WiFi has become an essential service for millions of people around the world. By 2018, there will be a staggering 68 million public WiFi hotspots in the US alone. And according to 2014 research by iPass, there will soon be one public WiFi hotspot for every 20 people on the planet.
This rampant proliferation of public WiFi has changed our usage habits, how we shop, and the way we work. Free, open, public WiFi is critical in getting people connected where there’s no data service or mobile data is too expensive. But in our eagerness to log onto the first public network we find, we expose ourselves to considerable risk.
What is Public WiFi?
Have you ever used a new WiFi hotspot on holiday, only to find that your Facebook account was mysteriously hacked? Or connected to an unfamiliar network, only to later discover strange files have appeared on your device?
You’re not alone. These are common experiences for public WiFi users. Worse, it’s just the tip of the iceberg.
Public WiFi hotspots bring valuable custom to coffee shops and bars, and helps people who on restrictive cellular data plans to get online when out and about.
The WiFi hotspots we love so much are potential goldmines for hackers and ridiculously easy pickings
Tourist offices and local government the world over have rolled out major public WiFi initiatives, to the relief of tourists and local citizens who need to be connected wherever they go.
When you’ve just landed in a foreign country, or you’re trying desperately to send a file before a deadline, you’re more driven by the need to connect than thoughts of your privacy.
This thirst for reliable WiFi has driven an explosion in public WiFi hotspots.
But any WiFi hotspot without a password is a potential goldmine for a hacker.
Recognizing a Risky Hotspot
Before we dig into the risks, let’s learn to recognize the most vulnerable networks and the potential danger of using “secure” hotspots.
The riskiest networks are those public WiFi hotspots that don’t require a password to join. On your phone, laptop, and tablet, open WiFi is usually shown without a padlock beside it. Let’s face it. We gravitate towards these networks because they’re super convenient.
Businesses prefer to offer access this way because distributing the password can be a pain.
But here’s the significant downside of open WiFi. If there’s no password, all of the traffic flowing to and from that hotspot is unencrypted.
No password? Then all activity is easily accessible. But even “secure” networks can be vulnerable.
Essentially, the data flowing to and from your computer is being transmitted as plain text. This is why public WiFi presents such a danger.
But what is there’s a password? Surely you’re safe then.
Well, no. Not always. If a “secure” network uses an older router, it’s perfectly possible to get the log in details the same way you did and monitor all the activity on the network.
The latest routers are much more secure but can you be sure that your favorite coffee shop or the local mall have upgraded to the latest hardware?
You are also placing trust in the network owner is not a scammer themselves, which sadly is not guaranteed in tourist hotspots.
But all is not lost. You can do something about it.
What Are the Risks?
When you join a public WiFi network and start to access websites, all of your browsing activity is theoretically visible to everyone else on the network. All it takes to eavesdrop on your connection is some relatively simple software that’s freely available online.
These applications are usually banned on commercial networks, but there’s nothing to stop a hacker pulling up a chair in a cafe and firing one up.
Of course, any website that uses HTTPS will create an encrypted connection. But not all sites use it. And those that do may not default to the HTTPS connection. You can review a list of HTTPS websites here, as well as ones that are not yet compliant. The data may surprise you.
HTTPS offers important protection but can’t prevent a determined hacker from targeting you
There’s another, more sinister risk related to public WiFi usage. A hacker can set up a fake network and advertise it as a legitimate hotspot. This 7-year-old learned to set one up in 11 minutes. You might connect to the fake hotspot assuming that it’s a legitimate access point. There’s nothing to stop the hacker from naming the network after a store or café in the area to make it look like the real thing.
Either of these hacking methods presents a danger to you, and you could be a victim of a variety of different attacks, including:
- Interception of unsecured data. Criminals can harvest your personal details when you fill in any online form. This is stunningly easy to achieve with packet-sniffing software. Similarly it’s easy to intercept the cookies that you keep you logged into social media networks and online stores such as Amazon. Armed with this data, hackers can steal your identity and make fraudulent purchases.
- Monitoring of browsing activity. The hacker can see which URLs you’re loading. If there’s no HTTPS, anyone could capture details as you browse. Even if you’re on a secure (HTTPS) site, a snooper can see the domain you’re on. It’s very easy for a malicious user to find out your name, your home location, and your photo using these methods.
- DNS spoofing. This technique will redirect you to a fake website when you type in a URL or click a link. So if you’re browsing your online banking site, the hacker could redirect you to a fake version of that site. The might make it look as though you’ve been logged off unexpectedly, tempting you to inadvertently log in again using their fake form.
- Content injection. The hacker can intercept the web pages you’re browsing and insert malicious content into them, changing words, pictures, or the entire contents of the page. That might mean displaying a fake Facebook login form to capture your login details, or tricking you into downloading content. This could result in you downloading malware or content that’s very unpleasant and illegal.
- Privacy invasion. If you’re connected to a fake hotspot, the hacker could see the apps you have installed. They could take a look at all of your saved WiFi network names to figure out where you live, or where you’re staying. For example, let’s assume you connect to your hotel network, then visit the Starbucks around the corner. Once you pick up the rogue network, the hacker checks out which WiFi networks you’ve been using. Voilà. They know which way to follow you home.
These may sound like far-fetched outcomes, but on public WiFi, hacks are incredibly common. And it’s not just a risk to you. Once you go back home or connect to your office network, you could spread viruses and compromise data for a huge number of other people as well.
6 WiFi Safety Tips
Hopefully, we’ve demonstrated that the risks of public WiFi are not to be understated. But we aren’t trying to put you off using it altogether. Thankfully there are ways to protect yourself while benefitting from the convenience it offers.
Here are our 6 key public WiFi safety tips.
1. Set Up Your Device Correctly
First, look at the security settings on your computer. If you’ve never done this before, you probably haven’t got it set up correctly.
On Windows, you should set your default connection profile as Public. That will safeguard you against accidentally connecting to an unknown network with the wrong security settings.
An example of this procedure is shown here. We recommend using option 1, the manual configuration method. Take care when editing any Windows settings; seek advice if you aren’t confident with this. And don’t download any registry editing files while connected to public WiFi.
With your security settings sharpened up, you can now set up to your known, secured networks as Private connections. Typically, this will include your home, office, or school WiFi. The Private setting is more suitable for secure networks.
2. Check Your Firewall is Active
You should also have a firewall running all the time, and you need to keep your virus definitions updated to protect against the most recent threats.
Windows is quite good at prompting you to set up a firewall, so you may have already done this. Turn on automatic virus definition updates, or try to get into the habit of updating definitions when the nag screen appears.
If you’re a Mac, to you might never have bothered to use your firewall. Now’s the time familiarize yourself with it. And make sure it is switched on before connecting to public WiFi.
It’s good practice to go into System Preferences on your Mac and switch off any Sharing options that you don’t use.
3. Install Software Updates
Try to get in the habit of installing software updates as soon as they’re available. They usually contain security patches. Staying up-to-date will protect you against known vulnerabilities that hackers can easily exploit.
Note: malicious hackers can trigger fake downloads on your computer while you’re on Public WiFi. As such, you should only never download updates on public WiFi, particularly if the alert box pops up while you’re on that public hotspot. Disconnect and check for updates when you’re on a secure connection.
4. Use a VPN
Even if you use public WiFi infrequently, it’s worth setting up a VPN to protect your connection. VPNs work by creating an encrypted tunnel that all of your traffic flows through. This ensures that your activity is hidden, regardless of the network you’re on.
Here’s a tip: don’t leave this until the last minute. Set up the VPN today. Take a look at our 10 best VPN list if you aren’t sure where to start. Next time you need to use a public WiFi network when traveling, you’ll be glad you did the groundwork.
A VPN will slow down your connection, and on public WiFi, this can be an issue for usability. In our tests, we compare VPNs in terms of the speeds they offer. The slowdown on best VPNs is negligible. So if performance is important to you, you can use our comparison charts to find the fastest VPN for your budget.
5. Delete the Network When You’re Done
Get into the habit of deleting public WiFi networks from all of your devices as soon as you’re done with the connection.
For example, on Android, you can Forget the network in your WiFi settings. On a Mac, just delete the network from your WiFi history.
Keeping a lean WiFi history helps to avoid the possibility that you’ll connect to a fake access point later.
6. Use Common Sense
If you have to use a public WiFi network without a VPN, don’t connect to sensitive websites, like your online banking. Don’t type in credit card numbers. And avoid using any site that doesn’t have HTTPS. (That includes eBay, believe it or not.)
In an emergency, disconnect your smartphone from WiFi and tether using the cellular (3G or 4G) connection instead.
Avoid Potential VPN Problems
VPNs are certainly a secure way to browse, and they’re arguably the best defense against public WiFi security problems. But a VPN isn’t a completely failsafe method for protecting against the risks.
The good news is that you can mitigate the two main problems with VPNs by setting up your computer correctly, and ensuring your VPN provider has included the right features.
Problem 1: The Connection Gap
When you initially connect to the public WiFi, you’ll need to manually start the VPN connection after the WiFi connection is initiated.
Despite your best efforts, there will always be at least a few seconds when the VPN is not protecting you. Even with automatic connection, which we recommend, the problem remains.
This is an issue because of the way our devices poll for updates.
The brief seconds it takes to connect are a window of opportunity for hackers. Slam it shut using firewall settings.
If you have any software open, it might try to initiate a connection before you’ve had a chance to initiate the VPN connection. For example, your email software might transmit your login details as soon as the public WiFi has connected. It’s a small window of opportunity for a hacker, but one that most users will want to avoid.
Solution: Arstechnica has written about this problem, and offers an easy solution: limit all connectivity on your default connection using your firewall. Create a highly restricted zone for the default connection, which will prevent most traffic from getting through.
Then, you can create more a relaxed rule set for your VPN zone. Traffic will only be able to pass through the firewall once the VPN is connected.
Problem 2: The Connection Drop
If your VPN loses connection, your device will fall back onto using your regular – and possibly unsecured – network. Here’s the bad news: you might not realize this has happened. There’s usually no alert to let you know, so you could continue to browse without realizing that you’re not protected.
Solution: When shopping for a VPN, we highly recommend that you choose one with a kill switch. The kill switch will automatically cut off your network connection if the VPN connection drops. That will prevent any data from being transmitted or received until you reconnect the VPN yourself.
The kill switch feature may have a different name, so it’s important to scour the feature list to make sure it’s included.
Prevention - Better Than Cure
For most of us, getting online is an essential part of daily life. Barack Obama tried very hard to get the internet classed as a utility in the United States — just like the water supply — so that it would always be free and open.
In our rush to connect to the sites we need, it’s natural to gravitate towards public WiFi. It’s easy and free, and it’s available almost everywhere. But if you’re not prepared, this is a one-way ticket to identity theft, data loss, and worse.
A VPN isn’t the only way to protect yourself online. You can shore up your security by tweaking settings and being sensible about the sites you visit. Using the tips and techniques in this article, you have everything you need to protect yourself without hassle or disruption.