Many cafés, restaurants, hotels, and even some stores provide free Wi-Fi for customers to use. While this is a great benefit if one does not have consistent access to Wi-Fi, these networks can pose a security risk to any who connect to them; a study performed by Forbes found that “40% of respondents had their information compromised while using public Wi-Fi” (Haan). After all, many of these networks are unsecure and can allow anyone to connect, which gives hackers a prime opportunity to wreak havoc.
The below video by Kaspersky Labs discusses the dangers that arise when connecting to public Wi-Fi, as well as ways to stay safe when connecting.
The below video by SciShow on YouTube also discusses the risks of public Wi-Fi and some additional tips for how to stay safe.
The Risks of Public Wi-Fi
Before getting into the ways to stay safe on public Wi-Fi, it is important to know what some of the risks are. Unfortunately, “while business owners may believe they’re providing a valuable service to their customers, chances are the security on public Wi-Fi is lax or nonexistent” (Stouffer). For example, in many cases, a public Wi-Fi at a coffee shop or store “requires no authentication to establish a network connection” (Kaspersky). This means that there is no password that must be entered in order to connect to the Wi-Fi network. Because there is no password, anyone can connect to the Wi-Fi network as long as they are within range.
While there are many threats that arise when using public Wi-Fi, the biggest is referred to as a “Man-In-The-Middle” Attack. This attack is when a hacker attempts to “to position himself between you and the connection point”; thus, “instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on” to the hotspot (Kaspersky). Without even knowing, you are passing your information to the hacker, who will often record this information and then passes it along to the Wi-Fi network itself. The hacker can see what you are doing, and even capture some of your sensitive data, all without interrupting your service. This attack is made easier when the network is unencrypted. A network that is encrypted will scramble the data that passes through it so that only the sender and receiver are able to unscramble the data. However, if “you connect to an unencrypted network, it is much easier for a scammer to get ahold of your web traffic” since your information is not hidden or scrambled (Stouffer).
Beyond this, “hackers can also use an unsecured Wi-Fi connection to distribute malware” (Kaspersky). Generally, there are one of three ways that this can occur. If you “allow file-sharing across a network, the hacker can easily plant infected software on your computer” (Kaspersky). For example, many Apple devices come equipped with AirDrop, a feature that allows devices connected to the same network to share files with each other. Unfortunately, hackers can use this feature to send malware to unsuspecting users. The second way in which hackers can deliver malware to your system is through a software vulnerability, which is “a security hole or weakness found in an operating system or software program” (Stouffer). Clever hackers are able to exploit these weaknesses “by writing code to target a specific vulnerability, and then inject[ing] the malware onto your device” (Stouffer). The third and final way occurs if a hacker has “managed to hack the connection point itself” (Kaspersky). Once they have breached the Wi-Fi device itself, a hacker can, for example, cause “a pop-up window to appear during the connection process offering an upgrade to a piece of popular software. Clicking [on] the window installs the malware” (Kaspersky).
Finally, another threat to keep in mind is referred to as a “rogue access point” (Stouffer). These “trick victims into connecting to what they think is a legitimate network because the name sounds reputable” (Stouffer). For example, say the local university- TechU- has a public Wi-Fi network named “techu-guest”. A hacker on TechU’s campus can create their own Wi-Fi network named “techu-guest-wifi” and broadcast it out. Unsuspecting users may connect to “techu-guest-wifi” instead of the legitimate Wi-Fi network, which connects them directly to the hacker.
How to Stay Safe
As detailed above, there are many ways that hackers can attack your devices on public networks, but “fortunately there are safeguards against them” (Kaspersky).
First and foremost, begin by “ensuring it’s a secured network with encryption technology”, making “sure you use a strong password on your devices[,] and consider using a virtual private network (VPN) when you’re connected to public Wi-Fi” (Haan). A VPN takes your information and further encrypts (scrambles) it before sending it across the network. Not only that, but many VPNs will also hide any information that could identify your device on the network, which can make it harder for an attacker to target your device. These three steps are a great start to keeping yourself safe if you are going to use a public Wi-Fi network since they help to lock down and secure the information you will be sending across the Wi-Fi network.
In addition to using a VPN, “using antivirus software is another great way to stay safe while using public Wi-Fi” (Stouffer). Antivirus software can help to detect and securely contain any suspicious files that are sent to your device, which can prevent malware from spreading. Keeping your operating system (OS) up to date can also help to keep you safe as “OS updates often include important security patches that can further protect your device from Wi-Fi threats” (Stouffer).
When using a public network, it is recommended that you “only browse websites that include an SSL certificate while on public Wi-Fi. A website has an SSL certificate when the URL begins with ‘HTTPS’” (Stouffer). Additionally, there may be a small lock icon next to the website link in your browser when viewing a website with an SSL certificate. These certificates help you to verify that you are on a legitimate website. Furthermore, “avoid visiting sites that require you to enter personal information such as passwords or credit card numbers” (Haan). Even if you have taken every other precaution, it is best to avoid entering in any information that you would not want a hacker to steal; after all, some hackers may be clever enough to find ways around these safeguards. If you need to log into a website or service, however, “enhance your protection… by enabling two-factor authentication” (Stouffer). Two-factor (or multi-factor) authentication means that, after entering in your password, you have to enter in a second security code (often sent via text or email) in order to access your account.
Another attack that is not often considered is referred to as “shoulder-surfing”, which is when, as the name implies, someone looks over your shoulder at your screen in order to get your personal information. It may be a good idea to put “a privacy screen on your devices” which “will blacken your display for everyone but you, keeping fraudsters from being able to copy or photograph any of your sensitive information” (Stouffer).
Finally, “when you’re done browsing [on a public network], be sure to log out of any services you were using. Also, check your settings to make sure your device will ‘forget the network’ and not automatically reconnect to that network again if you’re within range without your permission” (Stouffer). This ensures that any connection between your device and the public network is stopped. Furthermore, it is a good idea to “configure the wireless settings on your devices to not automatically connect to available public hotspots” in order to prevent your device from connecting to an unknown network accidentally (Stouffer).
Resources & Further Reading
Haan, Katherine. “The Risks of Public Wi-Fi: Key Statistics and Usage Data.” http://www.forbes.com, Forbes Media LLC, 9 Feb. 2023, www.forbes.com/advisor/business/public-wifi-risks/.
Kaspersky. “How to Avoid Public WiFi Security Risks.” Kaspersky.com, AO Kaspersky Lab, 2020, usa.kaspersky.com/resource-center/preemptive-safety/public-wifi-risks.
Stouffer, Clare. “Public Wi-Fi: An Ultimate Guide on the Risks + How to Stay Safe.” Us.norton.com, Gen Digital, Inc., 15 Sept. 2022, us.norton.com/blog/privacy/public-wifi.
The H.A.C.K.E.R. Project 
Leave a comment