We’re halfway through National Cyber Security Awareness Month (NCSAM), and we’ve seen hundreds, if not thousands, of tips and tricks that users should follow to keep their data safe. The security of public WiFi connections has been a hot topic over the past few years, as more and more users are connecting to networks in their favorite coffee shops, retail stores, and even Mount Everest. It’s well documented that cyber criminals are using basic tactics to steal data — whether it’s setting up a private hotspot with a humorous name to entice users to join, or using sniffing tools to spy on public Internet traffic. Fortunately, WiFi users are beginning to understand that these networks are inherently insecure.
As users, it’s nearly impossible to understand every single feature on your mobile device, especially features that deal with privacy and security. But what if one simple housekeeping task on your mobile device could entertain you for a few minutes AND make you more secure? Then clear your preferred WiFi network list (SSIDs), and take a trip down memory lane.
To do that, first, here are some basics you should know :
What is a preferred network list?
It’s a list of familiar names of a WiFi network that your mobile device automatically recognizes whenever you are within reach. Think of it as the URL versus the IP address of a website, for instance “Google Starbucks”. Using an SSID simply makes it easier to connect to familiar networks instead of having to remember the network login and password each and every time you want to connect. Your network list could contain everything from your home network, to your local coffee shop, to the restaurant in Chinatown you frequent every Sunday night.
Why are preferred network lists dangerous?
Anyone can broadcast an SSID name and trick your device into connecting. These insecure networks let you join automatically (with or without a security passphrase), leaving you at the mercy of the owner of the hotspot, which could lead to any number of outcomes including the loss of sensitive credentials or other personally identifiable information (PII). Once you connect to these WiFi hotspots, it sends your data through that hotspot and could lead to a serious risk of phishing attacks or malware being loaded onto your device.
The broadcaster has all the power while you are using their hotspot.
By looking at a non-malicious use case, you can see just what kind of access a “broadcaster” gains once you are logged into their network. Earlier this year, inflight service provider GoGo was accused of executing man-in-the-middle (MITM) attacks on its users, when in reality they were simply issuing fake SSL certificates to throttle video streaming. A cyber criminal “acting” as GoGo could have performed many tasks without you ever realizing, such as blocking or censoring websites, capturing plain or encrypted data, installing malware, or even stealing passwords.
How do I purge preferred networks on a mobile device?
Android:
- Open the Settings app and head to “WiFi” settings
- Look for the WiFi router / network name that you want to forget
- Tap “Forget this Network” then confirm to drop the network from the list by tapping on “Forget”
iOS:
- Go to Settings
- Select Wi-Fi
- Select the blue i to the right of the network name (in older versions of iOS, this may show as a blue arrow)
- Select Forget this Network
- Confirm that you want to Forget the Wi-Fi network
On My PC?
- Open the “Control Panel”
- Select and open “Network and Sharing Center”
- Click on the “Icon” under “View your active networks”. This will open the “Set Network Properties” dialogue. Here, you can rename a network connection or change the icon for that network connection.
- Click on “Merge or Delete Network Locations”
On My Mac?
- Open System Preferences > Network
- Select WiFi > Advanced > WiFi
- Select the redundant “Preferred networks”
- Remove by clicking the “-“ button
- Uncheck “Remember networks this computer has joined”
Going through these quick and easy steps on a laptop or smartphone will bring up a list of every network you’ve ever joined (assuming you haven’t done this before); and trust me, it will bring back memories. If you want to cut through the hype of NCSA month “safety tips” and do one thing that will keep you more secure, go through your preferred networks list and have a field day.[su_box title=”About Scott Petry” style=”noise” box_color=”#336588″]Scott Petry is Co-Founder and CEO of Authentic8, Inc. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007. At acquisition he was EVP of product development and CTO. He served as Director of Product Management at Google until 2009. Prior to Postini, Scott was General Manager and Vice President of Cygnus Solutions (acquired by Redhat), Director of Advanced Messaging Products at SkyTel, and also served as Product Manager of Apple Computer in the Newton Group and the Networking and Communications group. He graduated with a B.S. degree from San Diego State University, where he was a four year oarsman. He was a member of the U.S. National Rowing Team, and earned a bronze medal at the 1987 World Championships.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.