My Facebook friend Jeff Wegge asked: “Security question Bob. Is the hotspot on my mobile verizon phone any more secure than public Wi-Fi?”
This is a most excellent question! Generally speaking, the mobile hotspot will be more secure for two reasons The first is that only you are likely to be using it, unless you explicitly shared the SSID (network name) and passphrase with someone else. The second reason is that the session is encrypted which prevents eavesdroppers from ever knowing what you are doing with the connection. The presence of the passphrase, which is also the encryption key, means the session is private.
Coffee shop and public wifi systems usually DO NOT require any kind of passphrase, and so the wireless connection is NOT encrypted. This means that someone with a laptop and network sniffing software like Wireshark could be reading the wireless traffic and harvesting user names, passwords, credit card numbers, and whatever else is going on in the room.
The present or absence of a passphrase determines whether the session is encrypted or not, regardless of location. My wish for the new year is that public wi-fi providers start providing passphrases so my session can be encrypted. You could paint the wireless passphrase on the wall, and the session would still be secure.
Share
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com