By: Al Restar, Zero Day
Earlier this week, the City government of Iloilo was able to secure a partnership with the country’s two leading telecommunication networks, Smart Telecommunications, and Globe in order to provide free public Wi-Fi in different public parks and plazas around the city.
Mayor Jerry P. Trenas signed a Memorandum of Agreement (MOA) with the two telecom giants in order to set up public Wi-Fi hotspots at the City Hall, in district plazas, the Esplanade, and along the Diversion Road in Mandurriao.
The move will not only provide free Wi-Fi stations in the aforementioned locations, but it will also power the digitization of the City Hall. It will support the ambitious goal of the city government to transform Iloilo City to a “Smart City,” similar to Singapore and other tech-oriented cities around the world.
Smart Cities leverage the power of technology and the internet in order to collect information from people within the area to manage and allocate resources efficiently, as well as to provide expedited and streamlined services.
However, there are privacy and cybersecurity risks associated with this move. Don’t get me wrong; I fully support the city’s move to digitize and its ambition to become a Smart City. In fact, it is my long-standing advocacy to push governments to embrace technology and to leverage the power of the internet to improve services to the people.
But it is also important that we understand the risks that come with digitization, especially in public Wi-Fi hotspots. Setting up free Wi-Fi stations around the city has its undeniable benefits like democratizing information, making it accessible to everyone who can’t afford to connect to the internet. However, it is necessary that we look at the online behavior of people and see how public Wi-Fi can also be leveraged by those who have ill intentions – especially those who want to abuse the technology.
First of all, let’s discuss how exactly does a public Wi-Fi connection work. When you connect your devices to a “public” Wi-Fi connection, it will be linked to a network of servers. And since it is a public network, everyone who connected to the Wi-Fi will have some sort of discoverability and access to everyone who is connected to the same network.
This access can be exploited by malicious actors to carry out what we call a “sidejacking” and “firesheeping” attack. To put it simply, sidejacking is a method of stealing someone’s access to a website through wireless networks and public Wi-Fi. This means that an attacker can simply exploit the vulnerability created by connecting to a public wireless network in order to gather information from others who are also connected in the same network.
It may sound far-fetched for some, but it is happening in real life. There are cases where hackers are connecting to public Wi-Fi hotspots and wait until other people open their online banking apps using the same connection and intercept their access in order to funnel funds into their own accounts. It is also one of the most common methods to take over social media like Facebook.
And while you think that it has never happened to you, the data shows that it probably did. Reports reveal that the Philippines is the single biggest online attack originator in the world. In the said report from Arkose Lab, a cybersecurity firm, more than half of the social media account logins made around the world are fraudulent and are results of malicious attacks.
Another report, this time from Kaspersky Lab, also reveals that more than 7 million online attacks were reported and intercepted in the Philippines in the last three months, making the country the fifth most attacked country in the world. With this data, it is easy to deduce that you probably have been a victim of some sort of online attacks – may it be credential stuffing, social media takeovers, phishing, online banking looting, etc. – in the last quarter of 2019 alone.
Aside from collecting your information, public Wi-Fi hotspots can also be used by hackers to send ransomware to a certain device that is also connected in the same wireless network. Ransomware is a type of software that encrypts (or locks) files saved in the target device which will force the user to pay a certain amount to the hacker to get their files decrypted. There are also cases where ransomware attackers don’t decrypt the files after they are paid.
Needless to say, there are a plethora of risks associated with connecting to public Wi-Fi. But that doesn’t mean that the move of the city government to install hotspots around the city is a bad idea; because it is not. It is a good move.
However, you have to understand that when using these connections, you have to be extra careful in protecting yourself from possible attacks. The public Wi-Fi is beneficial only to those who take care of their cybersecurity; but for those whose online behavior is not careful – those who don’t have anti-virus, no SSL protection extensions, those who open sensitive websites using public networks – public Wi-Fi hotspots could be your nightmare.