Security

Are Public WiFi Networks Safe?

by Baz Edwards

Hackers love public Wi-Fi networks and as a result, they can be dangerous. In this post I explore the dangers of using public Wi-Fi and what you can do to protect yourself and stay safe.

Are Public WiFi Networks Safe?

Public Wi-Fi networks are everywhere.

They're in coffee shops, hotels, airports, restaurants, you name it, there's a Wi-Fi hotspot, and more often than not, they're free.

When I walk through town, my phone connects to a Wi-Fi hotspot.  I walk past a bus and my phone tries to connect to the onboard Wi-Fi.

And they're great don't you think?  After all, they save your data.

But are they that great, really?  Are they completely safe?

Is it safe to do my internet banking on the coffee shop Wi-Fi?

Well, in this post I'm going to highlight some of the dangers of using public Wi-Fi, what you should look out for, what you can do to protect yourself on public Wi-Fi and ultimately answer the question of whether public Wi-Fi networks are safe (or not).

The dangers of public Wi-Fi

You might be wondering:

What is all the fuss about?  How dangerous is it really when I'm just sitting there just checking my email in the corner of a coffee shop?

Well, it turns out that there are quite a few big problems with using a public Wi-Fi networks.

The first of these problems is that they allow for snooping, due to the open nature of these networks.

Secondly the network that you are connecting too might be infected with malware and compromised.  

And thirdly, the network that you think you are connecting to might even be malicious.

Still confused?

Let me explain in a little more detail.

Snooping

Wi-Fi networks use radio waves to broadcast and receive network traffic and as such, they are transmitted openly between devices on the network.

It's a bit like someone overhearing your private conversation in a busy restaurant.  Or perhaps more relevant, it's like listening to someone's walkie-talkie conversation.

Not only is the network traffic broadcasted openly, the traffic is generally unencrypted.

Unlike your home Wi-Fi which requires you to enter a password to access, when you connect to an open Wi-Fi network such as the one at your local coffee shop, you don't always have to enter a password to get on it.

If you don't have to enter a password, then the network is unencrypted.

And with the right eavesdropping software, others can take your information without you releasing.  

So for example, say you go to any unencrypted website and submit an online form, people can quite easily see what you've typed in.  They can also see what websites you've visited.

Even if you connect to a website that's encrypted such as WhatsApp or your bank's website, any snoopers would still know about it, even they wouldn't know what information you were typing in or sending.

So what software do the snoopers use?

Well there are a number of different tools out there such as Firesheep and network analysis software such as Wireshark which enable snoopers to capture your network packets in real time and snoop on your web activity.

Wireshark - By Magawla61 (Own work) [CC BY-SA 4.0], via Wikimedia Commons

Malware

When you connect to a public Wi-Fi network, you're opening yourself up to the risk of malware.

The guy sitting next to you running Windows XP without antivirus protection is potentially putting your computer at risk of infection, especially if you allow file sharing across a public network.

Moreover, with file sharing enabled, hackers can plant infected software on your computer.

Some hackers have even been known to compromise the connection point itself, causing malware to be installed when users connect to the hotspot.

Fake and malicious hotspots

Perhaps the biggest risk in connecting to public Wi-Fi networks is when the actual hotspot itself has been designed to be malicious.

In this situation, the business's hotspot could be compromised or there could be a fake hotspot set up to lure people into connecting to it.

Fake hotspots can be configured to look just like a legitimate free Wi-Fi hotspot.  It could even say something along the lines of "Coffeeshop Wi-Fi" when your device scans the various networks which are available, so be aware of these.

The worst bit?

These networks are very easy to setup.

For example, devices such as the Wi-Fi Pineapple Nano demonstrate how hackers can easily set up a malicious network.

The way these devices work is that when your device tries to connect to a Wi-Fi network it has previously remembered, the Wi-Fi Pineapple has the ability to chirp up and say "that's me, connect to me!".

Once someone has connected to the Wi-Fi pineapple, the hacker has effectively positioned himself between you and the connection point.

So instead of going directly to the real coffee shop Wi-Fi, you're actually sending your information and traffic to the hacker, who then relays it on.

And you wouldn't notice any difference.  You can still surf the web, check your emails, watch YouTube videos etc, but the hacker will have access to every piece of information that you send out across the internet.

Even worse, the hacker can setup fake HTTPS websites so the secure website that you think you're connecting to could actually be a spoof website that the Wi-Fi Pineapple device has created.

How to protect yourself on public Wi-Fi

OK so public Wi-Fi networks are pretty dangerous right?  Well, yes they can be, but there are things you can do and should do to protect yourself.

The first thing I recommend is very simple.  DO NOT do your online banking or similar things that involve sensitive information.

Wait until you're home or connected to your mobile carrier's network (3G or 4G) before doing these things unless you want to expose your sensitive information.

It's fine for general web browsing or watching a film on Netflix for example, but don't use public Wi-Fi for anything sensitive.

And don't forget apps on your phone too.  These all transmit data over the internet, often in the background, even though they don't use a web browser to do this.

So again, the advice is don't use your online banking app or similar when you're on public Wi-Fi.

OK with that out of the way, what else can we do?

Use encrypted websites

So if you're surfing away on public Wi-Fi, try to use encrypted websites.

In other words, make sure the website you're looking at is using a HTTPS connection.

There are lot's of websites out there at the moment that don't use HTTPS and so the exchange of information between your computer and a non-secure website is sent over in plain text.

What this means is that anyone with the right skills and wrong intentions could potentially intercept that exchange of information and sniff that traffic quite easily.

But of course it depends on what you are doing.

If you're just searching for an article on your favourite website, then it's not such a big deal.

However, if your're entering your email password on a non-secure, non-HTTPS website, then your password could be stolen.

When you use HTTPS, the data is encrypted and scrambled when it is sent to the website's server that you're visiting.

So if your traffic did happen to get sniffed, the data would be complete gobbledygook to any prying eyes and therefore completely useless to them.

To ensure that you're always using the HTTPS version of a website, there's a really useful browser plugin called HTTPS Everywhere that you may wish to consider using.

It's also worth bearing in my that the mobile app version of the service you're using maybe communicating over a non-secure connection.  Unlike websites, mobile apps don't have a visible indicator to show that they secure.

So my advice would be to use the mobile website rather than the app for the service you're connecting to so that you can check for the https bit at the start of the web address.

Disable file sharing in Windows

I have already mentioned that if you connect to a public hotspot then you are a risk of malware infection if there are any compromised devices on the same network.

One thing you can do about this is to make sure that you the select the "Public network" Wi-Fi option in Windows and not the "Home network" or "Work network" options.

Whilst you're at home, it's normal to share files with your printer and even allow remote logins to your home computer, but you don't want to be enabling these things when you're on a public network.

By selecting the "Public network" option in Windows, your connection is locked down preventing any files that are on your computer from being shared with other computers across the network.

Windows will automatically ask you whether you're connecting to a home network, work network or if it's public network when you first connect to network and by selecting one of these options, your security settings will be set accordingly.

The public setting will give you the most security, which is the one I recommend when you're on a public Wi-Fi hotspot.

If you want to however, you can customize some of the settings.

In Windows:

  1.  Open Control Panel
  2.  Select Network and Internet
  3.  Select Network and Sharing Center
  4.  Select Change advanced sharing settings

From here, your can toggle on and off things like file sharing, public folder sharing and a few other things.

Make sure that file sharing and public folder sharing is turned OFF on public Wi-Fi networks like in the image below.

Enable Two-Factor Authentication

Enabling Two-Factor authentication on your favourite websites and services (where available) is a really good practice to get into.

All the big services such as Facebook, Google and Twitter provide two-factor authentication, but it's not enabled by default.  If you haven't enabled it on these services, do so as soon as possible, especially before you connect to a public Wi-Fi hotspot.

Here's why.

If you make a mistake and enter a password on a non-secure (non-https) website on a public network and that password is sniffed, then you still have an extra layer of protection, as the hacker will need access to your mobile phone to access or change anything on your account.

Also, make sure you don't use the same password for every website you sign in on because if that password is stolen, then the accounts for all those websites could potentially be compromised.

Personally I use LastPass to manage my passwords.  It enables me to use a unique password for each website without having to remember them.

The best bit about LastPass?

It's now completely FREE :)

Switch on your Firewall

Most Operating Systems such as Windows, Mac OS and Ubuntu have at least a basic firewall in place, but it's definitely worth checking that it's enabled on your computer, especially before you connect to a public Wi-Fi hotspot.

To check whether it's enabled, or if you if want to, customize some of the settings, such as specifying which applications are allowed access and which aren't, follow these steps:

In Windows:

  1.  Open Control Panel
  2.  Select System and Security
  3.  Select Windows Firewall

Double check the name of the Wi-Fi Network

I've highlighted above how easy it is for a hacker to set up a fake Wi-Fi network, and when they do, they will tend to use something along the lines of "Free Costa Wi-Fi" to lure people into connecting.

However, the legitimate coffee shop Wi-Fi might not be named as such.  My advice would be to confirm the name of the Wi-Fi with the company first before connecting to ensure that you're connecting to the official network.

Consider using a VPN

OK so this a big one, VPN's or Virtual Private Networks are DEFINITELY something I wholeheartedly recommend.

VPN's pretty much beat all other ways of protecting yourself whilst you're browsing on a public Wi-Fi network.

When you connect through a VPN, your internet connection is encrypted.  Which means that you are secure if even if the website's your using aren't secure and and don't offer SSL encryption.

So for example, if you're sat in your local coffee shop on the free Wi-Fi, people in your local vicinity will only be able to see that you're connected to one secure connection, i.e. your VPN.  They won't be able to see what you're doing on it or what websites you're visiting, they will just see that you are visiting a VPN.

What this means is that when you connect to the internet via a VPN, not even your Internet Service Provider (ISP), public Wi-Fi network owner, nor a hacker can snoop on what you are doing.

This is because all your activity and traffic is routed through a separate secure, private network.

In other words, your privacy and security are protected at all times.

You also get other added advantages such as being able to access content only available in certain countries.

If you want to learn more, I recommend you check out this explainer about VPN's and why you need one.

OK so what are the available options for VPN's?

My recommendations

If you're not sure where to start with VPN's and you want something basic to get you started when you're using public Wi-Fi hotspots and to access region-restricted websites, I can recommend a couple of simple options.

I personally like and recommend IpVanish and TunnelBear.  IpVanish is fast, has unlimited bandwidth and they don't log any of your traffic, which some VPN providers do.  They also provide software and apps for Windows, Mac, Android and iOS.  

TunnelBear is also good and they provide a free option, but there's a limit in terms of data usage.

Turn off your Wi-Fi

Finally, if you want to completely guarantee your security and you're not actively using the internet, maybe you'rw playing a game or typing a Word document or something, then simply turn off your Wi-Fi.  It's really easy to do too.  If you use Windows, then you can click on the wireless icon in the task bar and turn it off.  If you're using a laptop, there's probably a shortcut on there too.  On my laptop, I simply press the function key [fn] and [F12].

Wrapping up

OK, back to the original question, are public Wi-Fi networks safe?  Well, for me, the answer is NO, they are NOT completely safe, and you are never totally secure.  No network or device is unhackable and you've got to be on your guard at all times, but as I've outlined above, there are some things that you definitely should do which will greatly minimize the risk

And if you do go with my recommendations, then they will go a long towards improving your security generally, not just when you are browsing on public hotspots.

Finally, has this been useful or do you have your own way of staying safe on public Wi-Fi?  Maybe you have a favourite browser extension I've not listed or you may even use a SOCKS proxy over SSH.  Either way, it would be great to hear from you.  Let me know in the comments.

Enjoy the many public Wi-Fi hotspots out there, but be safe and make sure you know what you're doing and don't be caught out by the bad guys :)

Cheers!

Love this article?  Please share it with your friends on Facebook