Public Wi-Fi security: Why public Wi-Fi is vulnerable to attack

Free public Wi-Fi is available in a lot of places including airports, restaurants, public transit (matatu, trains, ferries) coffee shops, libraries, hotel rooms, government offices you name it.

And jumping on a free Internet connection can be a convenient way to access online accounts, catch up on work, access you social media (Facebook, Twitter, Instagram, Skype e.t.c.) accounts or check emails while on the go. But don’t forget the privacy and security risks that are associated with it.

The most appropriate way to help protect your personal information is to completely get rid of accessing sensitive information or performing sensitive transactions when connected to any public Wi-Fi. And there are other safety measures that can help you.

It’s therefore very important to take measures to help protect your personal information and your devices. Taking the right steps before connecting to public Wi-Fi is extremely essential.

Why your online privacy vulnerable to cyber-attack on public Wi-Fi

The average free public Wi-Fi connection isn’t secure. Just because you may need a password to to access you respective online accounts, doesn’t guarantee you online safety.

READ ALSO: How To Secure Your Cell Phone For Personal Safety

Public Wi-Fi can be extremely dangerous and can leave you vulnerable for different reasons. One reason has to do with the encryption protocol used by some wireless networks. Another has to do with the possibility of joining a fictitious or rogue Wi-Fi hotspot.

Some wireless networks may use older standards for encryption which can raise your security risks. Wireless encryption protocol (WEP), one of the first encryption conventions for wireless networking devices, is considered weak and easily susceptible to being hacked.

Wi-Fi protected access (WPA) was intended to replace WEP as the standard for wireless networking devices, but it too was found to have weaknesses.

Users are especially at risk when connected to a wireless network that uses those outdated encryption protocols.

Another issue? When attempting to use free public Wi-Fi, you may be at risk of joining a rogue Wi-Fi hotspot. In such cases, an attacker creates a fake hotspot with the intent to perform man-in-the-middle (MITM) attacks on unsuspecting victims that join their rogue network.

If successful, this type of attack allows cyber thieves to intercept the communication between you and the servers of the websites you visit, allowing them to read, insert, and modify messages and data.

With pre-built kits that can perform MITM attacks, even minimally skilled hackers can eavesdrop and monitor your online traffic to capture valuable information, such as login credentials, credit card numbers, and Social Security numbers.

Signs you may be logged on to a rogue Wi-Fi

Devices look for known Wi-Fi networks, and hackers can use this to their advantage.

An attacker’s rogue Wi-Fi hotspot can pretend to act as your home network or as a public network that you might come across at a coffee shop or airport, for example. Instead of connecting to a real public Wi-Fi hotspot, your device connects to the attacker’s fake hotspot. This means the attacker’s network is between your device and the actual Wi-Fi network, so they’re able to see your online traffic.

Here’s another tactic. A hacker creates a public Wi-Fi network called “Free Wi-Fi” and waits for victims to join. A lot of people likely will try to connect, especially if free Internet service is being offered.

And here’s one more tactic. You might be away from home, and while at a coffee shop, for instance  and suddenly your computer shows that you’re connected to your home network. Chances are, someone could have intercepted your computer’s broadcast request.

In some cases, you might try to connect to a website, such as your bank or a favorite social media website, that you know should be encrypted the web address begins with “https.” But the page is rendering in “http.” That means someone may be performing a man-in-the-middle attack and serving you the unprotected http version of the site in hopes of capturing your login credentials.

12 public Wi-Fi security tips: How to stay protected on public Wi-Fi

Here are 12 public Wi-Fi safety measures to help keep your information protected.

  1. Be careful what you access

Never use public Wi-Fi networks to access sensitive information. If you need to get online to browse for directions or do something else that’s less sensitive, you probably can do it. But if you’re trying to pay your bills or buy something, it can wait.

If it’s a dire situation or if you regularly use public Wi-Fi, consider a virtual private network, commonly known as a VPN. You can find a variety of VPN services online, but if you want an effective service you’ll likely have to pay for it. Be sure to choose one from a reputable security provider.

  1. Use your employer’s VPN access

If you need to use public Wi-Fi to do work and if your employer offers VPN access, use it. Once connected to the VPN, it creates a private network, or tunnel, through which you send information back and forth, adding an extra layer of security to your connection.

  1. Stick with “https”

3.Only browse websites that start with “https” and avoid websites that start with “http” while on public Wi-Fi. Website addresses that start with https are encrypted, adding an extra layer of security and making your browsing more secure. If you connect to an unsecured Wi-Fi network and use regular http instead of https, your traffic could be visible to anyone else on the network.

  1. Consider an extension

Consider installing an extension like HTTPS Everywhere* which will force all websites you visit to connect using https. This is a Firefox, Chrome, and Opera extension produced by a collaboration between the Electronic Frontier Foundation and The Tor Project.*

  1. Adjust your settings

Configure the wireless settings on your devices to not automatically connect to available Wi-Fi hot-spots. This ensures that you do not unknowingly connect to public networks.
You can do this by turning off the “Connect Automatically” feature on your devices so they don’t auto-connect and search for known Wi-Fi networks.

READ ALSO: What Should You Do During A Terrorist Attack?

Doing this can prevent your computer or device from broadcasting that it’s trying to connect to “Home Wi-Fi” network and allow an attacker to create a bogus network with that name.

  1. Consider using a privacy screen

If you must access sensitive information in public areas, consider putting a privacy screen on your devices. A privacy screen will blacken your display for everyone but you. Fraudsters seeking to copy or photograph sensitive information on your screen will be unable to.

  1. Turn off file sharing

Make sure you turn off file sharing before accessing public Wi-Fi. If you keep file sharing on, it’s possible your folders may be accessible to anyone connected to the same public network.

  1. Protect your passwords

When you’re using public Wi-Fi, cyber snoops could gain access to your passwords. One way to enhance your protection is by enabling two-factor authentication, or 2FA, on any services that offer it. When enabled, this added protection ensures that even if someone gains access to your password while you’re using public Wi-Fi, they still won’t be able to access your accounts. Usually, you’ll receive a second log-in step — a call or a code on your smartphone, for instance,that you’ll use to log in to your account.

  1. Consider a password manager

A password manager can provide an additional layer of protection. Password managers are software applications that create complex, unique passwords for each of your online accounts and store your usernames and passwords, unlocking them with one strong master password.

This is especially helpful in terms of public Wi-Fi security. That’s because many password managers provide strong, high-level encryption, so cyber criminals won’t be able to figure out your login credentials or passwords.

  1. Keep your software updated

Always update your software as soon as patches and system updates are released. Security issues often happen when software patches aren’t enabled and your devices lack the latest protections. These include both computer software and mobile phone apps. Keep them up date at all times.

  1. Remember to log out

When you’re done browsing, be sure to log out of any services you were using. Also check your settings to make sure your device will ‘forget the network’ and not automatically reconnect to that network again if you’re within range without your permission.

Author: Livingstone Were
Livingstone is a security and safety expert specializing in cybersecurity, corporate security management, public safety, and private investigations.

Leave a Reply

error: