March 7, 2014

Free wi-fi security threats – what can app developers do?

Written By Martin Sandhu

Starbucks Wifi

There’s been somewhat of a frenzy this week over the risks of wi-fi hotspots to users. The media went into overdrive after Europol told BBC Click “people should send personal data only across networks they trust.” Cue lots of people saying “well obviously”.

Whilst it may sound obvious to many, the warning came after the cybercrime centre noticed a growing number of attacks via public wi-fi networks. Head of the centre Troels Oerting told the BBC, “We have seen an increase in the misuse of wi-fi, in order to steal information, identity or passwords and money from the users who use public or insecure wi-fi connections. We should teach users that they should not address sensitive information while being on an open insecure wi-fi internet.”

These attacks are not particularly sophisticated, dummy wi-fi hotspots are set up which mimic those often seen in public spaces, when a user signs into an account, makes a purchase or checks their bank balance the data sent over the network can be captured by attackers.

Mobile security should be paramount to the user. There is still a level of naivety when it comes to using mobile devices, apps and publically accessible internet connections, which is precisely why this these attacks continue to occur and why the message needs to be repeated. That said, times when people utilise these services peak times for businesses and app developers, so education is needed rather than scaring people off.

So, is it time for app developers to start taking some responsibility? Building features and functions into apps that mean users can continue to use them but at the same time alert them to or prevent them from sharing sensitive date when they may be at risk. For example banking apps could show a warning at login reminding users not to continue if they are using a wi-fi hotspot. M-commerce apps and websites could focus on a simple shopping basket ‘save’, giving users the opportunity to browse and decide on purchases and then buy when they are connected to a secure network.

These networks are often used during commuting time or when waiting for friends and colleagues in a bar, so they are the perfect opportunity for browsing online, playing games and general smartphone usage. It’s second nature now for people to simply go through the motions, without considering how their data is being used. It’s in the best interests of marketers to make sure that users feel comfortable enough using their apps on these networks, but at the same time are aware of the security risks.