In this month’s One-on-One blog, ExpertFlyer talks with Kent Lawson, Founder & CEO of Private Communications Corporation, a security technology company that protects personal data and information online. PRIVATE WiFi, the company’s flagship software product, encrypts all computer data across unencrypted WiFi networks, ensuring online privacy for those without access to virtual private networks (VPNs).
Kent talks about the silent security threats lurking at the more than 12 million unencrypted WiFi networks worldwide, including airports, hotels, coffee shops, public parks, etc., where public WiFi is available to travelers. Kent is donating a one-year free subscription to Private WiFi as part of ExpertFlyer’s August Facebook Giveaway Sweepstakes. Enter here before August 30th.
“WiFi signals are just radio waves… So the guy sitting a few tables away in a coffee shop or in another hotel room down the hall or a few rows away in an airplane can access everything you send or receive.”
– Kent Lawson, Founder & CEO, Private Communications
You founded your company and flagship encryption software, Private WiFi, in 2010. Talk about the genesis of this product and why you developed it?
In the spring of 2010, there was an article in the Wall Street Journal on the dangers of public WiFi hotspots in hotels, airports, coffeeshops, public parks, etc. When it came to the end of the article, instead of saying what you could do to protect yourself, the article just ended – saying, more or less, “good luck.”
I had been retired for 12 years from my previous software company at that point. I knew there had to be a better answer and I knew that there was going to be a huge demand for online protection since virtually everyone would be using WiFi hotspots. I looked around at the potential competition and felt that no one was doing it seriously. So, I un-retired myself (the same year I got my Medicare card!) and started PRIVATE WiFi.
How vulnerable is the “regular Joe” traveler when it comes to getting personal information hacked or having one’s identity stolen?
Very. Actually, the more that I looked into the issue, the more I became convinced how important it was.
computer hackers
WiFi signals are just radio waves. So all you need is a receiver tuned to the right frequency to intercept all communications to and from everyone in a WiFi hotspot. So the guy sitting a few tables away in a coffee shop or in another hotel room down the hall or a few rows away in an airplane can access everything you send or receive.
It’s called “sniffing” and it is the ultimate stealthy crime, because there is no way to know it is happening until it is too late. But here are some known instances:
According to a FOIA request I filed with the Federal Trade Commission, an airline passenger complained that he used his credit card to make a purchase online. Two days later, there were thousands of dollars of unauthorized charges on his card.
A woman told me she’d accessed her PayPal account with her smartphone. Funds were withdrawn by a hacker within 10 minutes.
A man wrote me that his email account was hacked soon after accessing it on Amtrak.
As one security consultant said to me: “We all know this is going on.”
Why don’t the businesses and organizations offering free WiFi encrypt the data so users’ information is safe?
Their goal is to provide convenient and fast WiFi access. It is the individuals’ responsibility to protect themselves while using a WiFi hotspot- not the WiFi provider’s, ISP’s, or the website’s responsibility.
Look at it this way: It is just like antivirus and firewall. Your email provider probably does some filtering for malware on its server, but you would not think of using a computer without having your own antivirus and firewall protection. We see protecting WiFi as the third leg of this online security requirement.
Are some WiFi hotspots riskier than others and why? Is WiFi in the home safe from hackers?
Almost all WiFi hotspots have no security at all. Some hand out passwords, but that is to limit access, not to provide protection. So whether it is free or paid, with or without a password, you should assume that, as we say, “Public WiFi is just that. Public.”
Your home WiFi should be safe, but it may not be if your router is old or you did not set it up properly. The Guardian newspaper reported that 55% of all home WiFi networks in London were vulnerable.
How do you know if your home WiFi is safe and what steps should one take to ensure it is protected at home?
The technical answer is that you should be using either WPA or WPA2 encryption. The older WEP can be cracked in minutes. But if you don’t have a geek handy to check it for you, and your router is more than 6-8 years old, you might consider just replacing it.
Or simply use a VPN (“Virtual Private Network”). All VPNs provide encryption. But PRIVATE WiFi uniquely evaluates the WiFi connection and activates automatically if it is insecure. So it is protection that you do not have to think about.
If you’re using an unprotected public WiFi service, what online activities should you specifically avoid to protect against hacking?
I do not think you should use any public WiFi without a VPN. No matter how careful you are, you’ll be leaving bread crumbs for the identity thieves. And they don’t need too many to steal the whole loaf.
Professionals need to protect their clients’ confidentiality. A committee of the California state bar association issued an opinion that it is unethical to transmit client information at a WiFi hotspot without encryption.
Large businesses all have IT departments which provide in-house VPNs for their employees who travel. Small and medium-sized businesses are just as vulnerable so they need to use VPN services such as PRIVATE WiFi.
How does PRIVATE WiFi protect consumers from hackers and identity thieves?
We download a small piece of software onto your laptop, phone or tablet. Then everything going in or out of your device will be encrypted. So if a WiFi hacker does try to listen in, everything will look like gibberish. One of our servers out there “in the cloud” does the decrypting and sends your information on to the correct web site.
How does your new Private WiFi iOS app work? What’s the difference between this and your subscription service? Will you be launching an Android version soon?
Our mobile versions have a smaller footprint than our laptop software and we charge differently for them. For iPhones and iPads, we measure your usage by the amount of data transmitted, just like your data plan. You get 500 megabytes for free, then you can “top up” for $1.99 for 1 GB or $7.99 for 10GB. Our laptop customers have unlimited data usage, for $9.95/month or $84.95 per year.
Our Android product will be out in the fall.
What do you see as the next big mobile security threat – what do smartphone, tablet and laptop users need to watch out for?
The next big threat is already here: It’s using WiFi hotspots without encryption. WiFi is becoming ubiquitous. Cell phone companies are pushing data off their networks onto insecure WiFi. Cable companies are setting up large WiFi networks so their customers are not tethered to their cable modems. Airports, parks and cafes are filled with people using WiFi. And it’s compounded by the rise of mobile malware. Hackers know that most smartphone and tablet users don’t use security software to protect their devices. And they’re taking full advantage.
Here’s a pretty good indicator of the risk: According to a 2013 report by Javelin Strategy & Research, tablet users are 80% more likely to experience identity fraud than the average consumer.
What other types of privacy communications products will you be introducing over the next couple of years?
We are working on a product to inform people when they are using an insecure WiFi network. And another one to demonstrate just how much they may be putting themselves at risk if they do not protect themselves.