Free Wi-Fi seems to be a much talked about issue these days - from those wanting it and those companies offering it. Truth be told, Wi-Fi or rather free Wi-Fi, is a great thing to have.

Also, with the South African government's push of increasing broadband access, these free Wi-Fi services seem to align perfectly with the <a href="" target="_blank" ยก>government's mandate. What worries me though is that I hope these free Wi-Fi services don't add security as a last thought in their service offering.

With Internet access considered to be a basic human right, we have to take into consideration the measures we should have in place to protect those accessing this basic human right. With the recent statistics of [Cybercrime])( in Afrika as a whole, security must be taken seriously by vendors even though its not their responsibility per se.

I reason that the vendors investment in educating the public about online safety will be directly proportional to their reputation and market growth. This will ensure transparency and continuous usage of their service instead of being discouraged to use the service due to cybercrime activity through their services i.e. free Wi-Fi.

Do's and don'ts of using public Wi-Fi

  • Never perform online transactions ( online banking) on public Wi-Fi.

  • Assume everything you do on public Wi-Fi is and can be monitored.

  • If you must use public Wi-Fi, do use a VPN (there are plenty of open source and free VPN services for both mobile and PCs).

  • Turn OFF your Wi-Fi when not in use.

The dangers of public Wi-Fi

Something to take into consideration regarding free Wi-Fi services is that a huge number of people who have had no prior access to the Internet, will suddenly be thrusted into a world of which they know very little of in terms of keeping themselves secure and ensuring their privacy online. Most of them will have outdated operating systems and unpatched browsers, which are vectors that cybercriminals will exploit.

Taking into account that 42% of users who experience online theft had anti-virus software installed on their systems and still were victims. Wi-Fi clients are susceptible to various MITM (man-in-the-middle) attacks due to how these devices work.

When a device first connects to an AP (access point) and is authenticated, the next time the Wi-Fi device is on, it firstly checks to see if there are any APs in the area it had previously connected to; essentially asking โ€œAP 243FreeWiFi are you in the area?โ€ Attackers can easily pretend to be one of those previous connections and allow the device to connect. Attackers can then intercept some of your communications.

The internet is built on trust which, sadly, is broken these days. There was an article that about Wi-Fi hacking on "the drone that hacks your mobile to steal usernames and passwords." I'm not certain if the mainstream media ever got the gist of what the guys from Sensepost wanted to do, which is to bring awareness of Wi-Fi 'vulnerabilities' and of course show how even law enforcement can use it for their activities). The main thing that some in the mainstream media seem to have focussed on is this 'bad drone that can hack your mobile via Wi-Fi'.

What can and should be done?

Merely blocking porn sites and/or limiting the duration that users can use the free Wi-Fi service for is not enough. More needs to be done.

Perhaps a portal or splash screen that users will be shown when they access the free Wi-Fi service on the service providers webpage, and that portal/ splash screen will teach them a few basic lessons of being safe while using Wi-Fi, as well as the dangers of using Wi-Fi inappropriately.

Security and privacy awareness is everyone's business, and it starts with those little things. This means in schools, universities and even public libraries (as these places almost always offer free Wi-Fi) education about online safety should be provided.

I love the tech startup boom that's taking place in Afrika, yet I often wonder if security forms part of this boom, because if it doesn't, we will sink into an even deeper cybercrime hole!

Tech start-ups or their coders should be taught about Secure Software Development Life Cycle. It's not enough to merely create a great African app, security should be built into that from the beginning not merely at the end by simply sanitising user inputs.

Share this via: