Using public wifi - how to protect data?

[agula001]

how secure is the thunderbolt from hijackers
getting your personal info?

when using public wifi do you guys recommend
using anything to protect the personal data being
transmitted? or encrypt? from anything similar to
firesheep/faceniff etc.

- possibly lookout the lookout app?

 

[anon(394005)]

You could turn off anything that sync's on your phone to try to minimize what can be sniffed (not very practical). Bottom line, public hotspots by their very nature are insecure. Thus the only real solution is to avoid them (smartphone or computer), because you are at the mercy of whoever setup/controls the hotspot. Personally, they're not worth the risk, so I avoid them.

 

[yodatom10]

I would not be to worried as most hakers target computers and won't be looking at your phone. But u could stop all sync of your accounts. If that makes u feel better

Sent from my Xoom using Tapatalk

 

[paintdrinkingpete]

I would not be to worried as most hakers target computers and won't be looking at your phone. But u could stop all sync of your accounts. If that makes u feel better

Sent from my Xoom using Tapatalk

Not necessarily true. Some mobile OS versions have known exploits that allow "hackers" to grab info such as contact databases and other info.

I also seriously doubt if it matters if you turn off data syncs or not.

You really are best to just avoid it if possible.

Android vulnerability exposes users to data theft | Mobile security - InfoWorld

 

[IAmSixNine]

If your one bit concerened DONT USE public WiFi.
I make sure my WiFi is off anytime i am near a star bucks or mc donalds. Actually most of the time i leave work i turn off WiFi anyway.

 

[FrankXS]

Just to play Capt. Obvious,

One way of mitigating the risk is to use your your laptop with your own "Mobile Hotspot" which is password protected and has WPA2 (AES) encryption rather than OPEN like all the public hotspots. Better yet even, use a USB cable with MBBC rather than the Mobile Hotspot. Lots of options.

As far as using the phone itself, use your cellular signal rather than the public Wifi.

-Frank

 

[HiPower]

Am I still at a higher risk by walking into an open WiFi zone with my WiFi enabled but not connected? I use WiFi at home only, but Ive always left it on because I don't really notice the power drain.

 

[FrankXS]

Am I still at a higher risk by walking into an open WiFi zone with my WiFi enabled but not connected? I use WiFi at home only, but Ive always left it on because I don't really notice the power drain.

Quick definition of terms for my response:

OPEN = Open all the way to the Internet - no passcode
Unsecured = No authentication to connect, but must "agree to terms" before a connection to the Internet - no passcode

As long as you don't connect to an OPEN or Unsecured network you should be fine. What you have to watch out for is, if you have connected to an OPEN network in the past by the name (SSID) of, say, Linksys or Netgear for example, (or other common name) when you accidentally get near another OPEN network named Linksys or Netgear your phone will automatically connect. So, regarding security, it is best to keep Wifi turned off until you are ready to use it and can control what network you connect to.

As far as an Unsecured network goes, since you have to check a box to agree to the terms and click on [OK] (or similar), you won't auto-connect to the Internet in places like Starbucks and McDonald's. Even though the internal network uses the same name in all the locations (I think Starbucks and McDonald's is "attwifi", or similar). But... the risk of the internal network is also very important. You don't want other people in neighboring seats "browsing" your phone or laptop. So still, regarding security, keep Wifi off until you're ready to use it. Kinda like a gun

I have to add though, security should be in balance with functionality verses risk. Only you can decide what is best for you. One persons paranoia is another person's necessity. Just depends.

-Frank

 

[basketthis]

Kind of old topic, but thought I'd link you since it came up as a suggestion when I created my topic for my tutorial.
Your solution: http://forums.androidcentral.com/ge...-security-risks-protect-data.html#post1193798

EDIT: Must be rooted to do this...

 

[fadepoint89]

Most hackers are going to target Microsoft based computers. I don't think you have anything to worry about since the android is is Linux based. If your phone gets hacked at a public hotspot your dealing with someone who has no life. All in all you should be pretty safe.

Sent from my A05PTH3ORY using Tapatalk

 

[basketthis]

Most hackers are going to target Microsoft based computers. I don't think you have anything to worry about since the android is is Linux based. If your phone gets hacked at a public hotspot your dealing with someone who has no life. All in all you should be pretty safe.

Sent from my A05PTH3ORY using Tapatalk

Just wanted to clear a few things up with the comment above:
Two topics are addressed with this comment. The assumption is that Linux-based systems are secure becomes a catalyst for people becoming vulnerable while using wifi.
It is possible to use a simple packet sniffer in a public area to watch the traffic. I can do it myself, anyone can do it. It takes no effort. It's just a simple program installation, click run and watch everyone's ebay password, paypal account info, and bank account info fly over the wifi connection. It's really rather simple. And when looking at network traffic, it doesn't matter what system (windows/linux) is used, it still uses the same internet communication protocols... This was what I addressed in my tutorial.
Yes, Linux-based systems are secure. However, that doesn't change the fact that the information broadcast over wifi is unsecured. Encrypting the information and sending it to a known secure connection is the important part.

 

[BattleSwine]

Quick definition of terms for my response:

OPEN = Open all the way to the Internet - no passcode
Unsecured = No authentication to connect, but must "agree to terms" before a connection to the Internet - no passcode

As long as you don't connect to an OPEN or Unsecured network you should be fine. What you have to watch out for is, if you have connected to an OPEN network in the past by the name (SSID) of, say, Linksys or Netgear for example, (or other common name) when you accidentally get near another OPEN network named Linksys or Netgear your phone will automatically connect. So, regarding security, it is best to keep Wifi turned off until you are ready to use it and can control what network you connect to.

As far as an Unsecured network goes, since you have to check a box to agree to the terms and click on [OK] (or similar), you won't auto-connect to the Internet in places like Starbucks and McDonald's. Even though the internal network uses the same name in all the locations (I think Starbucks and McDonald's is "attwifi", or similar). But... the risk of the internal network is also very important. You don't want other people in neighboring seats "browsing" your phone or laptop. So still, regarding security, keep Wifi off until you're ready to use it. Kinda like a gun

I have to add though, security should be in balance with functionality verses risk. Only you can decide what is best for you. One persons paranoia is another person's necessity. Just depends.

-Frank

+1

Just want to add around where I'm at most Wi-Fi isn't that much faster than 3G (local cable/dsl aren't delivery marketing hype). 4G when I can get it is far faster. No point to Wi-Fi if it's slower.

While I don't think phones are a direct target of hackers, there were (I hope) flaws exposed when connected to an open Access Point (never use an ADHOC network especially at Airports). While Google claims to have used a server side fix in May... Why a known issue wasn't addressed until the press got a hold of it I don't know. Though GB 2.3.3 and above were safe even before the server side fix isn't clear to me.

Major security flaw affects Google Android phones - May. 18, 2011

 

[basketthis]

The OP was asking if it was possible to securely use an open/public wifi connection. I just want everyone to realize that with my tutorial it is possible to use wifi in public airports, starbucks, etc. with a secure connection. The Android vulnerability is another issue completely and if you were using the method in my tutorial (with or without the old Android firmware) you could not be hacked because you would be on a secure tunnel.
Again, hacking an OS and sniffing information are two different things. I just want to make sure that everyone realizes that...
This way, YOU CAN connect to an OPEN network and not worry about someone "hacking" your phone or connection... This method has been used for many years from computer to computer.

If anyone feels like reading about what I'm talking about: Reference
It may seem like a lot to read for some people and it may seem like an in-depth process (which it is now that public/private networks exist) but it is tried and true. Just think of it as you using your phone as if it were connected to your own home network no matter where you are in the world.
Here is SIMPLIFIED diagram that someone has drawn to help understand the concepts of SSH:

In the diagram above, the "computer" would be the SSH server.

EDIT:

Android devices running versions 2.3.3 and below could be susceptible to attack when they are connected to unencrypted Wi-Fi networks. Anyone else on that network could gain access to, modify or delete Android users' calendars, photos and contacts

Addressing this statement, if one were to use my methods, you would not be connected to an unencrypted Wi-Fi network. Everything from the phone would travel on a completely secure network over the public Wi-Fi connection, therefore, not susceptible to any attacks! I know it can be a little difficult to understand the concept, but I have attached the "Reference" link for that purpose. Problem solved!

 

[anon(394005)]

That's quite a setup to get a secure data connection. Way too complex for most to even consider. I work in the IT field and I wouldn't want to mess with that setup. First I don't want to root my phone. Second, I don't want anything on my home Internet connection open to the Internet (it would be my "trusted" network to SSH to). It's just not worth it. Better to use your phone's data connection!

 

[basketthis]

That's quite a setup to get a secure data connection. Way too complex for most to even consider. I work in the IT field and I wouldn't want to mess with that setup. First I don't want to root my phone. Second, I don't want anything on my home Internet connection open to the Internet (it would be my "trusted" network to SSH to). It's just not worth it. Better to use your phone's data connection!

That's why its also an option to purchase a secure shell account. But having my own home sever is much more fun for me!