Being on the move between destinations is one of the times we are most at risk of using WiFi access with poor security. Trains, airports and coffee shops are all examples of times we occasionally access the internet via a router without using any sort of password. We should all be very careful of the types of information we access at those times. But if you’ve used a password to log into WiFi, you’re protected, right?

Mary’s story

“I always felt so cool, so smart because whenever I traveled, I could manage to stay connected by jumping from public hotspot to public hot spot without paying a penny”, says Mary, a 31 years old digital media executive from New York. Now, after a horrific incident during a trip last year, she fees silly and betrayed because a Public WiFi “stalker” managed to steal credit card and bank account information from her smartphone while quietly sipping a latte in a coffee shop in Europe. After the robber managed to shop successfully with her debit and credit cards, the bank was forced to freeze her accounts and suddenly she was without means to pay for her daily expenses overseas. She was forced to ask the airline to push ahead her flight reservation and returned home sad. It is not the end she had hoped for what should have been a wonderful trip.

Ever since, she rents a secure pocket WiFi product from TEP Wireless and she has recovered her faith in traveling connected and secure. Dr. William Nazaret, an expert in mobile internet and co-founder of TEP explains: “Mary was not doing anything unusual. As she understands now, it was crazy but not unusual to trust Public WiFi hotspots”. He continues to explain: “For the last 6 years we have been providing travelers with personal, secure WiFi connectivity for their travels abroad and we have never heard of a horror story like Mary’s among our customers”.

A revelation from the cyber-security industry this week has made this issue even more important, with the news that a loophole has been discovered allowing someone to intercept data even when using a password-protected WiFi network.

What is the KRACK vulnerability?

Most routers use an encryption method called WPA2 which has been around a long time but which was thought to be robust from attack. However, it’s been revealed this week that WPA2 can be exploited so that traffic sent between that router and your device can be viewed IF the traffic is not also being encrypted by an SSL protocol (i.e. web services using HTTPS at the start). This is the vulnerability known as KRACK.

What’s affected and how?

Both routers and the client devices they connect to are at risk. Most routers use WPA2 and it’s known that Android 6.0 and above devices are also especially at risk. Remember that an attacker must also be physically in range of your WiFi network to be an issue, they can’t threaten you remotely, so you are at less risk in an area with few people around, but more so in a city. They also can’t determine your WiFi password via this method so you don’t need to change it, but they can access data going back and forth between your device and the router.

As in Mary’s story, a typical example of a dangerous situation for a traveler might be using a website form to book a hotel, restaurant table or excursion. If you include any personal or financial information in that message it could be intercepted by someone when you click submit.

What can I do to stay secure while travelling?

At home, you will know when your devices and router are patched. But for travelers, you can’t easily find out whether you are accessing a safe or unsafe router now that even a password-protected one is vulnerable. Mobile data is not subject to this vulnerability so you can use that safely but of course, if you are abroad that could incur huge costs.

TEP’s device, which users call affectionately Teppy, gives you two crucial advantages over using a fixed WiFi network.

  1. You and your device are always on the move together. WiFi hotspots are easy to eavesdrop on because they are fixed and all the stalker need do is sit within range of the hotspot waiting for the next victim to enter. Our Teppy is in your pocket or purse and moves around with you wherever you go. This mobility complicates the task of eavesdropping on your internet connection when you travel.
  2. You always know how many people are connected to your Teppy. You can easily detect the presence of stalker because it shows how many people (devices) are connected to your WiFi personal spot. If you see one more connection than normal, it is a sign someone may be WiFi stalking you. Because your Teppy is personal and only you or your travel partner know the password, it is harder for a stranger to invade your connection and your smartphone, tablet or laptop.

To avoid the risks of using public WiFi and create your own hotspot that travels with you by using a Tep portable wifi device. The device is only $8.95 per day for unlimited data usage, plus, you and your friends or family can all share one device (up to 5 gadgets can connect at a time). Tep’s portable device is amazingly travel-friendly too, it will slip into a handbag, pocket or rucksack. Find out more or buy/rent a device here.