How to Protect Your Mobile Data

Beware of "Free Wi-Fi." Cyber thugs set up sites known as "evil twins" that can steal your signal and leave you vulnerable.

Robert Siciliano

August 17, 2014

Beware of “Free Wi-Fi” or “Totally Free Internet,” as this offer probably is too good to be true. These offers are likely set up by thieves to trick you into getting on a malicious website. AT&T and Xfinity have provided many hotspots for travelers to get free Wi-Fi all over the country. Sounds great, right? However, these services make it a piece of cake for thieves to gain access to your online activities and snatch private information. AT&T sets mobile devices to automatically connect to “attwifi” hotspots. The iPhone can switch this feature off. However, some Androids lack this option. Cyber thugs can set up fake hotspots called “evil twins,” which they can call “attwifi,” that your smartphone may automatically connect to. For Xfinity’s wireless hotspot, you log into a web page and input your account ID and password. Once you’ve connected to a particular hotspot, it will remember you if you want to connect again later in that day, at any “xfinitywifi” hotspot and automatically get you back on. If someone creates a phony Wi-Fi hotspot and calls it “xfinitywifi,” smartphones that have previously connected to the real Xfinity network could connect automatically to the phony hotspot—without the user's knowing, without requiring a password. None of this means that security is absent or weak with AT&T’s and Xfinity’s networks. There’s no intrinsic flaw. It’s just that they’re so common that they’ve become vehicles for crooks. Smartphones and Wi-Fi generate probe requests. When you turn on the device’s Wi-Fi adapter, it will search for any network that you’ve ever been connected to—as long as you never “told” your device to disregard it. The hacker can set the attack access point to respond to every probe request. Your device will then try to connect to every single Wi-Fi network it was ever connected to, at least for that year. This raises privacy concerns because the SSIDs that are tied with these probe requests can be used to track the user’s movements. An assault can occur at any public Wi-Fi network. These attacks can force users to lose their connections from their existing Wi-Fi and then get connected to the attacker’s network. Two ways to protect yourself: #1 Turn off “Automatically connect to WiFi” in your mobile device, if you have that option. #2 Use Hotspot Shields software to encrypt all your data on your laptop, tablet or mobile device.

Robert Siciliano

Robert Siciliano is CEO of IDTheftSecurity.com. He is fiercely committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. Media outlets, executives in the C-Suite of leading corporations, meeting planners and community leaders turn to him to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace.

Top 10 Signs You Need a New SSE Solution

Dan Maier

Security service edge (SSE) solutions are crucial for protecting data, but as the market has evolved and expanded to over 30 vendors, some cracks are beginning to show.

Selective Focus Photography of Gray Chain Link Fence

Easing Access to Cyber Insurance

Andrew Homer

Insurers find it hard to gauge each client's level of cyber risk. Managed security service providers (MSSPs) can provide client readiness reports.

The Need for 'Systems Failure' Coverage

Stephanie Snyder Frenier

The recent CrowdStrike outage and disruption to businesses of all sizes has refocused attention on the value of cyber insurance for non-malicious losses.