Can Encryption Make Public Wi-Fi Safer?

Free public Wi-Fi has become almost ubiquitous on the high street. Where coffee shops led the way, pubs, supermarkets and retailers have followed, offering customers free connectivity in a bid to find out more about their clientele and to get more people through the door.

Wi-Fi aggregator iPass estimates there are more than 104 million hotspots around the world and expects this will rise to 340 million by 2018. In the UK, alone it says there are 5.6 million, and believes this will increase to 14 million during the same timeframe.

A separate report from Juniper suggests this figure will be boosted by ‘homespots’ – home routers that also act as public hotspots. BT Wi-Fi uses this model, while Virgin Media also has plans to do the same. By 2020, the research firm predicts one in three home routers will be a public hotspot.

Wi-Fi threats

The benefits of this connectivity are numerous. For consumers, public Wi-Fi saves battery life and data and can provide connectivity in areas of poor coverage, such as rural locations and indoors. For venues, it offers a chance to provide a value added service and learn more about customers while targeting them with offers. And for operators, it presents an opportunity to offload users onto fixed networks, boosting capacity.

But this abundance of connectivity presents security risks. Attackers can hide on seemingly legitimate, unsecured networks called ‘Starbucks Wi-Fi’, or issue fake login pages that harvest user information. A malicious player could also hijack a session cookie used to authenticate a user, giving them access to your account.

While increased awareness can help combat the threat of social engineering, Symantec says man in the middle attacks are becoming a major threat in the Wi-Fi space, with antagonists using more innovative, sophisticated attacks.

Encryption benefits

“There is a robust community of cybercriminals sharing best practices,” Darren Thomson, CTO and vice president of Technology at Symantec EMEA told TechWeekEurope.

Thomson explained that encryption is one way of protecting against such attacks and wants its ‘Safe Connect’ virtual private network (VPN) technology to become a way for Wi-Fi network providers to protect against threats.

Swisscom is the first provider to sign up for the service, which encrypts user traffic and automatically scans URL and URL requests for downloads, helping to stop the spread of malware – not only helping protect users but also the network.

“An awful lot of people connect to multiple networks of course,” explained Thomson. “We could ourselves be propagating malicious code. One of the ways of getting ahead of that is heading it off at root cause, the download of the activity or file.”

Integrated security

Symantec is adamant that its VPN does not negatively impact the Wi-Fi service. Thomson said the scanning process does not affect network speeds and does not require the downloading of any additional software. He claimed the code is so efficient, users won’t notice anything.

“This is entirely embedded service,” he said. “There is a balancing act between protecting people and limiting what they do. Transparency is key on this. A Symantec we believe in creating a services that is of no detriment [to users].

“From the user’s experience, they are unaware. The IoT is a trend that has helped us learn a lot. We are protecting more than a billion IoT devices globally. The impact we would have on performance is nothing compared to the network latency. There is some impact on performance but it’s negligible.”

A key differentiator

Thomson said he didn’t think social engineering was a bigger threat than network weakness, despite the emergence of attacks such as spear phishing, which show the risk is “evolving very quickly.” He added that the spread of the IoT would present a number of new security challenges for telcos.

“The more we connect, the more we can be attacked,” he explained. “What’s encouraging is that the designers of these networks have security in mind. We’re working with them and they all have security and privacy at the top of their priorities. The network of the future must not just be fast and ubiquitous, but these users expect networks to be secure.”

Some ISPs might feel “duty bound” to protect their users, but added security is not just philanthropically motivated – it’s a business decision too. In the UK in particular, the communications market is incredibly competitive with providers hoping elements such as customer service, or in this case, security, can set them apart.

“If [a company] has the most secure version of what they do, they’re likely to be a winner in that space,” argued Thomson.

“What’s encouraging is that the designers of these networks have security in mind. We’re working with them and they all have security and privacy at the top of their priorities. The network of the future must not just be fast and ubiquitous, but these users expect networks to be secure.”