Published Oct 26, 2022 by Xiph
The convenience of free public Wi-Fi is hard to resist but can cost you if you’re not careful. The dangers of using open wireless networks are twofold. Firstly, your connection is not secure (and can therefore be easily compromised) and secondly, your data is often unencrypted – leaving you open to hacking and identity theft.
How safe is public Wi-Fi?
Public Wi-Fi networks are not secure or inherently less secure than private or personal Wi-Fi networks. Most public hotspots can be connected to without security keys or passwords, which means about anyone can access the same network and see which websites you visit and all the unencrypted information you send over that network. Even if you’re using a password-protected public network, chances are everyone else in your vicinity is also using the same password to access the same Wi-Fi network. Here’s a leftfield analogy for you: if multiple people have keys to your house, is it secure? The answer is no. The same logic applies to public Wi-Fi.
5 ways hackers can use public Wi-Fi to steal your data
Public Wi-Fi networks come with various security risks, including identity and data theft and malicious software infection. We cover some common ways hackers can infiltrate open wireless networks.
Man-in-the-middle attacks
One of the biggest issues with public Wi-Fi is that hackers can intercept communications between servers and clients. This type of cyber security breach is called a man-in-the-middle (MITM) attack. When a device connects to free Wi-Fi, it connects to the internet and sends your data from point A (device) to point B (server/website). If your connection isn’t secure, hackers can get in between these transmissions and read your data. Think of it like a back door that’s been installed on the network’s infrastructure without your permission or knowledge. This allows hackers to view web pages you’ve visited and every piece of information you send out, including emails, other communications, credit card information, business data, and so on.
Unencrypted networks
Most open wireless networks are entirely unencrypted, meaning anyone can see your web traffic, file-sharing, and back-and-forth data you sent over that public network. That unencrypted information can be intercepted by anyone ‘eavesdropping’, leaving you open to MITM and malware attacks. On the other hand, encrypted networks encode any information sent between your devices and the Wi-Fi router and can only be read with the appropriate encryption key.
Wi-Fi snooping & sniffing
Some hackers use special software kits and devices to eavesdrop on Wi-Fi signals. This allows bad actors to remotely monitor user activity from a third-party device, including data passing through the network, and snoop on everything you do online, including which web pages you visit, which accounts you sign into, the login details for those accounts, and more.
Malware attacks
Hackers can also use unprotected Wi-Fi networks to inject your devices, including tablets and computers with viruses and malware. If you allow file-sharing across a network, hackers can easily plant infected software on your computer. Cyber criminals can slip malicious code into your devices or operating systems at any time without you even knowing.
Fake hotspots
While hackers love to target unsecured Wi-Fi networks, some may go the extra mile to engineer fake Wi-Fi hotspots with malicious intent. Cyber criminals create fake Wi-Fi hotspots to trick users into connecting to what they think is a legitimate network. This can be referred to as an evil twin attack. It’s fairly easy for cyber criminals to set up a fake Access Point (AP) with the same name as a genuine hotspot. Once your phone or devices connect to a rogue wireless network, all your communications and personal information can be accessed.
Can you get hacked on public Wi-Fi?
Getting hacked using public Wi-Fi is a real possibility because open wireless networks have weak network security and nearly no data encryption (if any at all). In other words, they represent a hacker's playground for stealing personal information, so think twice next time you want to connect to the public Wi-Fi at your local café, restaurants, airports, hotel rooms, libraries, you name it – don’t do it.
Is it safe for businesses to use public Wi-Fi?
No public Wi-Fi is totally secure, which is why businesses should steer clear of open wireless networks altogether when dealing with business data and operations – although businesses are welcome to offer free public Wi-Fi to their customers or as part of their services. Businesses can also opt to segment their network for this purpose.
In conclusion, businesses should only ever connect to Wi-Fi networks they own and trust. Businesses and employees should never access emails, sensitive client data, financial information, or payroll information while on public Wi-Fi.
Public vs private Wi-Fi network: Which is best?
Private Wi-Fi is far more secure than public Wi-Fi. Private Wi-Fi networks are password-protected and encrypt your Wi-Fi signal which safeguards your identity and personal information – essentially preventing unauthorised access to your home or private network. Most private Wi-Fi networks use 256-bit encryption, the same encryption protocol used by banks and governments.
To sum it up, public Wi-Fi networks are unprotected networks that anyone within the vicinity of the connection point can connect to with little or no restrictions to access. This makes them more susceptible to hacking. On the other hand, private Wi-Fi networks are encrypted networks that require users to provide access information such as passwords, codes, and email addresses. This means your data is protected at all times.
How to stay safe on public Wi-Fi
Cyber security experts recommend staying away from public Wi-Fi networks whenever possible. Use your mobile hotspot instead, especially when sharing sensitive information or logging into accounts. Connecting to a cellular network is far safer than using Wi-Fi because all data sent from your phone to your telco and internet service provider is encrypted. If you absolutely must use public Wi-Fi, here’s how to stay safe when using a public wireless connection.
Use multi-factor authentication (MFA): One of the biggest security threats to using open wireless networks is hackers gaining access to your passwords. One way to reduce this risk is to enable multi-factor authentication on any accounts and software that offer it. MFA requires users to provide two or more verification factors to gain access to online accounts. This means that even if a hacker got your username and password, they wouldn’t be able to access your accounts without another method of authentication.
Avoid accessing sensitive information on public Wi-Fi: If you must use public Wi-Fi, avoid sharing and accessing sensitive or personally identifiable information (PII). Steer clear from logging into your banking apps, social media accounts, or any website or accounts that hold your personal or banking information. Do not make online purchases, pay bills or transfer money when connected to an open wireless network. You can browse the internet for anything that’s not sensitive like news sites, etc.
Turn off file sharing: Did you know your folders can be accessible to anyone connected to the same public network? It’s important to remember to turn off file sharing on your devices before connecting to public Wi-Fi. Turning off file sharing will prevent wireless access to files on your computer over the network you're connected to.
Use a virtual private network (VPN): You can use a VPN to establish a protected network connection when using public Wi-Fi networks. A VPN re-routes your internet traffic through a virtual private network with end-to-end encryption.
Only browse secure websites: Only browse websites with URLs that begin with ‘HTTPS.’ This means they contain a Secure Sockets Layer (SSL) certificate − a bit of code that secures the connection and communications between your web browser and server. If you connect to unsecured Wi-Fi networks and use ‘HTTP’ instead of ‘HTTPS’ addresses, your traffic could be visible to anyone else on the network.
Keep your operating system(s) up to date: Operating system (OS) updates include the latest security patches to better protect your devices from existing and future Wi-Fi threats. Turn on automatic updates on your phone, tablet, and computer to make sure you’ve got the most up-to-date security features.
A final word
Next time you think about connecting to public Wi-Fi, think about whether the risks of potentially having your data and information compromised are worth the convenience. If you must connect to an open wireless network, be sure to take the appropriate measures to mitigate the risks of a cyber attack. For more information, contact us via email: enquiries@xiphcyber.com.
Posted in: Security