I’m worried as I bought something online using my mobile on an airport network
While in the airport last week I went online and purchased something over my smartphone. My partner said I was mad because I was using the airport’s open-access wifi. Is it really that dangerous? Can crooks get your card details that easily? Should I now cancel my card?
The goal for crooks here is to perform what’s called a “man in the middle attack” where your connection is sent to them before being relayed to the correct website. Whilst technically possible advances in security have made this increasingly hard to do. The padlock icon (HTTPS) mentioned previously and the increasing use of something called HSTS has diminished the returns on this type of attack. HTTPS means the data sent is encrypted so that what attackers receive would be scrambled and unreadable. VPNs create an additional layer of security by further encrypting your traffic and are highly recommended.
The news is often filled with stories about public WiFi and recent reports warn of not charging your devices in public spaces out of fear of “juice-jacking” where plugging in your phone allows access to files on the device. The truth is that the likelihood of these attacks is quite low. Many times it would be easier for someone to look over your shoulder .
A common sense approach is probably best.
Use a VPN, try to limit the number of different networks you sign up to.
When connecting to public WiFi particularly those that require some sign-up process never enter a password used elsewhere. Avoid signing into WiFi using accounts like Google / Facebook etc .Check that that websites have HTTPS, if you receive a message that the site is insecure, avoid using it. Turn off file sharing features, e.g. airdrop and windows file sharing. The goal for you is to reduce the risk and make it harder for the crooks.
It is unlikely that crooks at an airport could snaffle your card details, as you will almost certainly be connecting to the online shop via a secure connection (check the padlock symbol in the browser). Having said this, some risks still exist. If your browser is not up to date, or the payment website itself is vulnerable to eavesdropping, a ‘man-in-the-middle’ attack can snoop on your connection to intercept your data and/or cause trouble. Also, if you are sending/receiving email from a dedicated email program (not a browser) unencrypted, there’s a risk of it being snaffled.
It’s not just airports where this is a potentially risk. Any public WiFi you connect to is a potential problem. Be especially careful about cafés and trains, where bad guys can offer a connection through their phone. The name of the hotspot can be anything they like, such as ’Secure Free Train Access’, and they industriously harvest your data.
For these reasons I always use a VPN (Virtual Private Network) when I’m out and about. You can piggy back off the dirtiest most evil hotspot in the world, and the VPN will shield your data from its prying eyes. A good VPN will cost at most a few pounds a month.
source: the guardian