How dangerous is public Wi-Fi? We ask an expert

What is Wi-Fi
lightpoet/Shutterstock
How often have you been stuck in an airport, or on a train, and decided to take advantage of the public Wi-Fi network? Do you choose restaurants or cafes based on their free Wi-Fi? Great. Now, answer this: What do you do on your smartphone or laptop when you connect? I know it’s none of my business, but if you aren’t protecting yourself, snoopers and cyber criminals may have a field day at your expense.

Public Wi-Fi is everywhere. We all use it, but most of us are unaware of the risks and fail to take the necessary precautions to protect ourselves.

“The major hazard with public Wi-Fi is the fact that all the information you’re transferring between your computer and the computer that you’re accessing is available to everybody on the network,” explains David Maimon, Assistant Professor in the department of Criminology and Criminal Justice at the University of Maryland. “What attackers do is try to intercept the communication between your computer and the computer you’re trying to get information from or send information to. They can get passwords, usernames, you name it.”

Maimon is in the midst of a study into how we use public Wi-Fi networks. He has been visiting locations across Maryland, connecting to public Wi-Fi networks, and collecting data.

The 3 dangerous amigos of public Wi-Fi

There are three common avenues of attack to worry about with public Wi-Fi: man-in-the-middle attacks, malware, and Wi-Fi sniffing.

Main-in-the-middle attacks: “Man-in-the-middle attacks are where attackers are putting together their own network and standing between your computer and the computer you’re trying to access and all the information is routed through their device,” Maimon explains. “If they use this kind of approach then all the information is accessible to them, it doesn’t matter if you are accessing an HTTPS website, an encrypted website or not.”

“I can pretty much see whatever you’re doing on your computer…”

Malware: Malware is even more dangerous, because it potentially gives an attacker access to everything on your device. They can steal your files or photos, and even turn on cameras or microphones to eavesdrop. If the attacker can get your login info for a cloud service, for example, it’s easy for them to slip malware onto your device.

Wi-Fi sniffing: The last method is known as Wi-Fi sniffing and it involves monitoring network traffic. Attackers record huge swathes of data as it travels across the network and then analyze it later to uncover useful details. Sadly, it’s not even illegal to sniff through packets a lot of the time.

“When we started we had to get approval and the legal team in Maryland checked whether it’s okay to sniff and couldn’t find any law preventing you from sniffing,” says Maimon. “Banners before you log in to public Wi-Fi, where you agree terms of use, sometimes specifically mention you’re not allowed to sniff and that makes it illegal, but if there’s no banner then it’s not illegal at all.”

It’s alarmingly easy to snoop

You might imagine that you’d need expensive specialist equipment or some kind of programming ability to monitor Wi-Fi and get your hands on other people’s information, but you don’t. Maimon uses the same tools that the hackers use and they are very easy to get your hands on.

“You can turn on Wi-Fi sniffing, log into a public Wi-Fi network and the software allows you to listen to and see all the traffic that’s transferred over the network,” Maimon explains. “I can pretty much see whatever you’re doing on your computer.”

Pineapple Wi-Fi device

For man-in-the-middle attacks, you can buy devices online and operate them without being a computer science student.

“One of the tools that the hackers are using is the Pineapple Wi-Fi device — it helps them generate spoofed websites,” says Maimon. “All the information is routed through the device. You think you’re sending it to the HTTPS website, but it’s actually a spoof website that the device created.”

Unless you’re snooping yourself, there’s no way to tell if you’re being exposed on a public Wi-Fi network. There’s no easy way to detect sniffing or man-in-the-middle attacks.

How do you protect yourself?

“When you’re on a public Wi-Fi network don’t access your bank account and sensitive details,” says Maimon. “Even Facebook and email, sometimes you send sensitive information over emails, if you don’t want to expose information, don’t use these things on public Wi-Fi. Use it for Web browsing or using Netflix maybe, but nothing else.”

Remember, the apps on your phone may automatically transmit data in the background, as well. Follow our advice on how to limit your background data on iPhone or Android.

“If you don’t know who’s running the network then you probably shouldn’t use it.”

You also have to make sure that you’re connecting to the right network. The next stage in Maimon’s research is to travel around public areas with his own unsecured Wi-Fi hotspot and see how many people connect and what they do. He has been surprised by how readily people will connect to networks that they know nothing about.

“If you don’t know who’s running the network then you probably shouldn’t use it,” he says. “You’re taking the risk that it’s a bad guy operating it.”

You should also stop your devices from automatically connecting to public Wi-Fi whenever it’s available, just in case it connects to a dodgy network. Criminals will set up their own hotspots in busy areas, so always ask the café owner or someone who works at the location for the connection details to make sure you’re connecting to a legitimate network.

If you’re willing to expend a little effort, there’s also another way to keep yourself safe.

“A VPN service is the best way to go. All the information you transfer is protected, it’s like a tunnel that protects the data from attackers,” says Maimon.

Protect yourself with a VPN service

“I think people should use public Wi-Fi because it’s becoming more ubiquitous as the Internet spreads, when people are traveling and they’re outside their house they should use it,” says Golden Frog president, Sunday Yokubaitis. “But they need to protect themselves and be aware of the dangers.”

VPN stands for virtual private network, and there are many services out there that you can use with apps for smartphones and computers. Golden Frog is the company behind one of the most popular VPN services around: VyprVPN.

“Users connect to our servers using an encrypted connection, really protecting that last mile,” explains Yokubaitis. “It wraps the entire internet connection in encryption and keeps you protected, protecting beyond the Wi-Fi router all the way to our servers.”

If you’re using a VPN then snoopers engaging in Wi-Fi sniffing won’t be able to see what you’re up to. Stronger protocols like OpenVPN can also defeat man-in-the-middle attacks. But this protection comes at a price, and you should choose your service carefully.

“You may be protected from public Wi-Fi, but end up with a provider with a business model predicated upon selling your data,” explains Yokubaitis. “The price of free is too high. A VPN service requires network, and servers. If it’s free, you really need to look into the business model.”

There have been a few scandals in the VPN space. Hola was found to be selling user’s bandwidth, though it’s not actually a VPN; it’s a proxy service. A Chinese provider called Terracotta was also recently exposed by RSA Research for selling stolen infrastructure access to hackers.

A VPN service is the best protection you can employ if you’re going to use public Wi-Fi.

If you’re concerned about privacy then you may raise an eyebrow at VPN services owned by the likes of Facebook and App Annie. Data analysis and sales is big money. You could be giving up more than you realize.

“This isn’t just demographic data like another website might sell, this is every website you’re visiting, every app on your phone,” says Yokubaitis. “Think of it like dropping your kids off at daycare, you’re relinquishing control, and in order to do that you really need to look into who you’re dealing with.”

A VPN service is the best protection you can employ if you’re going to use public Wi-Fi, just make sure that you choose carefully. Read the privacy policy, check the provider’s background and location, and do a little research.

If you plan on using public Wi-Fi without one, make sure that you’re connecting to the right network and don’t access anything sensitive, like your bank account. It’s simply not worth the risk.

Wearables

Think this smartwatch doesn’t have a screen? Think again

This looks like a regular chronograph watch, but it holds a secret: It's really a smartwatch and even has a hidden screen, which is revealed only when you need it. We took a closer look at CES 2019.
Home Theater

Here’s why you’re not getting Netflix in HD or 4K, and how to fix it

Are you having trouble watching your favorite movies or TV shows on Netflix in HD or 4K? We explain why loading takes so long, why the picture quality fluctuates, and what you can do about it.
Computing

Getting Windows 10 updated doesn't have to be so painful

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Smart Home

Leviton’s smart home line shines with Alexa-powered smart switch and lights

Leviton is at CES 2019 and showing off a lot of new, connected lighting options including a dimmer switch that has Alexa built right into it and Wi-Fi connected outlets that make it easy to take control of your devices.
Mobile

Samsung's advanced folding phone needed 'total reconfiguration' to make it real

Samsung has been showcasing bendable display tech for a few years and now a folding smartphone might finally arrive. The Galaxy X, or perhaps the Galaxy Fold, may be the company's first example. Here's everything we know about it.
Mobile

The Sony Xperia XZ4 shines in case renders from accessory maker Olixar

Sony may have released the Xperia XZ3 in the past few months, but already it's preparing to release a follow-up, the Xperia XZ4. We're learning plenty about the phone now some details have started to leak out, and it's getting exciting.
Mobile

Benchmark scores surface for Google's midrange Pixel 3 XL Lite

The Google Pixel 3 and Pixel 3 XL are considered to be two of the best Android smartphones, but it looks like Google could be prepping a midrange line. Say hello to the Pixel 3 Lite and Pixel 3 Lite XL.
Apple

Rumors say Apple's AirPower wireless charger may finally be in production

At its September event in 2018, Apple unveiled the AirPower, a new wireless charging mat that will allow you to charge multiple devices at one time. It has not yet been released. Here's everything we know about the device so far.
Computing

Beam up the videos: AirPlay support is coming to VLC player

At CES 2019, the developers of VLC player announced they are adding support for Apple's Airplay feature, allowing consumers to beam video and other content from their iPhone and Android devices to an Apple TV. 
Mobile

The LG G8 ThinQ may arrive at MWC 2019 with an on-screen speaker

LG is expected to release a successor to the LG G7 ThinQ, possibly called the LG G8 ThinQ, this year and rumors about it are already spreading. Here's everything we know about it so far.
Mobile

Oppo could reveal a new smartphone with a 10x optical zoom

Cracking a solid zoom on smartphones has been a riddle many years in the solving. One company may have finally cracked it though: Oppo may be about to show off a phone with a 10x optical zoom.
Outdoors

Nike’s Adapt BB shoes let you tighten your laces with an iPhone

The new Nike Adapt BB shoe comes with smartphone connectivity that allows the user to tighten the laces using a smartphone while providing the ability to adjust tension throughout the game.
Wearables

How to switch TicHealth to Google Fit on the Mobvoi TicWatch C2 and TicWatch Pro

The Mobvoi TicWatch C2 and TicWatch Pro are both much-loved and feature-packed watches, and they offer excellent fitness tracking. Recently, Mobvoi has switched out Google Fit for TicHealth, but you can switch them back. Here's how.
Mobile

If you're looking for a good laugh, here are 70 questions to ask Siri

Siri has come a long way since her first appearance on the iPhone 4S in 2011. We know she can make appointments and give directions, did you know she can make you laugh too? If you want proof, here are lots of funny questions to ask Siri.