Open wifi for hub app -- any risk?

[MujerIsla]

Hi all. Bear with me as I continue to ask random questions I can't find the answer for on Carnival's website! Is the free wifi network you connect to in order to use the hub app truly an open network? I don't usually use open networks without passwords, given the security risk, so wondering how it works on the ship. I know people aren't on vacation to hack into my phone, but it's a very easy thing to do on an open network, and I have a lot of sensitive info on my phone. I'm careful about passwords and virus/threat protection normally. Any info, tips, or advice? Thanks!

[mamiamjo]

Yes, it's an open network. We haven't experienced any security issues but can't rule out the risk. You might try using a mobile security app like Norton 360 to help reduce any risk.

Edited October 24, 2023 by mamiamjo

[klfrodo]

Yes, it's an open network. Therefore, the security risk is real. How concerned one should be is up to each individual and their risk tolerance level.

[weezal]

take precautions as with any public wifi, such as in hotels, businesses.

[MujerIsla]

4 minutes ago, weezal said:

take precautions as with any public wifi, such as in hotels, businesses.

So what does everyone do for security? I might be able to dig up an old phone I can use just for the wifi. But it sounds like you absolutely have to have the app for everything, and therefore open wifi. Maybe I'm just paranoid about the risk of hacking?

 

Does anyone here who's smarter than me think just signing out of my google account (and therefore all its stored passwords) would be enough of a layer of protection, or doesn't it work like that?

[mz-s]

If you are worried about things like this it may make sense to go to Walmart and buy a cheap prepaid smartphone (most of the time you don't need to actually activate them with a cell plan, you can use them entirely on wifi). Use that device when traveling.

[mz-s]

21 minutes ago, MujerIsla said:

So what does everyone do for security? I might be able to dig up an old phone I can use just for the wifi. But it sounds like you absolutely have to have the app for everything, and therefore open wifi. Maybe I'm just paranoid about the risk of hacking?

 

Does anyone here who's smarter than me think just signing out of my google account (and therefore all its stored passwords) would be enough of a layer of protection, or doesn't it work like that?

 

Personally I don't worry about it. Yes, the wifi is open so all traffic is unencrypted. But the worst someone could sniff would be me requesting a table for dinner. I just don't do anything sensitive on the ships. I never buy the wifi.

[MujerIsla]

4 minutes ago, mz-s said:

 

Personally I don't worry about it. Yes, the wifi is open so all traffic is unencrypted. But the worst someone could sniff would be me requesting a table for dinner. I just don't do anything sensitive on the ships. I never buy the wifi.

Thanks. I guess that's where I need more info: do they only have access to whatever I'm doing at the time on that network, or does being on the same network afford them the ability to actually get into a device (eg, my phone) and get anything from it (eg, my bank login that I used last week, though now I'm signed out; or my google password, which has stored passwords to other accounts)?

 

I might just use the dummy device option if I can find one. Or force my husband to be the app holder, since he doesn't keep our entire lives on his phone like I do.

[mz-s]

4 minutes ago, MujerIsla said:

Thanks. I guess that's where I need more info: do they only have access to whatever I'm doing at the time on that network, or does being on the same network afford them the ability to actually get into a device (eg, my phone) and get anything from it (eg, my bank login that I used last week, though now I'm signed out; or my google password, which has stored passwords to other accounts)?

 

I might just use the dummy device option if I can find one. Or force my husband to be the app holder, since he doesn't keep our entire lives on his phone like I do.

 

The chances of someone being able to gain access to your device simply because you're on the same wifi network are very small.

[staceyglow]

10 minutes ago, MujerIsla said:

Thanks. I guess that's where I need more info: do they only have access to whatever I'm doing at the time on that network, or does being on the same network afford them the ability to actually get into a device (eg, my phone) and get anything from it (eg, my bank login that I used last week, though now I'm signed out; or my google password, which has stored passwords to other accounts)?

 

I might just use the dummy device option if I can find one. Or force my husband to be the app holder, since he doesn't keep our entire lives on his phone like I do.

If it means anything, I have been following this board for awhile and I don't recall anyone bringing this issue up before.  I have also never heard of anyone getting "hacked" on the ship, either.  

 

If you want to steal data by hacking a network, it would be pretty inefficient to do it on a cruise ship app that has very little (if any) valuable information.

[TerReuv]

On 10/24/2023 at 3:02 PM, staceyglow said:

If it means anything, I have been following this board for awhile and I don't recall anyone bringing this issue up before.  I have also never heard of anyone getting "hacked" on the ship, either.  

 

If you want to steal data by hacking a network, it would be pretty inefficient to do it on a cruise ship app that has very little (if any) valuable information.

 

I was going to say the same thing.  I have been on this site for a little over 10 years and am on several FB pages that are relevant to Carnival and also have never seen anyone report someone hacking their phone.  I would think if it happened, someone would have posted about it somewhere. 

[1stresponder2086]

Is it really open if it’s on the ship only?

[klfrodo]

So I asked this question on Chat GBT

"Can my phone be hacked if I'm on an unsecure open wifi connection"

 

NOTE: Before I copy and paste the answer, just note that the answer is generated by AI. The validity and/or correctness of the answer has to be verified by yourself.

Myself? I never use a public wifi connection unless I have to and if I do, I will always use a VPN as an additional layer of security. VPN does slow down connectivity..

 

ChatGPT's answer:

"Yes, it is possible for your phone to be hacked or compromised when connected to an unsecured open Wi-Fi network. When you connect to an unsecured Wi-Fi network, your data is transmitted without encryption, making it easier for malicious actors to intercept and potentially manipulate your data. Here are some ways your phone could be compromised on an unsecured Wi-Fi network:

1. Eavesdropping: Cybercriminals can use readily available tools to intercept and monitor the data transmitted over the network. This includes capturing your login credentials, personal information, and other sensitive data.

2. Man-in-the-Middle (MitM) Attacks: Attackers can position themselves between your device and the websites or services you are accessing, allowing them to intercept and modify the data flowing between you and the intended server. This can enable them to steal information or inject malicious code into your communications.

3. Malware Distribution: Malicious actors might set up fake Wi-Fi hotspots with names similar to legitimate ones to lure users into connecting. Once connected, they may distribute malware to your device.

4. DNS Spoofing: Attackers can manipulate the DNS (Domain Name System) settings on the network, redirecting your web traffic to malicious sites without your knowledge.

5. Session Hijacking: If you are logged into sensitive accounts while connected to an unsecured network, an attacker could hijack your active sessions and gain unauthorized access to your accounts."

[CruiserLucas]

I wouldn't greatly worry about it. But here are some practical tips, including one I've done when traveling abroad (not on a cruise, though).

1. Old phone/burner phone. Bring a secondary device that is new or that you wiped and reset. I did this with an old phone in place of my regular phone when traveling to a country that has a tense relationship with the US and a large security state that I was worried could stop me, search me, and use even innocuous information against me.
2. What can you remove from your phone that isn't needed on a cruise? You mentioned Google Drive information. Since that's cloud based, you don't need that on your phone, so removing the Google apps from your phone or other cloud based apps would reduce your risk of someone accessing it; same with banking apps and such. If your husband can get along without the information on his phone, you probably could, too. 
3. Install a security application. I use Avast for my devices, which has a built-in VPN. That can help detect and prevent threats, block malicious sites if one gets hijacked, etc.

[MujerIsla]

14 hours ago, klfrodo said:

So I asked this question on Chat GBT

"Can my phone be hacked if I'm on an unsecure open wifi connection"

 

NOTE: Before I copy and paste the answer, just note that the answer is generated by AI. The validity and/or correctness of the answer has to be verified by yourself.

Myself? I never use a public wifi connection unless I have to and if I do, I will always use a VPN as an additional layer of security. VPN does slow down connectivity..

 

ChatGPT's answer:

"Yes, it is possible for your phone to be hacked or compromised when connected to an unsecured open Wi-Fi network. When you connect to an unsecured Wi-Fi network, your data is transmitted without encryption, making it easier for malicious actors to intercept and potentially manipulate your data. Here are some ways your phone could be compromised on an unsecured Wi-Fi network:

1. Eavesdropping: Cybercriminals can use readily available tools to intercept and monitor the data transmitted over the network. This includes capturing your login credentials, personal information, and other sensitive data.

2. Man-in-the-Middle (MitM) Attacks: Attackers can position themselves between your device and the websites or services you are accessing, allowing them to intercept and modify the data flowing between you and the intended server. This can enable them to steal information or inject malicious code into your communications.

3. Malware Distribution: Malicious actors might set up fake Wi-Fi hotspots with names similar to legitimate ones to lure users into connecting. Once connected, they may distribute malware to your device.

4. DNS Spoofing: Attackers can manipulate the DNS (Domain Name System) settings on the network, redirecting your web traffic to malicious sites without your knowledge.

5. Session Hijacking: If you are logged into sensitive accounts while connected to an unsecured network, an attacker could hijack your active sessions and gain unauthorized access to your accounts."

Thank you! Wish I would have thought to have done the same search. All 5 of these areas will be non-existent or at least limited, as we'll only be sending information in the Hub app. It doesn't sound like a hacker can get on your phone and "see" old logins or data, but rather they can only steal what you're doing in real time. 

[MujerIsla]

16 hours ago, 1stresponder2086 said:

Is it really open if it’s on the ship only?

Yes, still open in the sense that the other 4000 or so passengers would have the potential to get to your information. I'm just hoping that most of them aren't smart enough to do so. 😄

[MujerIsla]

3 hours ago, CruiserLucas said:

I wouldn't greatly worry about it. But here are some practical tips, including one I've done when traveling abroad (not on a cruise, though).

1. Old phone/burner phone. Bring a secondary device that is new or that you wiped and reset. I did this with an old phone in place of my regular phone when traveling to a country that has a tense relationship with the US and a large security state that I was worried could stop me, search me, and use even innocuous information against me.
2. What can you remove from your phone that isn't needed on a cruise? You mentioned Google Drive information. Since that's cloud based, you don't need that on your phone, so removing the Google apps from your phone or other cloud based apps would reduce your risk of someone accessing it; same with banking apps and such. If your husband can get along without the information on his phone, you probably could, too. 
3. Install a security application. I use Avast for my devices, which has a built-in VPN. That can help detect and prevent threats, block malicious sites if one gets hijacked, etc.

Thanks. I have Avast as well. I'm leaning towards using my husband's phone instead.

[hard_eight]

16 minutes ago, MujerIsla said:

Yes, still open in the sense that the other 4000 or so passengers would have the potential to get to your information. I'm just hoping that most of them aren't smart enough to do so. 😄

Think of the fortune a crew member could make mining passenger data...