Public WiFi Security: The Dangers That Lurk And The Tips And Tools That Will Save You
When was the last time you used public WiFi on either your phone or your laptop? Do you often want to check Facebook or Twitter at a café? What else might you use it for?
The answers are important, as your identity and financial information may depend on them.
The world of the internet has changed from even just ten years ago, and there are legions of cybercriminals—some organized, some not—looking to make a grab for your information. And they often do it over unprotected WiFi networks, where people are usually at ease or focused on other things.
You might even be giving away account information (from you bank or any other service) without realizing it.
In this guide, we will teach you about some of the most common dangers of public WiFi networks, how to deal with them and what tools you can use to protect yourself.
How Secure Is Public WiFi
Public WiFi networks are interesting in that, like most networks, they are highly customizable, and managers will often change security settings to fit their needs.
Free WiFi can draw a crowd (or at least a few more customers), so it’s become common, but it is frequently put in place by people who aren’t professionals and who don’t regularly monitor or moderate the network.
This means cybercriminals and hackers will try to take advantage of it, and that there are other dangers to consider.
Here are some dangers to keep an eye out for:
Network Sniffing Programs
The most common problem and possibly the most immediate danger you can run into is that of data sniffers, a type of hacker/program that accesses a network and then logs all of the traffic coming to and from devices on the network.
Once the cybercriminal has that information, they’ll mine it later for credit card information, account login information and perhaps sensitive confidential transactions. If it’s valuable, they’ll find it and sell it.
This is so dangerous because it is nearly undetectable. The device itself can usually fit in the palm of one’s hand, and it can be disguised and hidden next to the laptop the hacker is connected to.
Anyone can be using a sniffing program while appearing to be a perfectly normal tourist in the city of your choice.
The most important thing you should know is that you don’t even have to be actively using your device. If it’s connected and receiving information from Facebook, Google, Yahoo, etc., then you are potentially sharing your login information with a cybercriminal. Same goes for your passive email updates, etc.
You can learn more about sniffing programs here.
Corporate Data Collection
Private hackers and individual cybercriminals aren’t the only people and threats about which you need to worry.
There are also many chains and corporations who are very interested in learning your online and offline habits. Data is valuable and your privacy not so much.
Be wary of the terms you agree to when dealing with a company, and be careful of the sites you visit while at a place of business. If you don’t trust the business, hide your data usage (more on that below) or use your data plan.
Malicious Access Points and Spoofing Attacks
This one is a bit more complicated. In the event you run into a malicious network administrator, that administrator can control what page appears when you input an address.
This means when you visit Twitter, you could get a false, malware-infected page.
Choosing a Network Wisely
Knowledge is half the battle when choosing a network, and in many circumstances, you’ll need to know which network to choose.
You’ll also need to know when to dip into your data plan for your own protection, no matter what security measures you already have in place.
Cybercriminals may try to breach an existing network and passively collect data from there, but hackers with a few tools and a bit of creativity will try a different strategy: They create an entirely false open network and try to encourage you to use it so that you give up your information on their logs for their reading pleasure.
This is often done in public meeting places and tourist hubs, with hackers expecting tourists and the general public to be unaware of the difference between the false network and the real one.
You will want to look for the following:
- Any misspelling or poor formatting is a red flag. Large businesses and WiFi providers do their homework.
- If you would expect to need to access a portal page or use a password to connect to the network, yet find no such thing, disconnect.
- If you’re uncertain about a network, ask an official or employee of the location about the network. They’ll have the correct information for you.
To learn more about false networks, you can find an excellent case study here.
Terms and Conditions
You’ll also want to be careful of what networks might be the most vulnerable. Generally, the easier it is to access, the more problematic it will be for your device.
It is very important you read the terms and conditions wisely. If the network provider is collecting information from you or watching the network and is legitimate, they’ll let you know in the terms. From here you’ll be able to make an educated decision as to whether you want to use the network.
That being said, do not make the mistake of seeing terms and conditions as any form of protection.
Hackers generally have little respect for such things, and many times these terms are just guidelines telling you not to access illegal or inappropriate material on their platform.
How to Secure Your Computer on a Public Network
You might bring a laptop to a café to get some work done or keep it around while you wait for someone else, preferably a waiting room with free WiFi. This is a productive measure, certainly, but there are risks. Here is what you can do to secure your computer:
- Only use websites encrypted with HTTPS protection if you are doing anything involving your information. You can browse as you’d like if you’re looking up common information, as hackers won’t be too interested in your general interest in cat medication.
- You will want to make sure to disable network sharing on your computer. It will vary based on your operating system, but this guide will help you find the information you need.
- Use a Virtual Private Network. More will be explained on these later, but this is a service to encrypt your communication and hide behind a different IP address; they are essential for privacy.
- Regularly use antivirus and security programs. While they won’t necessarily protect you from sniffing attacks, they will keep your computer safer from other forms of attack which make the consequences of a sniffing attack much worse.
- If you aren’t using the internet, turn off WiFi. You can easily turn it back on, and taking this simple step is sure to bring peace of mind.
- Be careful about downloading anything on a public network, especially if it appears to come from the network provider. Nothing will be able to protect you if you invite an attack through your front door.
- Simply don’t make financial transactions. Unless it is an emergency, it can wait until you’re on a safer network.
It should also be noted most of the rules here apply to tablets as well, considering they are functional laptops or notebooks; your information is just as vulnerable.
How to Protect Your Phone on Public WiFi
Everything that applies to your computer (that can be applied) also applies to your smartphone. The device is, for all intents and purposes, simply a computer that makes phone calls.
With that said, here are measures you should specifically take on your smartphone:
- If your phone has a setting to automatically connect to WiFi, it is highly recommended you disable it. Your phone could be giving away your account information without your knowledge, which means you’ll only know about identity theft after it happens to you.
- Unknown to many, there are security apps available to smartphones designed specifically for these devices. To learn more about them and what makes a good one, this resource will help.
- You should seriously consider using your data plan, especially if your online activities take little data. Poor WiFi is often slow because it is compromised.
Most Secure VPN for Public WiFi Security
What Is a VPN?
A Virtual Private Network (VPN), briefly mentioned above, is a secure connection over a privately-owned network which allows you to browse the internet without fear of spying.
It encrypts your connection and creates a network tunneling protocol which also hides your IP address by effectively replacing it with that of the VPN server.
While originally a tool for large corporations, VPNs soon became available commercially and are often used to bypass regional restrictions. Their main purpose, however, is security, gaining popularity as different types of threats have become more prevalent on public networks.
How Can It Secure My WiFi Connection?
While it won’t make you invulnerable to your own mistakes, it will keep you safe. You should feel confident performing most activities over a VPN connection, so long as you have a trustworthy service provider.
Whether you are using your smartphone or laptop (there are apps for each on almost every OS), you can simply sign into the service and select a server.
From here your computer will make the link and communications will be sent from an encrypted tunnel for as long as you remain connected.
VPNs aren’t perfect, and they won’t protect you from all forms of attack. They are, however, one of the very best forms of defense your device can have, especially against cybercriminals who mostly attack people on public networks.
If you would like more information about VPNs or would like to know what makes a VPN great, please read this page.
Stick to Secure Websites and Apps
HTTPS, or Hypertext Transfer Protocol Secure, is a protocol by which you receive your information online, except with an SSL layer attached. Fundamentally, it provides an extra layer of protection when you browse online (regardless of the device you use).
It has been mentioned before, but if a website doesn’t have this protection, you should give them absolutely no information you don’t want the general public to know.
If you go to a common website (think Amazon or Google) and there is no indication that the site is secure (see below), you will find you need to make sure it’s the correct website (it’s likely a scam).
You can learn more about HTTPS here.
Is HTTPS Secure in Public WiFi?
Now that you know a bit about the protection, and that HTTPS is somewhat safe in public WiFi, it is important to address the following question: does it depend on how you use it and the security between you and that server (the website)?
A man-in-in-the-middle attack, which relates to malicious access points mentioned earlier, can still compromise your security.
You will still need to be careful, and the most important defensive measure you can take is to pay close attention to the websites you visit and log out if the website appears odd. Fake websites can get HTTPS certificates as well.
App Permissions and App Data Used
The permissions and settings you put on your device are one thing, but apps often ask for permissions to things such as your phone’s camera and your microphone. It might also ask for network authority, taking the security of your phone out of your hands.
Alternatively, if you’re using apps that are taking permissions for more information, that information could be sent and be vulnerable over the network.
A call over WiFi might be intercepted, or your camera can be used against you. Be careful about the permissions you give, and don’t be afraid to deny permissions after the fact (usually available in an app options menu).
Given the time it takes for trends to change and technology to upgrade, this may change in terms of the information taken, but the principle applies: be careful of what apps want from you and how that might affect your public network usage.
Update Your Software
Your operating system and the programming behind most of your apps on your device is flawed. There is no way around this.
Hackers and cybercriminals know this, and they’ll often use tactics that rely on old, unprotected versions to break down defenses and get to your information over public WiFi.
Many updates are security updates. With rare exception, you should update your devices as soon as possible. Do this, and you shouldn’t face any problems.
Be Careful of Others
This is the most important step after you have set up other tools and routines on your phone. While you may take every precaution, others might not. Their devices are just as vulnerable as yours, and they might use some of your information by mistake, feeding it to cybercriminals in the environment.
While talking to your loved ones and colleagues about the above dangers and tips can be helpful, evangelism can only go so far. You will need to make sure you can trace (to the best of your ability) where your information is going.
You should do the following:
- Never log yourself into an account on someone else’s device. Not only might the info be saved on the phone, someone might accidentally log you in again later on a network.
- Be careful about what information you send in emails or messages. Your end might be secure, but theirs might not be. Be careful about what services you use, and it is recommended you use an encrypted email account or app if you have the need for extra security.
Now you know everything the average person needs to know about public WiFi, and you have the sources you need to learn even more. Whether you’re trying to protect business interests or simply want to protect your identity, these tips are invaluable, but only if you follow them.
We strongly recommend you get started right now before you get distracted by another topic or problem. Your safety is in your hands.
What has your experience with public networks been like? Have you noticed an increase in public network attacks? Are there any other solutions you would like to share? Please leave a comment below and tell us your thoughts.