Underground data – are your details safe on the Tube?

[Acorn Newsbot]

Most of us tend to be fairly free and easy with our data. But as cloud-based, no-cost Wi-Fi* becomes the norm rather than the exception to the rule and the world becomes more and more connected, it’s wise to familiarise yourself with the risks involved and learn how to avoid them.

The good side of free London Tube system Wi-Fi

How many times have you wished you could hook into an internet connection on the Tube? Whether you live in the capital or are just visiting, it’s exciting news. No more dull journeys staring at the ads and trying your hardest not to meet strangers’ eyes. Instead, a world of online entertainment at your fingertips while you’re flying along, deep underground, available between more than a hundred London Tube stations.**

The down side

On the other hand, as the security vendor GFI Software warns, London commuters need to be on their guard while using the Tube’s new public Wi-Fi services. First rolled out across the city in the run-up to the 2012 Olympics by Virgin Media, the original free service has been scaled back to Virgin Media, EE, and Vodafone customers only, but free Wi-Fi is still available to millions of people every year… many of whom don’t realise the risks involved in tuning into an unsecured public network.

Serious security issues

Because the Tube network’s Wi-Fi services are not encrypted, there’s a risk your personal data could be intercepted by anyone who has invested in cheap, widely available packet-sniffing software, which captures packets of data as they pass through a network, decodes the data and analyses the content. Worse still, as the mobile revolution continues, hackers are turning their attention to smartphones and tablets, which many of us don’t realise are just as vulnerable as laptops. As you can imagine, mobile safety is more important than ever.

In short, your data is as safe as you make it – it’s down to you. So how can you keep your details safe on the Tube?

How to keep your data safe on London Underground’s Wi-Fi network

First, you need to be sure the network you are about to connect to is safe and legitimate. Sadly it’s easy for criminals to fake a hotspot and take on its identity. Avoid networks with names such as ‘Free Public Wi-fi’ because they are often fakes. If the network belongs to a shop, café, restaurant or pub, ask the staff so you know the correct network name.

Be especially wary if there are several networks with the same name in one hotspot. Unfortunately, there’s no way to tell which is legitimate and which isn’t. But there are a few sensible checks you can carry out.

Legitimate hotspots usually ask for a log-in, taking you to a special landing page when you first try to access them. Some ask for an account name, others ask for a mobile phone number or email address, for verification. If a network asks for your credit card details, back off straight away just in case. If there’s no landing page it’s probably a fake, so disconnect immediately.***

Genuine hotspots with landing page access usually appear as unsecured networks in Windows, either via an orange shield icon or labelled ‘unsecured wireless network’.

If a private hotspot is hosted on the Cloud there might be password-driven access instead of a landing page. The problem is using the same password for everyone leaves it open to abuse, making it easy for criminals to set up a fake network to accept it. The newest network technologies are designed to generate a unique password for each customer, which is much more secure.*

Look out for ‘ad hoc’ networks, where every wireless device within range of each other can communicate, connecting two or more devices with each other instead of connecting with a wireless router. Luckily Windows picks these up in your network list, showing icons for two or more connected computers. Avoid these at all costs when you’re in public spaces.

Here are some sensible tips for using Wi-Fi hotspots and public connections safely.

•*Make sure the web address is genuine and the login page itself has a secure ‘https’ prefix
•*Right-click on the web page, pick ‘properties’ or ‘view page’ or ‘view certificates (depending on your browser), and click ‘security’. If the connection is encrypted, it’ll say so and give details about the business issuing the security certificate and who it was issued to
•*If you get a warning that the security certificate has expired, don’t connect

You can also install Virtual Private Network software (VPN), and make Windows safe by installing a firewall, turning printer sharing and file sharing off.

Being aware of security at all times

Whatever you’re doing on a public network, always put security first.

•*Never use internet banking apps on public connections or enter private data unless you’ve installed a VPN, a virtual private network that encrypts all the data you send and receive so it’s secure
•*Take equal care with laptop, tablet and mobile phone security
•*Install good quality antivirus software and keep it up to date
•*Visit our Knowledge Centre to find out more about online privacy and how to keep it






More...