Mobile Wi-Fi security threats

Most Wi-Fi hotspots aren’t encrypted, thus anyone within range can eavesdrop on the data you send and receive from the Internet and your mobile device. The same applies when using a laptop on a hotspot, or your computers at home on your own wireless router if it isn’t encrypted with WEP, WPA, or WPA2 security.
Eavesdropping on Wi-Fi connections isn’t rocket science. It just takes a curious individual with free tools and some spare time. There are many software programs out there that can capture and display your data that’s being transmitting through the air waves.
Some programs show just the raw data packets but some make it much quicker and easier to get to the real prize. For example, some programs such as Firesheep and SniffPass simply listen for and show login credentials to unsecured sites or services, like social networking sites and Web-based or POP3/IMAP email accounts. Some programs such asEffeTechHTTPSniffer can even capture and reassemble the webpages you are viewing and files you transfer.
Though eavesdroppers can capture data packets of your online banking and sensitive transactions when using Wi-Fi, the data is encrypted if it’s secured with SSL (like most sensitive sites are). The eavesdropper just sees a bunch of gibberish. The same goes with other services. For instance, if you check your email through the browser or a client app on the device and it’s secured with SSL, you don’t have to worry.

Combating mobile Wi-Fi security threats

The first line of defense to combat Wi-Fi eavesdroppers is to make sure any sensitive website you login to or service you setup on the phone (like email), is secured with SSL encryption.
If a website connection is secured, the address will begin with https instead of http, and you usually should see a pad lock or other indicator showing SSL encryption is in use. However, the problem is that many popular sites that aren’t highly sensitive still don’t fully use this encryption, such as Facebook, Twitter, Yahoo, and many others.
If you use the device’s email client rather than a website to check your email, open the account settings and ensure SSL encryption is set for both the incoming (POP3 or IMAP) and outgoing (SMTP) servers. Unfortunately, many email providers don’t support encryption.
Remember, not all Wi-Fi hotspots are left unsecured, either. Some larger hotspot networks (such as T-Mobile and iBahn) use WPA/WPA2-enterprise security with 802.1X authentication to secure your wireless connections from eavesdroppers. When using encrypted connections like this you don’t have to worry about local eavesdroppers capturing any of your data, even if you are not using SSL encryption.
Keep in mind: This isn’t the case if the hotspot is secured with WEP or WPA/WPA2-Personal (PSK) as other users on the network can still capture and decode your traffic.
One way to mitigate Wi-Fi security issues is to limit your usage of hotspots completely. When out and about, away from your home or work network, use the cellular data connection instead. Though it’s slower, most cell service providers encrypt the data traffic traveling to and from cell towers and your device. This greatly reduces the chances of an eavesdropper from capturing your traffic and intercepting passwords and sensitive data not already encrypted — and giving encrypted traffic double encryption.

Use a VPN for full security

If you’re really concerned about your mobile Internet security, consider using a Virtual Private Network (VPN) on both your Wi-Fi and cell data connections. When connected to a VPN, all your Internet traffic travels through an encrypted tunnel, guarding it from local eavesdroppers. It protects your traffic and passwords not already encrypted and also gives encrypted traffic double encryption. In addition to encryption purposes, VPNs can also give you secure remote access to files and network resources at work or home.
iOS — iPhone, iPad, and iPod Touch — and Android are two popular mobile platforms that include native VPN support. Most other platforms include some type of VPN functionality but usually require you to have a special server in addition to a VPN server.
For devices that support regular VPN connections, you can use a VPN from work if they provide one or setup your own VPN server at home using Windows or a third-party server. You can also use hosted services, such as from Witopia or try free services: Free Shield VPN or Hotspot Shield.
Remember, encryption is the key to securing your Wi-Fi traffic. Use HTTPS/SSL encryption, try to use secured hotspots, or avoid hotspots altogether by using the data plan. If your device supports VPNs consider using it.
Wi-Fi is only one of the many security concerns you should have about your mobile gadgets. Remember to also regularly backup your device and set a lock-screen or device password. For the best security, consider a mobile platform that has full device encryption, such as iOS or BlackBerry. This will protect the information stored on it from even the most determined hacker.