A woman using the free public Wi-Fi at the Jumeirah public beach on Al Darmeet Street, Dubai. Image Credit: Antonin Kélian Kallouche/Gulf News

Dubai: Picture this. It’s a Friday morning and you’re hanging out at your favourite beachfront cafe or your neighbourhood public park.

While sipping on your latte or relaxing after a 5-km run, you catch up on all the emails and social media chatter you couldn’t quite grasp during your busy week — thanks to the burgeoning network of public WiFis across the UAE.

Sounds familiar?

With an array of smart services and a rapidly widening information technology network, accessing the internet or checking out social media for free, while you are on the move in the UAE, is a typical scenario for most of us. But did you know of the threats that lurk in the background on public WiFi — such as cyber snoopers stealing your credit card and bank data or hacking into your family pictures and emails?

The Telecommunications Regulatory Authority (TRA) in UAE recently issued a warning, advising UAE residents to use public WiFi with caution. “When using your devices in public areas, do not leave your data visible to those around you,” the TRA said on Twitter. “While you are in public areas, beware of your personal information.”

Cyber security experts have warned that many free public WiFi areas are not encrypted and are prime targets for hackers to access information on your computer or smartphone. Cyber criminals can also easily hack users’ personal data from a public WiFi network as the security is weak.

The bad guys can extract information out of your laptops or smartphones after someone joins the fake network.”

 - Dimitris Raekos | General manager for ESET Middle East


Dimitris Raekos, general manager for ESET Middle East, told Gulf News that there are two types of public WiFi — open-access and those with a password. Open public WiFi is the one that everybody can get access to without having to enter a password, while the other one is more common in hotels and cafes — and the passwords change every day or hour. Despite these, Raekos said that a hacker could still obtain a user’s information using a mobile phone or a computer. Hackers can intercept communications between two participants by creating his own, illegal connections through the WiFi hotspots. “The bad guys can extract information out of your laptops or smartphones after someone joins the fake network,” he said.

According to Nicolai Solling, chief technology officer at Help AG, any public infrastructure can put residents at risk. “[It] is, in the meaning of the word — public — and this constitutes specific issues as you may be subject to certain attacks, where attackers can inject themselves into the traffic flow of your communications,” Solling told Gulf News. “Tech savvy users should be able to spot such attacks, but for the normal consumer they can be challenging to identify. Therefore, my advice is simply to use public WiFi for recreational purposes, but leave the sensitive stuff until you are back home.”

Tech-savvy users should be able to spot such attacks, but for the normal consumer they can be challenging to identify.”

 - Nicolai Solling | chief technology officer at Help AG


What makes the job easier for potential cyber criminals is that there are software and hardware tools available in the market for people to buy and learn how to hack a public WiFi. There are even videos on YouTube that show how to hack a network.

According to Raekos, it is better to access the network using your data network or by setting up your own Virtual Private Network (VPN) when accessing the internet — which makes hacking tough as the data is encrypted. “When accessing a public WiFi, use a firewall or a good security software that can detect a scammer. Never access any type of personal information such as your bank account, social network pages or even email accounts on a public WiFi,” he said.

Consumers these days are becoming increasingly mobile and they expect ready access to a WiFi so they can browse the internet, post images on Facebook or Instagram wherever they are. According to a 2013 study by Forrester Consulting, about nine in ten (90 per cent) travellers “overwhelmingly” want WiFi connections at hotels. About a third (34 per cent) said that a wireless service in their rooms is a deal breaker, meaning they won’t book a stay with the hotel if it’s not available, while 60 per cent consider it as “important”.

All you need to know about public WiFi in UAE

What is public WIFI?

Public WiFi can be found in popular public places like airports, coffee shops, malls, restaurants, and hotels — and it allows you to access the Internet for free. These “hotspots” are so widespread and common that people frequently connect to them without thinking twice.

What are the types of cyber attacks for public WIFI?

1. Man in the Middle attacks: One of the most common threats,  this is a form of eavesdropping. When a computer connects to the Internet, data is sent from point A (computer) to point B (service/website), but vulnerabilities can allow an attacker to get in between these transmissions. So what you thought was private no longer is.

2. Unencrypted networks: Messages that are sent between your computer and the wireless router are in the form of a “secret code,” so that they cannot be read by anyone who doesn’t have the key to decipher the code. But in a public WiFi, there is no guarantee that the encryption has been enabled. 

3 Malware distribution: Thanks to software vulnerabilities, there are also ways that attackers can slip malware onto your computer or mobile device without you even knowing, while using public WiFi.

4. Snooping and sniffing: Cybercriminals buy special software kits and devices to eavesdrop on WiFi signals. This technique can allow the attackers to access everything that you are doing online — from viewing webpages you have checked out and personal data you have filled in to capturing your login credentials, and even hijacking your accounts.

5. Malicious hotspots: These “rogue access points” trick users into connecting to what they think is a legitimate network. As a result, most people implicitly trust such hotspots and end up sharing sensitive data.

How can I safeguard my data and privacy while using a public WIFI network?

DO

1. Make sure your file sharing is turned off when using your laptop at a public place. 
2. If you really have to access your bank account or shop online using free wireless, make sure the site you open is secure
3. Look for the ‘lock’ symbol on the address bar or only visit sites using HTTPS.
4. Log out of accounts when you have finished using them.
5. Watch out for sites with a small spelling change, or registration with a different domain. 

DON'T

1. Allow your WiFi to auto-connect to networks.
2. Continue browsing if you get a certificate warning and the web-browser asks you if you want to proceed to an untrustworthy site.
3. Log into any account via an app that contains sensitive information. Go to the website instead and verify they are using HTTPS before logging in.
4. Leave your WiFi or Bluetooth on if you are not using them
5. Log onto a public WiFi network that isn’t password protected.