You’ve probably heard of the dangers on public Wi-Fi, but you’ve probably also brushed it aside thinking that it poses no real threat to your cybersecurity and privacy. Perhaps you still jump at every opportunity to check your emails, send a tweet, or read comments on your Facebook post. Just because you or somebody you know hasn’t been a known victim of Wi-Fi hacking on public networks does not mean you should be any less guarded.
Free public Wi-Fi exposes you to a myriad of cybersecurity threats. There are a number of ways that your private data can be breached on those risky public networks. One of the most common scenarios is the SSL stripping, also known as a man-in-the-middle attack. SSL stripping is a form of eavesdropping where hackers secretly intercept and tamper with information during the transfer of data between two parties. Parties on both ends of the conversation are unaware of a ‘man in the middle,’ a third person listening to their conversation.
How SSL Stripping Works
All the hacker needs are a wireless adapter and penetration testing tools to execute an attack. Picture this: you’re enjoying a hot beverage at a local café after work and all of a sudden, you remember a work email that you were supposed to reply to at the office. So, you open your laptop and connect to their Wi-Fi network to open your email. You are using the standard Hyper Text Transfer Protocol Secure (HTTPS) protocol with a layer of encryption known as Secure Sockets Layer (SSL) to send data between your browser and the web server.
What Happens in an SSL Strip
Sitting comfortably at the back of the café, a hacker will be able to see your request to visit a website, intercept it, and send it to the web server pretending to be you. The hacker becomes the go-between for all communication between your browser and the website hence the term ‘Man in the Middle.’ How exactly does that happen? Secure Sockets Layer, or SSL, is the standard security protocol for establishing a secure connection between a browser and a web server. SSL encrypts the data and keeps it between your browser and the website.
By intercepting your traffic and stripping the SSL before the connection gets back to you, the hacker is able to gain access to your private data such as login information for the website. When you key in your login credentials to access your email inbox, you will be sending that information straight to the hacker. The hacker restores SSL encryption before forwarding the request to the website and everything appears normal on their end. In a Man-in-the-middle attack, hackers can access your payment details, your work emails, your chat with mum, and your online banking details.
VPN to the Rescue
In most cases, public Wi-Fi networks are unsecured. An average hacker can easily intercept and read your traffic on such networks. But that doesn’t mean that you can’t enjoy the convenience of free Wi-Fi now and then. You can use a VPN, or Virtual Private Network, to protect yourself against SSL stripping by anyone who may be eavesdropping. A VPN creates a secure connection between your browser and the website thereby blocking any hackers or middlemen who may try to intercept your traffic. A VPN can hide, encrypt, and disguise everything you do online. Free VPNs are strongly advised against, as some reportedly capitalize on the traffic data entrusted with the company behind the freeware. If you’re on a budget, try looking for free VPN trials instead. A lot of trusted providers recommended offer month-long free VPN trials. Use them back-to-back so you’re at least free from the risk of privacy breaches, or worst still, security threats.
SSL stripping is more than a decade old, but man-in-the-middle attacks still happen. This type of cyberattack was brought to light at Black Hat Conference in 2009 by the creator of the encrypted messaging app Signal, Marlie Marlinspike. Since then, websites such as Gmail and Facebook disabled HTTPS and adopted the safer HTTP Strict Transport Security (HSTPS). However, many popular websites including eBay, Amazon, Hotmail, and more still use HTTPS which makes them huge targets for SSL stripping. Use a VPN to protect your private data from hackers when browsing these websites.
Personally for me, NordVPN performs best. Yes, it’s not the cheapest option, but everything’s just great. I feel secure while using it, btw, the speed is consistent even while switching to a different country.