Member Login

Avoid being hacked by your WiFi - Jan 2012

Avoid being hacked by your WiFi - Jan 2012

by Rebecca Moonen - iiNet's Compliance Manager (

When you're on the run, there's nothing handier than access to all things Internet. It's a common scenario - you're at a cafe, hotel, airport or other venue offering free Wi-Fi. You whip out your laptop (or smartphone) and begin going about your business, logging into various accounts and social networks. While this seems harmless enough, your session could be intercepted by hackers wanting to access the personal information you hold near and dear.

Let's take a look at a few ways your information could be compromised without you realising:

Don't click the dodgy link

This is probably the easiest type of WiFi hijacking to avoid. "Those" emails from your bank, Facebook, or even iiNet requesting that you follow their link to "check your details" or "view a friend's comment on your photo" are sometimes used to allow hackers to set what's known as a ' session ID' to your computer. Hackers will use this session ID to spy on what you're up to online. If you'd like a refresher on avoiding these types of 'phishing' emails, head to a previous articleon the topic.

Beware of non-password secured WiFi

Unsecured Wi-Fi hotspots are the biggest risk to having your session hijacked. If the WiFi you're using doesn't require you to login with a password, there is a chance someone could be snooping. The methods hackers use to do this were highlighted recently with the release of the Firesheepplug in (for Firefox), highlighting how a third party can gain access to your password protected applications (and even log in and impersonate you during a session.)

Thankfully there are ways you can avoid being a victim of this, the easiest being to not use a free WiFi network unless it is protected by a password (the company providing the WiFi connection will usually give the password to you). If you need to use a public Wi-Fi network that isn't password protected, be mindful of the sensitive information that you might be transmitting (unless the site itself is secured - look for a URL beginning with 'https'). Alternatively, log in via a VPN(Virtual Private Network).

Make sure it's a real public WiFi service

There have been plenty of cases where bogus companies or individuals set up free Wi-Fi networks specifically for the purpose of illegally accessing user information. When you come across a free WiFi service, check that it's attached to a reputable source like a Starbucks or McDonalds (but not a Dodgy Joe's Internet Shack).

So next time you stumble across an area promising free Wi-Fi, spare a thought for the security of your personal information. The difference between staying safe and leaving yourself open to an attacker gaining access to your Facebook, email, Paypal or banking passwords could be a matter of a few precautionary measures. For more information on staying safe online, head to the iiNet Online Safety Series webpage.