How hackers use Wi-Fi to steal your passwords

The ability to take advantage of free Wi-Fi at a variety of public locations around the country comes at a price. With home or business wireless networking, a core group of trusted users are generally the only ones with access. Public Wi-Fi, however, is open to a wide circle of strangers in the same café, library, or other public place. If the Wi-Fi isn’t password protected, those strangers could be in the parking lot or even in a nearby building.

Image credit: iStockPhoto

Image credit: iStockPhoto

For those seated in that public place, it may seem impossible that someone would be able to access their private information without them being aware of it. But because your data is being sent through radio waves to a router, it can easily be intercepted by someone who has the right tools and knowledge.

How it’s done

There’s likely no limit to the ways hackers can come up with to access user information. Many hackers use software to intercept those signals, at which point they can see everything on a fellow free Wi-Fi user’s screen. This hacking software, called “sniffer software,” looks at traffic traveling to and from a wireless router to extract important information.

Another popular method used by hackers is to set up rogue Wi-Fi hotspots in areas where large numbers of users are likely to be searching for a connection. These hotspots can use generic names like “free Wi-Fi” to cause trusting users to connect, at which point their personal information can be collected.

What you can do

The best solution could come from companies like AT&T and T-Mobile, that serve as the largest providers of Wi-Fi in public locations. These companies do not currently encrypt Wi-Fi signals, even though doing so would help greatly in protecting consumers against fraud. However, each of these providers recommends users download their free encryption software when using a Wi-Fi router.

Of course, the best way to avoid one of these hacking attempts is to never use free Wi-Fi. For those who are regularly required to connect on the go, a Virtual Private Networking (VPN) account will encrypt communication, preventing interception. The cost is generally a minimal monthly fee and only requires a quick login after the user is connected to Wi-Fi to provide the additional safeguard.

A 4G-powered personal hotspot is another option for frequent travelers. This hotspot provides a user his or her own cellular connection, which can be set up to be secured by a password, just as a home Wi-Fi network is. This option generally costs more than many cell phone plans, however, so it may not be an option for users on a budget.

For those who must regularly use Wi-Fi, there are several steps you can take to keep hackers out. First, it’s important to clarify the name of a free Wi-Fi network before choosing to join it. If the network isn’t password protected, it might be a good idea to stay away. Lastly, when using public Wi-Fi, try to avoid logging into sites or entering information like credit card information or social security numbers. While this isn’t a guarantee that information won’t be compromised, it’s a good idea not to make the hacker’s job any easier.

Featured Image Credit: iStockPhoto

Stephanie Faris
Stephanie Faris has worked in information systems since 1999, served as a help desk supervisor and hearing multimedia coordinator for the State of Tennessee. Stephanie’s writing has appeared in The Motley Fool, and Her first novel, 30 Days of No Gossip, is scheduled for release by Simon & Schuster in March 2014.
Stephanie Faris
Tags: IT Security,Technology
  • Blind Willy

    I miss the days of 2 cans and a string.

  • reasonableguy

    What about https: sites?

    Even if the packets can be sniffed, doesn’t SSL (used in https connections) encrypt everything from my browser to the web server I’m connected to.

    Short of NSA decrypting that should make my communications safe — at least on https sites.

    Or am I missing something?

    • bob

      search sslstrip. it makes https site into http sites.