I live in a building with free WiFi access for all of the 30plus tenants. I've lived here for just over a year, the WiFi password has never changed. I added a WiFi extender to address the deadzone where I'm at in the building which has worked great. I use the building WiFi to surf the net, online banking and online purchases, using my phone and tablet both android OS. Should I be concerned about security/privacy?
-
Even if there is a password the fact that it never got changed effectively makes the network kind of open/public. Therefore possible duplicate of [How much of a risk to students is an open WiFi network on campus?](http://security.stackexchange.com/questions/73226/how-much-of-a-risk-to-students-is-an-open-wifi-network-on-campus-edit-please-r), [Are there risks associated with connecting to a public hotspot?](http://security.stackexchange.com/questions/46533/are-there-risks-associated-with-connecting-to-a-public-hotspot). – Steffen Ullrich Nov 19 '16 at 17:03
2 Answers
You should be concerned only when using non secure connections ie.http these connections can be sniffed.
what is important is to be aware of various attacks against encrypted connections, basically, ensure you do not accept new SSL certificates if prompted, unless 100% sure.
another important thing is to ensure your software firewall blocks inbound connections, if you're running a service that requires inbound port to be open, ensure software listening on this port is fully updated.
also, keep in mind if your PC/phone is infected already then all of the above doesn't make sense, in which case you should fix that first.
- 117
- 5
Yes you should be concerned.
- Your traffic can be sniffed
- Your system can be fingerprinted and exploited with zero-day vulnerabilities
- If you are slow in patching and there is a known exploit. One got make use of that exploit and take over your system
- One could shut you out from the internet.
- Others could spoof your mac address/ip address
- There are many possiblities.
So what you probably should do is ensure you are always having latest patches. Keep your antivirus up to date, have your firewall block inbound connecting, ensure any sensitive sites or transactional sites have SSL(even if you are using any messaging service).
Be vigilant and if you happen to see this when you are accessing a website, don't just click ignore.
So yes again, you should be concerned irregardless
- 1,263
- 1
- 9
- 21