Is Safe and Free Wi-Fi Possible?

Free Wi-Fi seems to be a much talked about issue these days - from those wanting it and those companies offering it; and, truth be told, Wi-Fi or rather free Wi-Fi, is a great thing to have (Easy access of internet services to those 65 % who have formerly not been able to access these services previously).

Also, with the South African government's recent push of increasing broadband access, these free Wi-Fi services seem to align perfectly with the government's mandate.

What worries me though is that I hope these free Wi-Fi services (e.g. Project Isizwe and eMbizo) don't add security as a last thought in their service offering.

With internet access poised to be a basic human right in the near future, we have to take into consideration the measures we should have in place to protect this basic human right.

With the recent statistics of cybercrime in Africa as a whole, security must be taken seriously by vendors even though its not their responsibility per se.

Vendors' Responsibility Regarding Online Safety

I reason that the vendors investment in educating the public about online safety will be directly proportional to their reputation and market growth, as that will ensure transparency and continuous usage of their service instead of being discouraged to use the service due to cybercrime activity through their services i.e. free Wi-Fi.

Do's and don'ts of using public Wi-Fi

  • Never perform online transactions ( online banking) on public Wi-Fi.
  • Assume everything you do on public Wi-Fi is and can be monitored.
  • If you must use public Wi-Fi, do use a VPN (there are plenty of open source and free VPN services for both mobile and PCs)
  • Turn OFF your Wi-Fi when not in use.

The dangers of public Wi-Fi

Something to take into consideration regarding free Wi-Fi projects is that a huge number of people who have had no prior access to the internet, will suddenly be thrusted into a world of which they know very little of in terms of keeping themselves secure and ensuring their privacy online.

Most of them will have outdated operating systems and unpatched browsers, which are vectors that cybercriminals will exploit.

Taking into account that 42% of users who experience online theft had anti-viruses installed on their systems and still were victims.

Wi-Fi clients are susceptible to various MITM (man-in-the-middle) attacks due to how these devices work.

When a device first connects to an AP (access point) and is authenticated, the next time the Wi-Fi device is on, it firstly checks to see if there are any APs in the area it had previously connected to; essentially asking “AP 243FreeWiFi are you in the area?”.

Attackers can easily pretend to be one of those previous connections and allow the device to connect. Attackers can then intercept some of your communication.

The internet is built on trust which, sadly, is broken these days.

A recent article that has hit the media about Wi-Fi hacking is 'the drone that hacks your mobile to steal usernames and passwords'.

It's made by Sensepost (those guys are great by the way!!). I'm not certain if the mainstream media get the gist of what the guys from Sensepost wanted to do (bring awareness of Wi-Fi 'vulnerabilities' and of course show how even law enforcement can use it for their activities), as the main thing that some in the mainstream media seem to be pushing is this 'bad drone that can hack your mobile via Wi-Fi'.

What can and should be done?

Merely blocking porn sites and/or limiting the duration that users can use the free Wi-Fi service for is not enough.

More needs to be done. Perhaps a portal or splash screen that users will be shown when they access the free Wi-Fi service on the service providers webpage, and that portal/ splash screen will teach a few basic lessons of being safe while using Wi-Fi, as well as the dangers of using Wi-Fi inappropriately.

Security and privacy awareness is everyone's business, and it starts with those little things. This means in schools, Universities and even public libraries (as these places almost always offer free Wi-Fi) education about online safety should be provided.

I love the tech/start-up boom that's taking place in Africa, yet I often wonder if security forms part of this boom, because if it doesn't, we will sink into an even deeper cybercrime hole!

Tech start-ups or their coders should be taught about Secure Software Development Life Cycle.

It's not enough to merely create a great African app, security should be built into that from the beginning not merely at the end by simply sanitising user inputs!

Image credit: Charleston's TheDigitel