Nothing feels better than full bars of a Wi-Fi network with fast speeds. Coupling this with a few security mechanisms such as using HTTPS, you’re about to browse the internet without any worries at all. But that’s not the case. Even with HTTPS, some of your internet traffic is still vulnerable to malicious actors in public Wi-Fi.
HTTPS explained
HTTPS, Hypertext Transfer Protocol Secure uses the Transport Layer Security (TLS) protocol to ensure your connection to the website from your web browser is secure. In a nutshell, the additional security layer encrypts your internet traffic from your device to the website you’re visiting. It makes use of certificates to ensure verification that the site you’re visiting is legitimate. This makes it harder for you to land on a wrong site and intruder won’t get your data easily.
But even with this encryption, your entire device internet traffic is not secure as HTTPS only encrypts your web traffic. This puts your other internet traffic such as the ones that involve DNS queries vulnerable to cybercriminals. Here are some security risks malicious actors are likely to exploit if you only rely on HTTPS to protect you on public Wi-Fi;
DNS Leaks and Spoofing
When connecting to the internet, your device uses DNS request to get you to the content you want. Most times, these requests are not encrypted. Since public Wi-Fi has little or no security, malicious actors can get your DNS request and response easily, by using some cheap tools. Even when there are no malicious actors, the public Wi-Fi DNS solver can’t still be trusted as it can also collect your data and even use it for other purposes.
DNS spoofing is more dangerous as it even fools users to think they are visiting a legitimate site, even with HTTPS on. Once a malicious actor has your DNS requests, they can redirect you to their spoofed site. This is possible through DNS poisoning. The spoofed site can even have a valid HTTPS certificate, and your browser won’t flag it down. For instance, you were accessing ‘ipburger.com’ the spoofed site might read ‘ipbuger.com.’ unless you’re keen, you won’t notice the differences, and you might end up giving away your personally identifiable information easily.
Punycode
Punycode is a way of transcoding hostname with Unicode characters to a subset of ASCII characters understandable by the DNS. For instance, a Hebrew website that uses the name ברוך הבא for its domain might be represented as xn--wedrf.com. With the recent developments in the cybercriminal world, malicious actors discovered that browsers could be deceived if the Punycode is reversed and something similar is used. Even with HTTPS, your data will be vulnerable if you land on a spoofed Punycode site. But this vulnerability can be eliminated by updating your browser.
Solution – IPBurger VPN
Besides using HTTPS on public Wi-Fi, to ensure ultimate security, use a VPN. A VPN protects you against all forms of vulnerabilities that are targeted towards your internet traffic. A VPN does this by encrypting your entire internet traffic from your device to the internet. A VPN also uses their DNS resolver, and hence you don’t have to worry about DNS vulnerabilities. These encryptions ensure that your internet traffic is invisible to prying eyes including your ISP.
A VPN such as IPBurger uses other security mechanisms such as a kill switch and also protects you against DNS leaks.
Besides security, a VPN also ensures your privacy by assigning you a virtual IP address. This virtual IP address replaces your actual IP address which in turn hides your real location. This helps you achieve anonymity while surfing the internet.
