We all love free stuff. In fact, most businesses use the promise of free things to lure in more customers. It is not uncommon to find a coffee shop offering free samples or free WiFi. What they do not tell you is how dangerous free WiFi can be. In this article we share some practical advice on how to stay safe on public Wi-Fi.
Before we look at these tips it is vital that you first know why public Wi-Fi is so dangerous.
Today, practically anyone has a device that can connect to the internet like mobile phones, computers, and even watches. These devices are very convenient but that very convenience can be what makes them dangerous.
Your devices are packed with tons of personal information which makes them an attractive targets to hackers, and public WiFi is one of the easiest ways a hacker can get to you device.
What are the risks with public WiFi?
Here are some specific security threats from the use of public WiFi:
Rogue WI-FI networks and Access Points
There are many threats that are in this category. However, it is basically a fake Wi-Fi that looks real but has been set up by a hacker. Such rogue WiFi access points often offer free access without passwords. Bars and coffee shops will often have a password in place which makes the free access ones are very tempting to connect to. Of course once connected to such an access point the hacker can see any encrypted data that goes through the access point including passwords!
These ones are in many ways similar to traditional computer viruses. However, they differ in one way. Where computer viruses need a program to attach, these computer worms can propagate by themselves.
When a computer is on a freely accessible public internet, these worms can easily jump from one computer to another.
Man in the middle (MiM or MitM)
A man in the middle attack is actually the most common threat online. It is where hackers intercept data as it travels across the internet. The most common method they use is eavesdropping. This is where they take advantage of weak protocols in public WiFi access points such that they can intercept messages between two entities, meaning you and whatever websites or services you are trying to access online, such as your bank! Please whatever you do, do not do your online banking while on a public WiFi network!!
These are small programs used to monitor network traffic. Hackers use packet sniffers to look for valuable information contained in the content of data packets as they traverse the internet. Such valuable information might be things like bank or email passwords. The analog version of this is the traditional wire tap on a phone line. In the modern version, hackers use software to listen to all the data flowing over a public network, looking for anything that might be valuable to them, such as passwords that they can use to compromise a victim.
Evil Twin Networks
This one is similar to a rogue access point. However, it is much more sophisticated when it comes to hiding its purpose. Hackers clone an access point that you trust to create an identical twin. As the name suggests, this twin is evil and the hackers can easily use it to steal information. How they do this is too technical and beyond the scope of this article, suffice to say you don’t want to find yourself connected to an evil twin network.
Ad Hoc Networks
This one takes advantage of vulnerabilities in peer to peer network connections. When you unwittingly connect to an ad hoc network you stand a chance of a hacker gaining direct access to your device…at which point all bets are off. You’ve probably seen the prompt before when you join a new network, as king if you want your computer to be discoverable to other machines on the network. This is handy when you are working in a locked down corporate environment and want to share files or data, but on a public network an ad hoc peer to peer connection to a bad actor can be very risky.
How to protect against the security risk of public WiFi
We’ve covered some of most common security threats of public WiFi access points. Just knowing the risk can help you prevent attacks. However, hackers are always coming up with new ways to use these networks to their advantage. Here are some practical steps you can take to prevent hackers from succeeding if you have to use public internet.
Turn off sharing
Let’s be honest, when you go to the coffee shop and that sharing notification pops up you probably ignore it.
However, if you knew how important this pop up is then you would always ensure you turn it off. Leaving it sharing on leaves you vulnerable to peer to peer attacks via AD Hoc networks. Sophisticated hackers can take advantage of this and gain access to your machine and the data contained therein.
File sharing is pretty simple to turn off. In fact, most operating systems prompt you about it when you connect to a new internet connection. Having it on will give you a little more security when connecting on an unsecured network.
Have your own private network
Perhaps the simplest solution of all is to just not use any public networks and instead only access the internet via a protected network.
You can use your mobile phone as an access point, the only requirement is a decent data plan with your service provider. I’ve personally got an unlimited data plan on my mobile which is great, but my provider doesn’t allow tethering other devices to the phone for fear that you will simply share you mobile data connection with everyone. I can pay a little extra whenever I need to do this and that works for me.
If you are a frequent world traveller and would like to carry your own portable Wifi Router in your pocket then there are companies that sell devices and global sim cards which work with lots of providers in all the main destination countries. We like Skyroam which works out of the box in 130+ countries. Data on these devices is not as cheap as your domestic mobile data plan, but your are paying for convenience. Check out our post on the best travel Wifi router.
Use a virtual private network (VPN)
In a world of ever more sophisticated hacks, a premium virtual private network (VPN) is the best way to protect yourself. A VPN is your best bet at creating a secure connection to the world wide web over free or public WiFi.
A VPN ensures that all the traffic between your computer and the World Wide Web is fully encrypted. This provides an active layer of security which obfuscates your browsing activity from prying hacker eyes on the public internet. Moreover, they also have additional features like masking your location and some even actively look for hidden threats.
Today, there are a variety of VPNs on the market. Some are even free but the old adage applies here, you get what you pay for. Therefore, I recommend that you check out some reliable VPN reviews and buy a secure VPN from a reputable vendor. A few dollars for a VPN service is nothing compared with the damage a single hacker can do.
Only use websites with SSL connections
This is a must if you do not have access to a VPN. It offers a layer of encryption to your network connection. Therefore, when browsing the internet be sure to only use websites that have a valid security certificate. You will know this because the URL of the website will always start with https://… – The “S” on the end of HTTPS is the important part, it tells you the connection between your browser and the website is secured. These days most modern browsers such as Chrome and Firefox will make it clear if a website is not secured in this way. This is not a full-proof option, but it still adds a level of protection when you are visiting sites that require your credentials.
Do not touch any of your personally identifiable information (PII)
Personally identifiable information is the main thing that hackers are after. PII consists of banking information, home addresses, phone numbers, and social security numbers and even email addresses.
Even an amateur black hat hacker can use this information to their advantage. More experienced hackers can use scraps of PII to steal your identity.
For instance, there has been a trend where hackers take out credit cards under victims’ names. This can be especially devastating as proving this theft is really difficult. Therefore, you should avoid accessing or sharing such information over the network when using public WiFi. You never know who may be listening.
Invest in an unlimited data plan
It is often said that the simplest solution is often the best. Therefore, the best way not to get attacked on an unsecured public network is not to use it in the first place.
There tons of data providers in the market. Most of these are fighting for more customers by offering data at low prices. Moreover, some even offer bonus items such as pocket routers, which all makes it quite easy and affordable to get your own private wireless mobile network.
Buying a personal mobile WiFi routers is a simple and easy way to avoid the problem of public WiFi altogether. The device will use fast mobile data (typically 4G these days and soon to be 5G) to access the network and provide you with a local WiFi network that only you can use. As long as you secure your personal access point with a strong password then the risk of attack is very very low.
Also, you may not even need to buy a mobile router. These days, most phones have a hotspot feature that can turn them into a router. Again, secure this with an un-guessable password and you’ll be secure in the knowledge that no bad actors will be using the same network.
Unfortunately, internet crime is on the rise. Every day you are at risk of becoming a hacker’s next victim. What we have covered here is really just one category of risk related to public WiFi, there are of course many other risks such as phishing scams and malware which often use email as the vector for the attack. This will be the subject of future posts.
It is now more than ever vital to ensure that you protect your data. With this summary of threats and practical prevention methods, you will be in a better position to protect yourself.