It’s always a satisfying feeling when you find that free wifi connection at a public park or a mall. The temptation to hit connect is irresistible – what’s not to like about saving your mobile data? Complimentary internet, somehow, just feels better than the paid version.
Having said that, it’s important to keep in mind that such public wifi networks are available to all and sundry. People with malicious intent can also log on and manipulate the network to steal your data. It’s not as far-fetched as you might think.
In order to keep yourself safe and secure on a public wifi network, we recommend you read through the rest of this guide.
1. Distinguish between secured and unsecured networks
Generally speaking, there are two types of public wifi networks. A completely open network allows you to log on without any authentication details. All you have to do is simply click connect and your smartphone or laptop will do the rest. We advise that you refrain from using this option – only log on as a last resort and for a short period of time.
The other type of public wifi networks are those that require you to sign up and enter details like a phone number and valid email address. You might also have to create a username and password before the system grants you access. These could either be a large scale wifi network provided by your cellular company or one at your local coffee shop where the range is significantly less. Both are considered to be public wifi systems.
Such networks are considered far more secure as your personal details are saved. Would-be hackers aren’t usually in the business of giving away such details so it’s a safe bet that they’ll leave these networks alone.
If you’re sitting in a coffee shop or a cafe, then ask the barista which wifi network to connect to. They’ll be aware of the official ones – put in place either by the mall or the shop – and will guide you accordingly.
2. Keep sensitive information at bay
If you are using a public wifi network, then we strongly advise you not to engage in things like internet banking, online shopping, or any other activity that might expose financial data.
If there’s a compelling need to transfer funds or take advantage of a flash sale, the prudent approach is to turn on your mobile data for this specific transaction. It’ll only take a few minutes and it’ll keep you secure. Under no circumstances should you be filling out a webform with your bank account details, credit card information, or social security number while connected to a public wifi network.
3. Turn off wifi when not in use
If you’re not using the internet but are in range of a public network, we advise you to simply turn off wifi. It’ll just take a few seconds and add an extra layer of security. After all, just enabling the option allows people to notice your presence and possibly snoop around. If you wish to reconnect to the internet, just switch wifi back on.
For Windows users, just click on the wireless icon in the system tray and turn it off. For Mac OS, find the wifi icon on the menu bar (that’s on the top right corner of your screen) and switch it off. Both Android and iOS users will discover the option in the settings menu.
4. Turn off sharing
It’s possible to share files, printers, and turn on remote logins from other computers logged on to the same network. This setting is okay for networks you trust, like those at home and office, but should definitely be avoided when connected to public wifi.
For Windows PC users, open your Control Panel, and browse to Network and Internet > Network and Sharing Center. Once you’re there click Choose Change > Advanced Sharing Settings. Turn off both network discovery and file and printer sharing.
For Mac OS, simply go to System Preferences > Sharing and uncheck all the boxes.
5. Use a VPN
Short for Virtual Private Network, a VPN encrypts all the internet traffic to and from your device making it almost impossible for hackers to snoop in your activity and significantly secures open wifi connections.
A VPN is also an excellent choice for accessing restricted content or streaming geo-locked media on the likes of Netflix, Hulu, and BBC iPlayer. It works by tunneling the traffic via an intermediary server so that it appears you’re somewhere other than your current location.
Read through our list of the best VPNs in 2017 to figure out which one is best suited to your needs.
6. Stick to secure websites
Hyper Text Transfer Protocol (HTTPS) is an encrypted protocol through which your browser sends data to the website you’re currently visiting. Popular sites like Facebook and Gmail use the HTTPS protocol as it means there’s significantly reduced chances of your private data being exposed.
To identify an HTTPS secured site, just lock for the green padlock icon in the browser next to your website address. Not all sites have this option so don’t assume your browsing is encrypted by default.
It’s also a good practice only to surf the mobile web while connected to a public wifi network on your phone. Apps don’t always follow the stringent encryption protocols that popular browsers like Chrome and Firefox do.
We recommend you install the “HTTPS Everywhere” browser plugin. The plugin can’t force unsecured sites to automatically morph into an impregnable status but does activate security features if they’re written into the source code but dormant.
If you’re still wary of a site’s security credentials, we recommend you read through our guide of how to recognize secure sites.
7. Enable your firewall
The basic firewall present in your Windows or Mac operating system might not have the advanced robust features that paid antivirus solutions offer, but it’s still a handy tool to ward off attacks.
For the uninitiated, a firewall is the first line of defense against hackers and acts as a barrier between trusted networks and untrusted networks. It’ll monitor all traffic and decide whether to accept or reject based on specific security parameters.
To enable your firewall in Windows, just go to security settings. These are found in Control Panel > System and Security > Windows Firewall.
For Mac OS go to System Preferences > Security & Privacy > Firewall.
8. Keep your software updated
Most programs we use aren’t static in any way – developers are constantly tuning the code and patching up security vulnerabilities. That’s because hackers can strike at any time and your software provider best be prepared for this eventuality.
As a general rule of thumb, when your antivirus pings you to install a software update you click ‘yes’. At the same time, you should do this over your home or office internet connection, not an unsecured public one.
9. Follow smart browsing principles
Other than all the practical tips outlined above, there are more steps for deterrence that you can apply too. Deploying strong passwords with a combination of uppercase, lowercase, and numerals is definitely recommended. Enable two-factor authentication whenever you can – this is particularly important for social media, email, and banking. If you’re stuck for options, use our password generator.
If you’re connected to a public wifi network, then don’t forget to logout of all your sites before you leave. Also, tell your device to “forget the network” – this prevents it from logging on to it automatically in the future.
How can I be hacked on a public wifi?
In this section, we’ll take you through some of the methods hackers deploy to steal your data.
1. Man-in-the-Middle Attacks
Hackers use this technique to intercept communications between two entities such as your device and the server it’s connected to. The flow of data is interrupted by the snooping hacker, allowing him/her to eavesdrop on your personal information and steal things like bank account information and credit card details.
Man-in-the-Middle (MTM) attacks are particularly susceptible on public wifi networks. Hackers set up rogue wifi networks with seemingly innocuous names such as ‘FreePublicWifi’ in a bid to lure users. Once you’re connected, the hacker will have direct access to your browsing session and all the data contained within. They might even be able to view your stored cookies, or bite-sized packets of data that store things like login information.
The effectiveness of MTM attacks was showcased by 7-year-old ethical hacker Betsy Davis who successfully infiltrated a public wifi network in under 11 minutes. The experiment was part of a demo to highlight the dangers of using public wifi. It took place in the UK, which has over 270,000 public access points. A survey carried out as part of the demo revealed that 59 percent of British internet users frequently connect to public hotspots, with a worrying 19 percent of them using it for sensitive transactions like personal banking.
One way to identify a rogue connection as opposed to a legitimate one is to check for authentication/login procedures. Trustworthy networks will usually ask for some personal details and ask you to agree to a ‘terms of service’ before granting you internet access. If a network allows you to login immediately without the need to punch in any data, that’s usually a red flag and should be avoided at all costs.
2. Packet sniffing
A packet sniffer is actually robust software that’s used by system administrators to monitor network traffic. With its help, an administrator ensures smooth flow of traffic by removing all bottlenecks on the network.
But there’s a downside too. An intruder with malicious intent could infiltrate the software and use it to analyze all the traffic in the network. The purpose is the same: to steal personal information such as passwords, user IDs, and credit card information. However, intruders can remain invisible while they steal this data and hence packet sniffing is generally viewed as a dangerous attack to quell.
There are three ways to carry out a packet sniffing attack. The first one is referred to as wireless sniffing where a hacker gains control of the system after forcing his/her way through the network wifi. Some companies unwittingly make this process easier by forgetting to change the default admin settings on their routers.
Another way is for an employee of the firm – one who ostensibly has access to the internal LAN – and can abuse his privileges to capture traffic. The last method involves the use of spoofing techniques by hackers outside the target network. Such techniques break through the firewall and make it possible to steal information.
3. DNS spoofing
DNS servers help manage the flow of internet traffic to and from your device. For example, when you enter ‘facebook.com’ on your browser, it first contacts its DNS server. The server then responds with IP addresses that your device can use to connect to Facebook. It’s basically helping convert human-readable domain names to computer-readable ones.
DNS servers can turn malicious if a hacker gains access and changes some of the information. It could then be instructed to redirect common domain name requests such as ‘google.com’ to a site that the hacker owns and controls. In this case, you come become a victim of a phishing attack.
Such types of hacking attempts can be devastating on public networks. A hacker only needs to infiltrate one computer in order to disrupt the dozens of devices that are connected at any given time.
4. Phishing scams
Phishing attempts are used by hackers to obtain sensitive personal information such as your bank account details or credit card information for the precise purpose to steal money. They’re usually disguised as links within official sounding emails or other modes of communication, prompting users to fork over details.
In 2015, Australian comedian Casey Talbot was robbed of over US$10,000 from his personal bank account while connected to public wifi in Sydney airport.
Hackers first infiltrated the network and then proceeded to target his particular device via malicious email. Mr. Talbot fell for the trap and handed over his information. The money was cleaned out immediately.