank’s website using the credentials you set up when you opened your account, or signed up for online banking. In a typical man-in-the-middle attack, a hacker would intercept the traffic coming from your computer, and then pass it along to the bank for you, without your knowledge.
That way, he could see all of your information and use it at his convenience.
When using open, free wireless networks such things have always been possible. However, now with devices like the pineapple, these types of attacks can be performed by even the most unsophisticated attackers.
Normally, I don’t like to point out how to buy such things, as it only propagates their use. But in this case, the proverbial cat is already out of the bag. So, I would encourage you to visit https://www.wifipineapple.com/ to read all the information about these devices. It’s always good to know what you’re up against. I understand they’re sold out right now, so that just goes to show you how popular they are.
So, what can you do to avoid being the victim of such an attack?
First, don’t use free wireless services when performing critical tasks on your computing devices. I say computing devices because it’s not just a computer. The type of attack mentioned above does not rely upon a specific type of device. You can be using a phone, tablet or computer and you are still vulnerable. It doesn’t even matter if you have up-to-date anti-virus or malware prevention software, because the attacker isn’t installing anything on your device! He is just wanting to get your information.
So, don’t use public wifi for banking or credit card transactions.
Secondly, use a different password when using social media than the ones you use for other things. Even if you don’t use the public wifi for banking, if you login to Facebook while on one, and have the same password for Facebook and your bank, you are leaving yourself vulnerable. Personally, I like to use a passphrase instead of a password.
A passphrase is very similar to a password, but longer. Depending upon the password rules of the particular system you’re using, you may even be able to make it an entire sentence. For example, instead of using your daughter’s birth month and year, “December1975,” you can use “MyDaughterBornInDecember1975.”
Keep in mind, if you use the same passphrase for every site, then you still have the same problem with man-in-the-middle attacks. Certainly, the phrase will be easy for you to remember, but it’s also going to be easy to use against you.
If you are having trouble remembering your passphrases, try coming up with a strategy to help you keep track. Something as simple as adding the name of the website to the front of your password can help you remember. For example to login in to Facebook you could use, “FacebookIsWonderful!” as your password while your bank could be, “ThisBankIsWonderful!” It’s not ideal to have a repeatable pattern like that in your password/passphrase, but it’s certainly better than using the same one everywhere.
Until next month, be safe out there!