Why Public Wi-Fi Isn’t Secure Enough

Posted by kayo — 26 January 2022

While many of people use Wi-Fi when they are out an about, there is much precautionary advice about using unsecured public Wi-Fi, which could allow a hacker sitting either a few yards away from them, or even miles away to gain access to their laptops, tablets and smartphones to steal passwords and sensitive data. By Michael Wakley, CEO of LeakSafe.

Wi-Fi isn’t sufficiently secure for a number of applications, including water leak detection. A report by Positive Technologies claims that in 92% of cases its researchers were able to externally penetrate 92% of companies’ internal networks in penetration tests in 2018. The researchers also found that at 87% of its tested clients, “Wi-Fi networks were accessible from outside of client premises, such as from a nearby cafe, parking lot, or public waiting area.” The culprit was often weak Wi-Fi security, which on 63% of systems enabled access to resources on the companies’ local network.

Positive Technologies finds that many firms are either failing to encrypt there Wi-Fi traffic too, or to implement Wi-Fi authentication using weak protocols – such as WPA2/PSK or WPA/EAP. Even firewalls, which are used to protect web applications, strong Wi-Fi authentication, strong and unique passwords, or employees trained to recognise phishing attacks, aren’t enough. Unpatched systems can often leave at least one door open to cyber-attackers.

Are VPNs the answer?

Proponents of secured Virtual Private Networks (VPNs) advocate that people should cloak their location on the network as the answer to securing their laptops, devices and applications. They claim that VPNs can reduce the chances of their devices being discovered, and therefore cutting the opportunity for them to be hacked. However, they aren’t always as safe as one might imagine. Francis Dinha, a member of Forbes Technology Council, explains in his article ‘Why The Wrong VPN Is More Dangerous Than No VPN’:

“If your data protection or cybersecurity plan includes the use of the wrong VPN, you could be unwittingly putting yourself in a much worse position than if you had no protection plan at all. I believe bad cybersecurity is much worse than no cybersecurity at all, and the best intentions in the world can still leave you and your company at risk if you don’t do your due diligence.” Some other commentators have said that a VPN can also be used by hackers to more specifically pinpoint someone’s location than if they’d had no VPN installed.

This is perhaps because not all VPNs offer the same levels of cyber-security. Dinha therefore comments: “Choosing a VPN without carefully vetting your provider could leave you unprotected and subject to risky liability issues — you may even accidentally download malware in the process.” He also warns: “Not all data protection and online security measures are created equal. Doing nothing is a terrible risk, while adding the wrong protection may be even worse — you’ll have opened the proverbial Pandora’s Box.”

It’s therefore important to consider the reputation of a VPN, to have a provider that cover all bases, engage with a VPN provider that conforms to industry standards, and it is essential to you a VPN provider that doesn’t permit the use of tools used for the Dark Web, such as BitTorrent.

Wi-Fi signals

Wi-Fi has another weakness: some buildings are built in such a way that the signals can’t pass through, and even in private homes the signal has a limited range. So, security is but one of the concerns – even for applications such as water leak detection. Michael Wakley, CEO of LeakSafe explains:

“My company recently completed a trial with a large American insurance group. The trial involved installing 20 water leak detection systems, linked to Wi-Fi. It took us 2 hours to install the systems, and wi-fi specialists 2 days to configure the Wi-Fi in a high net worth house. We all know in our own properties that our Wi-Fi system has dead spots. All you can do is put boosters in around the property, but you can’t resolve dead spots.”

He adds: “In contrast using alternative technologies like narrow band Internet of Things (NB-IoT) devices can gain deep in-building penetration. The aim is to deliver a good customer experience from a good piece of kit, otherwise you are in danger of losing your customer.”

Vodafone’s white paper, ‘Narrowband-IoT: Pushing the Boundaries of IoT’ comments that NB-IoT inherits LTE’s authentication and encryption…and mutually authenticates the network and the device. It encrypts traffic between the device and deep within the core network.” LTE is an abbreviation for Long Term Evolution, a 4G wireless communications standard.

So, while many companies and even some insurance companies are offering water leak detection solutions that run on Wi-Fi, his firm has opted to use NB-IoT and low-power Wide Area Networks (LPWANs) to optimise security, and data accessibility from the perspective of being able to monitor any water leaks within a building – whether that be an office or a private home.

Wakley explains why he chose this route over a Wi-Fi-based water leak detection approach: “LeakSafe use a standalone network because Wi-Fi is insufficiently secure and, if your Wi-Fi goes down, your leak detection also goes down.NB-IoT has nothing to do with your Wi-fi network at home. With leak detection it’s important to have an independent system that doesn’t rely on a wi-fi connected home.”

Insurer concerns

He reveals that insurance companies are understandably concerned about protecting data. With public, unprotected Wi-Fi, hackers can launch and attack and go through the backdoor. So, it is crucial to ensure that your Wi-Fi is protected. They love getting access to unsecured PCs, laptops, and device cameras. “The prospect of this is quite scary because once I’ve hacked into your Wi-Fi network, I can access everything on it and gain access to any cameras in your property to see what you are doing”, he says.

“Most of the leak detection companies that have launched new products in the UK in the last year rely on Wi-fi to deliver their systems”.Wakley’s company is using LPWAN and NB-IoT networks to ensure that its water leak detection systems are secured, easily accessible from any device and widely available.

Network security tips

As the reliability of water leak detection has insurance implications, the first tip is to install either LPWAN or NB-IoT solutions that enable leaking water to be monitored and turned off remotely. His second tip is to avoid public or even private Wi-Fi because of its security and in-building coverage shortcomings. As a third tip, it’s important to explore low-powered WANs as a more secure way of transmitting water leak detection data. It may also be wise to consider whether a person sitting in a cafe and using an insecure public Wi-Fi to control their leak detection system is covered from an insurance policy perspective. They could leave their organisation’s data exposed to attack, and so it’s important to ensure that all bases are covered.

The fourth tip is about making sure that insurance companies support any installed leak detection solutions – particularly to consider whether they offer any cost-savings. Having leak detection systems installed in a property or development will reduce the insurance risk, and this may translate as lower premiums or excess.

Avoiding calamities

Ultimately, with regards to Wi-Fi, it’s important to realise that firewalls aren’t often enough able to protect data from a hacker’s attack. Organisations therefore need to consider how to protect their applications, data and networks whenever they are in the field – even if this is for monitoring and preventing water or gas leaks remotely.

Without stringent security, even a hacked Wi-Fi based water leak detection solution could lead to data protection failures. It could even lead to a calamity such as water being turned on to flood a property rather than being turned off to protect it. Wakley therefore argues that Wi-Fi simply isn’t secure enough for water leak detection and remote risk monitoring in comparison to NB-IoT or LPWAN based systems.

By Graham Jarvis

Freelance Business and Technology Journalist

Leaksafe work with a number of leading insurers, brokers and their clients to reduce the risk associated with water damage