How to secure mobile devices against “WiFi honeypots”

WiFi "honeypots" impersonate trusted WiFi networks remembered by your mobile devices

“WiFi honeypots” impersonate WiFi networks remembered and trusted by your mobile devices

Financial advisers should use a VPN to protect mobile devices from “WiFi honeypots.”

WiFi is almost everywhere today. But when you connect to WiFi in your local coffeeshop or hotel for the evening, do you really know who is managing the connection?

Eavesdropping on Public WiFi

You place a lot of trust in unknown providers when you connect your mobile devices to public WiFi.

Most of the time, you’re likely not at risk of having data you send over WiFi intercepted by someone else. But a number of software programs and hardware devices for sale on the Internet allow users to do just that; sit on public WiFi and eavesdrop on unencrypted data being passed back and forth.

WiFi Honeypot

According to one hardware manufacturer, launching man-in-the-middle attacks is "as simple as setting up your typical home wireless router."

According to one hardware manufacturer, launching man-in-the-middle attacks is “as simple as setting up your typical home wireless router.”

Other devices are even more nefarious. Did you know that most of your mobile devices passively seek trusted WiFi networks to which they have connected in the past?

Your mobile devices remember trusted WiFi networks so you don’t have to repeatedly enter your password and/or approve the connection over and over again. Convenient, right?

Well, these nefarious devices called “honeypots” are built to respond to your mobile devices’ inquiry for a trusted WiFi network.

For example, when your phone broadcasts “is the ‘ApexWealthSecureWiFi’ SSID available?” the WiFi honeypot responds, “Yes, I’m the ApexWealthSecureWiFi access point, you can connect with me!”

And that connection now exposes your phone, tablet, or laptop to a potential man-in-the-middle attack (MitM).

Elude WiFi Honeypots

How do you protect yourself against WiFi honeypots?

First, ensure that you use https:// and SSL connections online as much as possible. Download and install browser plugins like HTTPS Anywhere for Firefox and Chrome (sorry Internet Explorer users, consider this one more reason to stop using that browser).

Implement VPN

Second, set up your own VPN, or virtual private network, connection that provides a secure, encrypted “tunnel” through which your Internet traffic is routed.

If you don’t have your own VPN connection available from your IT department, you can subscribe to one of several private VPN services, most of which cost roughly $50 per year.

For a more detailed review of VPN, read my latest column for Morningstar Advisor titled Secure Your Mobile Connections and increase your safety and security when using WiFi away from your authentic networks.

Avoid WiFi Altogether

When in doubt, avoid using WiFi altogether when you’re away from your trusted networks.

Instead, use your mobile device’s cellular connection (3G or 4G LTE), and if your device doesn’t have its own cellular modem, buy a mobile 4G LTE hotspot for $100 and use that (may I recommend an Overdrive Pro 3G/4G Mobile Hotspot from Virgin Mobile?)

Remember that there are people out there who will exploit vulnerabilities for a variety of reasons. Follow the recommendations above to reduce your odds of becoming a victim of a man-in-the-middle attack when using WiFi networks.


Comments are closed.