Public WiFi networks are everywhere in this day and age, and pretty much every business — whether it’s a coffee shop, hotel or supermarket — will have one. For many of us, asking for the WiFi password may be the first thing we do when we sit down for a bite to eat, and although this is certainly convenient, the dangers of public WiFi are not to be underestimated.
In this piece, we’ll run through what these dangers are, what avenues of attack can be used against you, and finally how to protect yourself from danger and prevent attacks if you frequently make use of open WiFi networks.
Is It Dangerous to Use Public WiFi?
Yes and no. If you’re frequently connecting to public WiFi networks with no precautions taken and little concern for the authenticity of the hotspots you use, then you are absolutely at significant risk. However, the precautions needed to make public WiFi completely safe are simple, allowing you to have peace of mind when connecting to any public hotspot.
What are the Risks of Using Unsecured WiFi?
There are many risks associated with unsecured or public WiFi networks. Even if the network in question is a secure public WiFi hotspot, if all you need to do is ask one of the employees for the password, then anyone who wants access can get in anyway.
Even worse, many networks will have open WiFi settings, allowing anyone who’s connected to gain admin access to the router.
With this access, there are numerous ways for cybercriminals to take advantage of unsuspecting users who are simply looking to browse the web, mostly in the form of what is known as “man-in-the-middle” attacks.
Generally, attacks that take advantage of poor public WiFi security fall under the category of man-in-the-middle attacks. This means pretty much exactly what it sounds like, with the attacker positioned between you and the server you are trying to access, with you none the wiser.
This allows the attacker to capture all of your traffic, which they can use to steal your personal information, swipe payment details, such as credit cards, and even manipulate the data packages to install malware or spyware on your device.
Monitoring the incoming and outgoing traffic on a public network is one type of man-in-the-middle attack that is shockingly easy to pull off.
Anyone can download tools, such as Wireshark, and with the help of a few YouTube tutorials, have everything they need to see exactly what you’re doing on your laptop while you do your morning browsing in a coffee shop.
This means that all the information you’re sending — whether it’s credit card details, passwords or anything else — is laid bare to the attacker, giving them quick access to any accounts you sign in to or payment details you use.
Another common avenue of attack on public WiFi networks is known as malware injection. As mentioned above, attackers can use snooping software to inspect the data coming in and out of your device, but this is just the tip of the iceberg. Not only will they be able to see your traffic, but they could also manipulate it.
In layman’s terms, this essentially boils down to intercepting a web server’s response before it gets to you, inserting some malicious and hidden code that will run once the page opens on your device, and then sending it along its way. If the attacker did this right, you most likely won’t even notice that anything has happened until it’s far too late.
Generally, encrypting your traffic is enough to prevent this type of attack from happening. However, as mentioned earlier, the attacker may have gained access to the server credentials for the site you are visiting, which allows them to bypass the encryption entirely and insert malware into your browsing traffic even on a secure connection.
Dangerous WiFi Hotspots
Unfortunately, cybercriminals operating on legitimate WiFi hotspots is only one of the possible risks you face when using a public connection.
An even bigger risk to your safety is malicious hotspots set up to trick you into connecting to them. This is usually done by creating an unsecured hotspot with the name of a nearby business, such as a restaurant, café or hotel, which users will then connect to, blissfully unaware of the danger.
You’ll be able to occasionally protect yourself from this scenario by always asking the employees of the business if the WiFi hotspot is legitimate, but there’s no guarantee that they’ll even be aware of the imposter. In fact, the employees of the business may even be using the compromised WiFi network without knowing that anything is amiss.
Because in this scenario the attacker has full control over the hotspot, they have many more avenues of attack, such as serving you malicious ads that carry spyware or malware, replacing the website you want to visit with an entirely fake one and gathering any credentials you enter for various services.
Is HTTPS Safe on Public WiFi?
In theory, HTTPS can protect you against man-in-the-middle attacks when you’re connected to a public network. You can check out our explanation of HTTP vs. HTTPS for a full rundown, but in short, HTTPS protects your traffic by encrypting it and using TLS to verify the other end of the transaction.
This means that the “man in the middle” is unable to decipher the encrypted data, as he won’t have the required credentials to do so.
However, it’s not foolproof, and there are several ways to get around this, including changing redirects from HTTPS to HTTP or sending a fraudulent certificate. Although your browser will detect that the certificate is not valid, most users generally ignore these kinds of warnings.
Even if you’re careful and pay attention to these warnings, you may still be at risk. If an attacker has already acquired the private key belonging to the server you think you’re connecting to, then they’ll have no problem creating a fake certificate that your browser will not be able to warn you about.
To go even further, an attacker can collect your encrypted traffic over a long period of time by hacking and “owning” the router transmitting the WiFi signal at a business you often frequent.
Even though all the data is encrypted, unless the server owner has implemented perfect forward secrecy, a future security breach that gives the attacker access to the server’s private key will allow them to retroactively decrypt all the data collected in the past.
How to Stay Safe on Public WiFi
When it comes down to it, there’s really only one good way of ensuring you’re safe while using a public WiFi network, and that’s by using a virtual private network, or VPN for short. A VPN protects you by creating a “tunnel” for all your traffic, which is protected by end-to-end encryption.
Rather than your traffic going straight from your device to the server, a VPN routes it all through its own server beforehand. This extra security will prevent man-in-the-middle attacks because the attacker won’t be able to see any of your traffic, despite being connected to the same public WiFi hotspot.
However, not all VPNs are created equal, and although the best VPNs will ensure your traffic is safe and encrypted — and thus undecipherable to attackers — others might lack certain security features or make use of weak encryption, compromising any additional security you get from using it. For a better understanding of what makes a VPN secure, check out our description of encryption.
For a look at our top VPN pick, make sure to read our ExpressVPN review. If you’re still not sure, check out our NordVPN review and Cyberghost review, as these two providers round out our top three favorite VPNs.
There you have it, everything you need to know about the security of using public WiFi and how you can use them while maintaining your security. As mentioned, there is no better way to prevent an attack over public WiFi than using a VPN, so make sure to download and install one of the best VPNs to make sure your security remains uncompromised.
If you mostly use your phone to browse when connecting to public WiFi networks, then be sure to read our guide on the best VPN for mobile. Besides using a VPN, there’s not much you can do to avoid someone using the WiFi of a local business to capture sensitive data or even install malware onto your phone, tablet or laptop.
What did you think of this rundown of the dangers associated with public WiFi? Do you understand the significant risks and how to protect yourself against them, or do you think this is all unreasonable paranoia? Let us know in the comments below. Thank you for reading.