Wi-Fi Hotspots Can Play Spoil Sport to Your Mobile Device
Corporate IT managers face a challenge as more and more employees use a wide variety of devices and mobile apps to access enterprise data, interact and collaborate.
The point to be remembered is, mobile devices were originally designed to address consumer needs and them, therefore, lack the stringent security required for enterprise collaboration. In fact, many of these devices are not under the control of the IT security teams, and therefore are not secure in the same way as laptops and desktops.
While security continues to remain a challenge, enterprises realize the value that comes with the Bring-Your-Own-Device (BYOD) approach. Tech Pro Research reports that 74 percent of organizations allow, or plan to allow, employees to use their personal mobile devices for work and employees prefer to use their own devices. To go a step further, it is becoming more and more difficult to contain and control devices in the workplace or the way devices are being used to access enterprise data.
Wi-Fi hotspots, a physical location providing Internet access is being adopted extensively. BYOD and advanced network infrastructure have also helped to propel the use of hotspots, compounded by the use of portable devices. There are both drivers and constraints influencing the hotspot space. One of the biggest concerns with hotspots is interception of cellular data transmission. For enterprises, especially those which encourage workers to bring their own devices to work, free Wi-Fi hot spots can be a serious security concern.
For example, if a worker logs into the enterprise system from a hotspot, there is the possibility that a hacker can gain access to the entire corporate database. Similarly, for personal users, public hotspots can pose security risks. According to iPass, which tracks the global growth of Wi-Fi, there are now 54 million Wi-Fi hotspots in the US, representing a 4,414 percent increase since 2013. Many of these Wi-Fi hotspots are insecure, leaving users open to cyber-attack and at risk of significant financial loss.
A serious form of Wi-Fi attack is called Mobile MitM – MitM attacks rel-“no follow” targeting mobile devices targets mobile devices and allows hackers to identify user’s location, intercept messages and sometimes eavesdrop conversations. This kind of attack typically happens when a hacker intercepts communication between a web server and a device. Android and Apple have made validation possible and easy with a `certificate pinning’ policy but its adoption is still not one hundred percent.
In today’s mobile world,one should know how to boost your top line using mobility everyone is at risk, not just enterprises. Wi-Fi hotspots pose greater threats than others because they have happened to be fast, free and available. That they can also cause furious damage is another point of discussion. Most vulnerable are enterprises as it is a common practice for a user to access enterprise data on his or her mobile device. Essentially, everyone in the mobile enterprise is a potential target, but the most vulnerable targets are those in senior or executive positions in business and government. Hackers are on the lookout for anyone who deals with sensitive information — particularly those who might have access to trade secrets or financial data.
The problem is very real. It’s been estimated that nearly three quarters (73%) of the top 1,000 free apps in Google Play don’t check server certificates, and more than three-quarters (77 %) of those ignore any SSL errors that pop up when they communicate with the app server.
By combining two-factor authentication and VPNs it is possible to secure business information. VPNs generally make it difficult for hackers to read passwords. Adding another line of defense ensures that even if the password is compromised, there is another level of defense in place. Employees who have data plans can also consider tethering their phone or device. Finally, by encrypting data it is possible to defend data successfully.
Is there a way forward?
One of the best ways forward and one that may not be especially palatable is avoiding auto connecting to Wi-Fi hotspots. We can never really be sure of these hotspots and their sources. Untrusted sources can be big sources of problems especially if a hacker has managed to jailbreak a phone. It is also important to keep in mind that the mobile device, even though it is a personal device has information about other people, for example, the phone book can have data including mobile numbers, email IDs of so many people.
Hence, in an effort to safeguard personal and trusted data, it is better to avoid Wi-Fi hotspots altogether.
Are Wi-Fi Hotspots Secure?