Andy sent in a link to a really interesting article over on medium.com about exactly how easy it is to be hacked if you’re using open wifi networks. Mauritius Martijn takes a trip to a random cafe in Amsterdam with Wouter Slotboom who uses a small black device to spoof the wifi network in the cafe. Bart has been warning us for years about his but reading exactly what this guy was able to do is pretty chilling.
One of the things that makes it so easy is that our devices will automatically connect to a network which we’ve already connected to in the past. So imagine you’ve been to a Starbucks and connected to the wifi network called Google Starbucks, his device can tell you’ve been attached to that network in the past. All he has to do is create a hotspot called Google Starbucks and your device will auto-connect to that network. Once your device connects to his network, he has access to all of the traffic you send – user names, passwords, everything. You are owned.
This got me to thinking. I have mentioned before that for the teeny tiny fee of $3/month, I have all of Steve and my devices protected by the VPN service from Cloak. I wrote to the folks at Cloak asking whether I was protected, since those same fake names could be used to trick me. At first I had my brain backwards on this, I asked whether if I told Cloak to trust Starbucks Google, would the hackers be able to get to me, and Dave said that they WOULD be able to get to me.
I realized on my second message to him my mistake. The most important thing in Cloak is that you DON’T tell it to trust any open wifi networks (like Google Starbucks) which means it’s ALWAYS securing you when you’re on that network. I wanted to make sure I understood so I wrote this to him:
One of my favorite things is walking into Starbucks and seeing that nice VPN logo jump up as soon as I connect to that non-trusted network. Now my understanding is that if Starbucks has configured things in a reasonable way, I AM protected by Cloak, right? Someone spoofing the Starbucks Google Wifi name wouldn’t grab my connection before Cloak can save me?
To which he replied:
That’s correct. Even if you connected to a spoofed Starbucks network (let’s call it “evil starbucks”), Cloak for Mac’s OverCloak feature will prevent you from leaking information until after it has successfully secured your connection. (And if Cloak for Mac can’t secure your connection on “evil starbucks”, it simply won’t let you access the Internet. Annoying as heck, but preferable to the alternative!)
In a follow-on conversation Dave pointed out that it’s also important to make sure you rename your home network to something unique. For example, if you have a Linksys router and don’t rename it, but tell Cloak to trust it, then when you waltz into Starbucks you KNOW the hacker is going to have one of his/her fake networks called Linksys.
I’m really glad Andy sent this article over, because it made me really think and understand how important it is to have a VPN service like Cloak to protect us on insecure wifi networks. I understand it even better than I did before and will ONLY trust networks I actually know. If you want to be protected for a measly $3/month, check out Cloak at getcloak.com/. By the way if you use up the 5GB you get for that $3/month, you can upgrade mid-month to an unlimited plan for only $10/month and they PRORATE your plan! So it’s really inexpensive, and it will keep you safe on ALL of your iOS and Mac devices.