For many, it has long been routine: When they arrive at a hotel or restaurant, they first ask for the WLAN. This is dangerous, experts are alarmed. The risks can be avoided.
If you activate the hotel WLAN search in your mobile phone, you usually get dozens of results, regardless of where you are. Whether it’s a hotel, restaurant or café, it’s good manners today to offer your customers free Internet access. So-called hotspots are also appearing in more and more public places. Mobile phone users, on the other hand, like to make use of the offers, either because they want to save data volume or because they are in a non-European country where they have no data tariff at all.
But what initially seems practical for the user can have serious consequences, warns Stefan Middendorf: “If you simply connect, you run a great risk. Middendorf is the Chief Commissioner at the Baden-Württemberg State Criminal Police Office and is responsible for media security. His experience: “Although they should actually know better, many users treat their data naively.
With regard to public WLANs, this means that they use the connection as if they were in their home WLAN or in their own data tariff. For example, they send photos via Whatsapp, check their e-mails or search for new Amazon offers. If the passwords are stored on the mobile phone, the user doesn’t even have to take any action himself; the synchronization of the e-mails, for example, is fully automatic.
The problem is that a public WLAN is not the same as a private WLAN at home. The crux of the matter is the router that transmits the data. Anyone who has control over the router also has control over the data – and in case of doubt can use it for illegal purposes. “If a ‘bad guy’ stands behind the router, there are many possibilities like malware or viruses“.
The danger is obvious in shops like Amazon, where payment data is stored
If a criminal can access the data via the router, he can order whatever he wants via the mobile phone owner’s account. The situation becomes even more critical if he can also access the e-mails. Then he can reset the passwords at Amazon, for example, and have new ones sent to him, or even connect the account to another e-mail address. The mobile phone owner then no longer has access to his own data and can do nothing against the criminal plundering his accounts.
Middendorf also strongly advises against online banking via open WLAN. Transfers usually have to be confirmed by SMS tan. But there are Trojans like Android.Smsspy.88.origin that intercept SMS messages and forward them to other devices. In 2016 alone, over 40,000 mobile devices worldwide were infected with the Trojan. If the criminal succeeds in doing this in an open WLAN, he will have the complete finances of his victim in his hands.
Nevertheless, mobile phone users do not have to panic if they want to use other people’s WLANs, says Middendorf. “Not every hotel WLAN is bad. It is much more important to take a close look at the WLAN. Many hotels protect their wireless networks with a password or direct users to a login page if they want to use the network. These WLANs are generally comparatively secure, says Middendorf: “Hotels have a vested interest in ensuring that their guests are not harmed.
The situation is different, however, if a WLAN is actually open
This is the case in many bars and cafés. Hackers can hijack the insecure connection here. Some criminals even offer open WLANs themselves, so-called “honey pots”. They then carry a name that is based on the official name of a nearby hotel or restaurant. Thus they weigh the mobile phone user in security. Middendorf therefore advises to always have the receptionist or waiter give you the concrete data of the WLAN – and never to send sensitive data via open WLANs.
In any case, Middendorf would be careful with sensitive data and public WLANs, even if the connection is password-protected: “A password minimizes the risk, but it doesn’t switch it off.” Surfing news sites or looking at the weather forecast is unlikely to cause a problem in many cases. However, as soon as it comes to login data, Middendorf advises you to use your own data tariff – or a VPN.
VPN stands for “Virtual Private Network“, a virtual private communication network. The VPN establishes a password-protected tunnel through which data can be transmitted without anyone else being able to access it. Many companies use VPN so that their employees can also access files and programs from outside the company network. But there are also a number of providers that offer VPN services for end customers, both paid and freeware.
Of course, this means an additional task for the individual, but Middendorf is convinced that everyone here has to take responsibility for themselves: “We all have a digital self and we have to protect it. Otherwise the consequences could be very expensive.