Public wi-fi is a godsend for those tight on data. It keeps us somewhat entertained when our flight is delayed, and it provides a change of scenery for those looking to study at a coffee shop and not the coffee table. It can also save us when our data runs out before you’ve mapped yourself to where you need to be.
The only issue is that public wi-fi is just that – public. Anyone can set up a public wi-fi service, and anyone can jump on. But while that’s great for people who want to use it, it’s also good for those looking to abuse it.
What is public wi-fi?
Public wi-fi is a free internet hotspot set up for anyone to access. It may be completely open, for anyone in range to connect to. Or it may be offered by a business and require you to use a password. For example, at a café. Either way, password or not, it’s open to all, and you have no control over its settings.
How safe is public wi-fi?
Without taking the proper precautions, not very.
Depending on who set up the hotspot, who else is using it, and what sites you are visiting, you could find a host of security and privacy issues arise.
In 2017, Norton and Symantec released a global study on public wi-fi safety. Two-thirds of Kiwis surveyed said they felt their information was generally safe while using public wi-fi. But when their behaviours were examined, it was found that 71% acted unsafely when using public wi-fi.
So it’s clear that for most of us, we’re blindly unaware of the risks, and how to mitigate those risks.
Public wi-fi: what are the risks?
There is a multitude of risks that can come with using public wi-fi. These include, but are not limited to:
This is quite possibly the most common threat you can face while using a public wi-fi hotspot. It’s also one of the most dangerous. When accessing the internet, your information is being sent from point A (your device) to point B (the websites you’re accessing). With a MItM attack, a third-party modifies your connection so that it reroutes through their own device.
This means they can see everything you are doing, including any passwords you enter. And they can also redirect and alter information/requests. For example, directing you to a fake website that mimics a real one, in order to get you to enter private details.
When you connect to public wi-fi, your online safety is in the hands of whoever set it up. This means that if their security is lax, the network could offer little protection from third parties and malware.
Or if they set up the wi-fi with the intention to defraud people, your personal information could be at risk. For example, someone might set up a hotspot in the same area as a Starbucks and give their fraudulent wi-fi a similar name, to trick people to log on.
Someone could aim to install malware and viruses into the public wi-fi hotspot so that when you use it your device and information become compromised. This can be of particular concern with public wi-fi, as it often has lax security protocols.
Sniffing is similar to a MItM attack. Only, instead of rerouting your connection it involves eavesdropping on the data being sent by your computer over the wi-fi to access your personal information.
Worryingly, sniffing is much less complicated than MItM, and doesn’t require as much know-how as other scams/hacks. There is an abundance of how-to videos online, and even dedicated products, to facilitate sniffing.
General privacy breaches
Aside from stolen identities, passwords, and credit card details, public wi-fi can be a haven for privacy breaches. This could involve another user gaining access to your history and the websites you visit, or the public wi-fi provider collecting your data and selling it to advertisers.
Even if public wi-fi is not a risk to your security, it could open you up to a violation of your privacy.
How to stay safe while using public wi-fi
Don’t use it if you don’t need to
Nowadays, it’s commonplace to have a phone plan that comes with bucketloads of data. So the need for free public wi-fi is actually dwindling.
And because no public wi-fi hotspot is 100% safe, if you don’t need to use one, don’t. Consider jumping onto your own mobile broadband if you want to check social media, or send an email. Not only is it safer, but if you’re not using it for long, it won’t use much data.
Be suspicious of free wi-fi
If you go down to Starbucks to use the free wi-fi, you can rest easy that it’s a legitimate network. Of course, you may still be vulnerable to other risks, but it’s being offered by a trusted and known brand. You don’t have to worry about it being set up to steal your passwords and credit card details. And because you’re also getting access to it as a paying customer, you’d hope that it’s not being used as a data mine (but check the terms and conditions).
A business won’t offer free wi-fi for no reason. If it’s not to entice paying customers, then it’s got to be making them money somehow.
Before you connect to any free wi-fi ask yourself:
- Is the provider a legitimate and trusted name (e.g. the hotel you’re staying at, a coffee shop, the airport)?
- Is it definitely the correct network? As mentioned above, malicious actors may set up hotspots with similar names to trick you
- Why is there free wi-fi here? Does it seem out of place? Would this public park really have free wi-fi?
- Are they asking for too much personal information in order to access it?
- What do they get out of offering me free wi-fi? If anyone can jump on for free, how are they making money? Are they using it as a data mine and selling it on to advertisers?
Be careful about what you access
Certain things such as internet banking should be off the cards unless strictly necessary. If your connection is compromised, having your YouTube credentials fall into the wrong hands is risky enough. But financial information is of particular concern.
In general, only visit sites using HTTPS (when on the site you should see a little padlock at the top next to the website domain). The ‘S’ shows that a site is secure and encrypted. Any sites not using HTTPS are less secure, and you will be at a higher risk of your information being exposed to a third party.
Be aware that scammers, hackers, phishers and any other name you can think of are increasingly making their websites HTTPS to take advantage of the trust we have in these sites. Just because HTTPS provides you with a secure link to a website, encrypted from third parties, doesn’t mean the website itself can be trusted.
Keep your device secure
Make sure your device is up to date, and that you have installed some form of antivirus/malware protection. This will help keep you safe if someone tries to install malware or infect your device while using public wi-fi.
Use a VPN
VPNs encrypt your data and keep it safe from prying eyes. If someone was to engage in sniffing and eavesdrop on you, they’d end up seeing a bunch of nonsensical code. Not your actual valuable information.
This can sound similar to HTTPS, and in many ways, it is – they both use encryption. But it’s important to note that:
- There are still sites that don’t use HTTPS, although it is becoming rarer
- HTTPS encrypts the information between your browser and the website. That’s it. Whereas a VPN cloaks your entire device, making your connection completely anonymous to hackers
- HTTPS can be vulnerable to attacks
- A VPN offers plenty more benefits beyond encryption
→Related article: What is a VPN and Why Should You Use One?
Turn off file sharing, such as Apple Airdrop, as well as Bluetooth
This will avoid being directly sent potentially malicious files you don’t want to receive. There have also been reports in the past that these features contain (or have contained) vulnerabilities whereby hackers could use them to access private information or files.
All the other stuff
- Don’t stay logged in to websites. Sign in and then sign out when done
- Change your settings so that you don’t auto-connect to nearby wi-fi
- Many computers will ask if you want to ‘trust’ a new network when you first join it. You should only trust your own home network.
- Stick to as few public wi-fi networks as possible. Don’t jump around multiple ones looking for the fastest connection.
About the author of this page
This report was written by Canstar Content Producer, Andrew Broadley. Andrew is an experienced writer with a wide range of industry experience. Starting out, he cut his teeth working as a writer for print and online magazines, and he has worked in both journalism and editorial roles. His content has covered lifestyle and culture, marketing and, more recently, finance for Canstar.