The Risks of Public Wi-Fi – 9 Steps To Avoid Them

Imagine you’re out..

You hop on a public wi-fi network to check your email, peek at your social media feed, or even check your bank balance online. After all, everything should be safe because even though you’re on a free wi-fi network, you’re only accessing encrypted websites. There shouldn’t be anything to be concerned about with this free wi-fi network.

..Right?

Yet accessing encrypted websites, public wi-fi networks might still be dangerous. Public Wi-Fi is not as secure as it seems, even if it’s from well-known entities such as Starbucks.

The Attraction of Free Wi-Fi Signals

As a modern society, we thrive on being connected. The need to access the Internet to stay in touch with friends and family, to do business on the go. Because of this drive to stay connected, public wi-fi systems and free wi-fi networks are a staple of our everyday lives.

According to a Symantec Corporation 2017 wi-fi risk report, over 55% percent of consumers don’t think twice about providing personal data in order to access a free wi-fi network. That’s the pull of free wi-fi. From choosing a place to stay when traveling to going out to eat, we make our choices based on access to wi-fi.

For example, 43% percent of consumers will choose a restaurant, café, or bar based on whether wi-fi is available. Plus, a whopping 71% include wi-fi accessibility in their decisions on accommodation when traveling.

How many of us will forego certain places because they didn’t have free wi-fi visit a specific place because they had free wi-fi access?

It may sound ridiculous..

Yet it’s true.. So, imagine all of us, seeking free internet access on our mobile devices and not knowing who else may be on those networks. Do you know the person next to you on the same connection that you’re using, and do you know what they are doing? Can you say that if they are trying to steal information from your phone or laptop, you would be protected? In fact, Are you even on the correct business wi-fi account?

If you can’t answer these questions, then learning how to protect yourself on a public wi-fi connection is even more important.

So, what’s wrong with using free wi-fi?

While public wi-fi is convenient, it comes with its challenges and concerns. The main reason is that if you’re using an unsecured public network, you are giving easy access to your personal information.

According to Statista, 59% of public wi-fi users have logged into their personal email account. 25% have reported logging into their bank account or accessing financial information while on a public network.

This could be very dangerous!

Unsecured public wi-fi networks are not encrypted. This means that anyone can see what you’re doing over the internet. They’ll be able to see the websites you visit and what information you type into them. Even if they can’t see exactly what you may be doing on a secure website, they can still determine the site(s) you’re visiting. Because of this, they can use several methods to take advantage of you.

The Risks of Public Wi-Fi Networks

While the use of public wi-fi networks is almost universal, most users are in fact unaware of the many dangers they pose. These are some of the main issues you could face when connecting to public wi-fi networks.

  • Malicious Wi-Fi Hotspots

There are several ways in which a malicious wi-fi hotspot could be used to your detriment. There can be hotspots created just to target persons looking for free wi-fi networks. Or, they can be designed to intercept automatic connections to known networks.

  • Rogue Wireless networks

Unscrupulous persons can set up their own Wi-Fi networks for the sole reason of collecting the personal information/any data of users that connect to that network. For example, you may be in a store that offers free WiFi. You may see the name ‘FreeWifi’ and ‘FreeWifi2’. One could be the legitimate store wifi for patrons while the other was set up just to snoop on your data. Because the names are so close, it looks appealing and will mislead you.

Or, these hackers can set up legitimate-looking Wi-Fi names, not necessarily associated with a business. But, because these names seem trustworthy, you may be tempted to connect.

This type of setup doesn’t need any special equipment. All the thieves need is a laptop or smartphone or  a cheap hacking tool tool called WiFi Pineapple (it literally costs only $99) and they’re ready to start stealing your data.

You may see the name ‘FreeWifi’ and ‘FreeWifi2’. One could be the legitimate store wifi for patrons while the other was set up just to snoop on your data.

Once you connect to these rogue networks, the owner of the network can get access to data transferred across the network. Well, not if you use some of the measures we discuss below.

  • Evil Twin

Now, let’s look at what could happen if your device is set to connect to a public Wi-Fi network automatically.

If your device is trying to connect to a network, there is software that allows a malicious network to intercept and “pretend” to be the correct network. When your device connects, you then give attackers a direct link to your online activities on your computer or phone.

Or, there may be a wi-fi network available that looks like one you’ve used in the past and you click and connect to it. This is similar to the rouge network setup.

  • Man-in-the-Middle Attacks

This is one of the most popular public wi-fi security concerns. A hacker will put an access point between you and the public connection – the man-in-the-middle. As such, any information you send will be sent through the hacker’s access point before going on to the network which makes it seem as if everything is fine.

With this method, hackers can steal bank account information, emails, passwords, credit card details, and more.

Another way in which a man-in-the-middle attack can take place is through spoof websites. This is typically done through programs/software that can be used to convert an HTTPS site to a lookalike HTTP site and redirect you to that site.

  • End-Point Attacks

The wi-fi network provider and you as the user are both considered end-points. So, while your computer might be safe, if the network is compromised, a hacker can gain access to your information. In this case, you may not even realize that your data is vulnerable until it’s too late.

  • Packet Sniffers/Side Jacking

Packet sniffers are often unharmful programs used to analyze how a wi-fi network is being used. They can also be used to test the strength of the network and monitor the network’s traffic. Unfortunately, this computer software can be used by hackers as an entry point to steal user data. Common data that can be accessed with this method are usernames and passwords.

  • Session Hijacking – stealing your browsing data

If you’re on a public wi-fi network and a hacker is monitoring your session traffic, you could have your session hijacked. Take for example if you’re using your email or social networking. Once you’re logged in, these sites will store information on you using cookies. Your browser may also store information like your passwords to these sites.

In a session hijacking, the hacker could steal your browser cookie information. Once done, they’ll have all the information needed to pretend to be you on these services and find your email and password details.

  • Malware

If you have file sharing activated while on a public wi-fi network, you could be sent malware. Malware resides on your devices and can be set to access your photos, sensitive documents, camera, and microphone. This can also allow hackers to access private and personal information as well as eavesdrop on you, even when you’re not online.

So, now that you’ve seen all the ways that using a public wi-fi can affect you, let’s take a look at what you can do to protect yourself.

9 Ways to Protect Yourself When Using a Public Wi-Fi Network

While there are many dangers to using a public wi-fi network, there are measures you can take to protect yourself. With the information here, you can make better decisions about using public networks, and safeguarding your private information if you do.

These are 9 solutions to protect yourself online when using a free or public wi-fi network. (Number 6 is one of our favorites).

1. Confirm the Wi-Fi Network

If you’re at a business establishment, always ask a member of staff for the correct name of the network. You will often see several networks available, even more than one for the same business. Therefore, you’ll need to get the correct name of the network from a reputable source before connecting. Otherwise, you could end up logging into a network designed to snoop on your personal information.

2. Use ‘Forget Network’

When you’re through using a public network, it’s a good precaution to click “forget network” when you have finished. A device can automatically connect to a previously connected WiFi. In doing so, you could end up using a compromised network without realizing it. When this happens, you forget about other safety measures to protect yourself and end up doing something that compromises your information.

Therefore, by using the forget network feature, you can prevent automatic connections to public wifi hotspots. This also brings us to another protective measure – your phone settings.

3. Adjust Your Device Settings to Do Not Connect Automatically & Disable File Sharing

Never set your mobile device to automatically connect to a free Wi-Fi network. When your phone or laptop is configured to connect to any open Wi-Fi network, you’re setting yourself up for problems.

You may not even realize that you’ve connected to an open network that could allow someone to steal your data. That’s why manually selecting a public wi-fi network is so important. So, make sure your settings allow you to choose when you want to connect a public wi-fi network and the network you want to connect to.

You should also not select the option to make your device visible to others on the network. Neither should you mark the public network as a “Home” or “Work” network on your device.

Finally, disable file sharing when on public networks. This will prevent hackers from sending malware to your devices.

4. Check for HTTPS/SSL Encryption of Website Pages

If you’re on public wi-fi, ensure that all the websites you visit, and their respective web pages have SSL encryption. You’ll know that a site you visit is secured if HTTPS is displayed in the web address and/or the padlock icon is displayed.

Unfortunately, however, not all websites are secure. Plus, for some sites, only specific pages are secured and carry SSL encryption. Because of this, you need to protect yourself from moving from a secure webpage to an unsecured webpage within the same or another website.

But, what can you do if a website only has a few pages with encryption and the rest is unencrypted? There is also a solution for that – a browser extension called HTTPS Everywhere.

5. Install HTTPS Everywhere

HTTPS Everywhere is a browser plugin that forces HTTPS throughout a website where it’s available. Or, it can be configured to block sites that do not have SSL encryption. This means you won’t be able to connect to any website that has HTTP.

The plug-in is free and available for the most popular web browsers.

If blocking all HTTP connections isn’t practical for you, then there is another solution – VPNs.

6. Purchase a Virtual Private Network (VPN)

A Virtual Private Network provides an encrypted channel from your mobile device to a website. Therefore, if someone is on the same public network that you’re on, they won’t be able to track or intercept your web activity.

If you’re planning on using a free VPN, look for a company that offers paid VPN. These companies sometimes offer free VPN up to a limited amount and might even sell your data. While this will limit how much browsing time or bytes you can use, you can know you’re using a secure platform. Therefore, often nothing comes for free, FREE might be just a marketing hook.

If you need more time, then it’s best to buy a VPN plan because VPN services are by far the best way to protect yourself if you’re on a public wi-fi network.

7. Use Your Data Plan

If possible, get a data plan that allows you sufficient coverage when you’re not home on your private Wi-Fi network. Then, you have secured access to the internet and you can use your smartphone to give your laptop or tablet internet access through a hotspot.

8. Use Your Smartphone as a Hotspot

A good way to avoid connecting to a public network on your mobile devices is to use your smartphone as a hotspot. But, for times when this is just not practical, simply follow the many solutions above and below to protect yourself online.

9. Be Wary of Requests for Too Much Information

Be sure the free WiFi is being offered by an entity that you trust.. Yet even then be beware of signing into public wifi networks that ask for a lot of details.

These can be name, email address, phone number, etc. Networks that ask for these details are often used by restaurants, stores, and even financial institutions to help them recognize your devices across multiple outlets as well as to target you for marketing activities. You can decide if these activities are worth your information.

However, hackers can set up similar access requirements to get your personal details.

Protect Your Privacy on Public Wi-Fi Networks.

The use of public wi-fi is almost universal with even governments trying to increase access to the internet by putting in public hotspots. Businesses know that to maintain their competitive advantage, customers expect to have access to free wi-fi. With the increasing use of public wi-fi, it’s important that you do what’s best to protect your interests.

So, try to avoid using public wi-fi connections as much as possible. And if you can’t avoid using them at all, limit the number of them that you connect to.

The fewer networks you use, the lower your risks online. And if you must connect to a free wi-fi network, then make sure you use the solutions provided, especially reliable VPN services, to keep you protected.

Andy Michael

Reviewed over 62+ VPNs. Specialized in network forensics, IoT and big data analytics. Former security consultant at ISC.
Andy Michael

Latest posts by Andy Michael (see all)

Leave a Comment