Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.

The Dangers of Public Wi-Fi

Will Ellis
Will Ellis — Last Updated on December 9, 2020

public-wifiPublic Wi-Fi is arguably one of the wonders of the digital age. While it was formerly just an idea in sci-fi novels and movies, we can now connect to the Internet in a vast majority of public spaces.

Practically every business or hangout spot in public comes with a built-in Wi-Fi network, allowing your phone or computer to stay connected with lightning-fast download speeds no matter where you are.

But although public Wi-Fi is incredibly convenient, it’s also very risky compared to traditionally secured Wi-Fi networks (like the kind you hopefully have at home). When you tally up all the dangers of public Wi-Fi, you might wonder whether it’s worth connecting at all.

Let’s break down the risks of public Wi-Fi and what you need to know if you want to protect your privacy on these unsecured networks.

What Exactly Counts as “Public” Wi-Fi?


Let’s be clear about what public Wi-Fi actually means. Public Wi-Fi isn’t just any Wi-Fi network that is unsecured (although this is also a bad idea for similar reasons). A public Wi-Fi network is one you can usually only access in “public” places – coffee shops, restaurants, hotels, and public parks all count.

They’re all supposed to let you access the Internet for free, although they come with several security risks, and logging into one of these networks may not be such a good idea.

The Risks of Public Wi-Fi


Using a public Wi-Fi network without taking proper precautions always comes with a series of risks.

“Man-in-the-Middle” Attacks

The vast majority of public Wi-Fi attacks are so-called “man-in-the-middle” assaults. In a nutshell, these attacks are carried out when a hacker or malicious actor steps in between you and whatever server you’re trying to access over the public Wi-Fi network. They act as the titular “man” in the middle and are able to capture both your traffic and any traffic from the server you’re trying to connect to.

man-in-the-middle-scheme

Basically, using a public Wi-Fi network still follows the same process as connecting to regular Internet servers and networks. Your computer connects to the Internet and tries to send data from point A (the computer) to point B (whatever server or website you want to access). Because many public Wi-Fi networks aren’t very secure, attackers can easily insert themselves in the middle of this exchange and take advantage.

As you might imagine, this would you open to plenty of dangers. For instance, hackers can use the information they get from being between you and the server you’re trying to access to:

  • steal your personal data
  • look at payment details or credit card information
  • manipulate data packages for their own purposes
  • and more

Snooping

Using a public Wi-Fi network also opens yourself up to network snooping. There are many ways that potential hackers could go about this attack, although many of them can do this surreptitiously through man-in-the-middle attacks anyway.

In short, snooping is any monitoring of your incoming and outgoing traffic. The hacker might monitor the traffic from a bunch of computers in a public Wi-Fi network, or they might target your computer specifically. For instance, some hackers hang out in coffee shops and look for business-dress-type people who might not secure their bank accounts or business accounts well enough.

This can cause havoc on a personal level and on a company level – it’s just another reason why, if you’re a business owner or manager, you should always pressure your employees not to use public Wi-Fi networks if at all possible.

The worst part is that hackers can download tools or use YouTube tutorials to quickly learn how to snoop on unsuspecting and unsecured traffic in a public Wi-Fi network. It’s ultimately very easy to do, so the barrier entry for anyone wanting to steal some credit card information is pretty low.

Malware Distribution

wifi-malwareSome of the most popular (by hackers, at least) attacks on personal computers and accounts over public Wi-Fi networks are malware distribution or injection attacks.

Some of them do this after noticing any unsecured computers over a public Wi-Fi network – in this case, such malware attacks follow typical injection procedures or methods (i.e. a virus implanted over the internet or an email sent to be opened by an unsuspecting computer user).

Check out some of the best secure email options in Australia.

On the other hand, many man-in-the-middle attackers will use their position between your computer and the service you want to access as a perfect injection point to put malware on your computer. If such a hacker uses certain types of software, they’ll be able to check the data coming in and out of your computer and manipulate it as well.

Basically, they can intercept the response a web server sends your computer before it actually reaches your device, then insert some malicious code that automatically runs as soon as the page opens on your screen. This style of malware injection is particularly difficult to detect, at least at first, and many people who are infected with malware this way won’t even know what’s happened until it’s far too late.

Hackers can also infect computers with malware using ad hoc attacks. These peer-to-peer networks will connect two computers directly.

So if a remote worker or public Wi-Fi user connects to a public Wi-Fi network, their device may automatically discover a new network and make it easy for a would-be hacker to directly connect their devices.

Password/Username Theft

password-theftUsing a public Wi-Fi network carries the inherent risk that your passwords and usernames for your accounts might be stolen.

This is related to the general lack of security in many public Wi-Fi networks – take care on this point since identity theft or account theft is a rampant problem in the entire world.

Rogue Wi-Fi Networks

This potential threat is a little less common than the others, but it’s definitely something you should be aware of. A rogue Wi-Fi network is essentially any Wi-Fi network set up by hackers beforehand to act as bait for unsuspecting were digitally illiterate users. It may be called something enticing like “Free Wi-Fi” or even “Wi-Fi for (insert coffee shop name) Users”.

The end result is that people log into this rogue Wi-Fi network, assuming it’s the legitimate public Wi-Fi network at wherever they’re hanging out, and accidentally give their data to a hacker or hacker group on a silver platter.

But Are You Really At Risk from Public Wi-Fi?


Many people who’ve been lucky enough to never suffer a serious malware attack or a case of identity theft ask whether the risk is actually high enough to bother with any form of protection. After all, if there are dozens of people in a single coffee shop, so what are the odds that their specific computer or device will be targeted by a hacker?

In our opinion, the odds don’t really matter. Any time you open yourself up to digital vulnerability, chances are you’ll pick up some malware or expose yourself to a hacker along the way. Even worse, it’s becoming easier and easier for hackers to infect or attack multiple devices at the same time to the use of bots and ever more sophisticated digital tools.

Thinking that you’ll blend in among the crowd and don’t have to worry about hackers targeting you is asking for trouble. Trust us; you don’t want to have to deal with the fallout of a serious malware attack or all your personal information being stolen.

Err on the side of caution and protect yourself as best as you can.

How to Protect Yourself From Public Wi-Fi


While using a public Wi-Fi network carries a bunch of risks, you can still use these networks if you take proper precautions. Let’s break down a few of the ways you can (more) safely use public Wi-Fi networks.

Never Provide Personal Information

stealing-personal-infoFirst and foremost, you should never share any sensitive or personally identifiable information over a public Wi-Fi network. This includes:

  • your full name
  • address
  • phone number
  • bank account information
  • Social Security number
  • passwords
  • any other identifying information you can think of

But wait, you might ask. Many coffee shops or other public Wi-Fi networks ask for your name and email address to even let you log on to the network in the first place. Does this mean you should forgo those public Wi-Fi networks entirely?

In our opinion: yes! Having the convenience of public Wi-Fi is not enough of a good thing that you should put your personal information like your email address or real name out for anyone to intercept.

Companies like coffee shops provide Wi-Fi networks as a convenience and so they can get your email address to inundate you with advertisements, anyway. Do you really want to add another email chain to your spam filter?

Turn Off Wi-Fi Auto-Connect Settings

Many people may understand the dangers of public Wi-Fi but might still and up suffering from computer or network vulnerability. This happens because many computers (especially new devices) come with Wi-Fi auto-connect or Bluetooth discoverability settings turned on by default. Basically, your computer may be set up to automatically connect to any Wi-Fi network that comes in the range, ostensibly for your convenience.

But this obviously opens up your personal information to theft, and it opens your computer to even worse malware attacks. Be sure to check your computer’s settings as soon as you get a new one, or if you haven’t already for your current device, and turn these settings off.

Any convenience they provide is far outweighed by the risk and dangers of public Wi-Fi.

Similarly, it’s a good idea to go into your settings and change your discovery settings. Many computers are automatically set to be “discovered” (i.e. detected by Wi-Fi networks or other devices) by any qualifying device within range. Make sure this is set to “off” or “discovered by: no one”.

Doing this makes it a lot harder for your device to be intercepted or discovered in the first place; a hacker could be sitting right across from you and his computer might still not be able to find yours if you tinker with this setting a bit.

Use a VPN

vpn-virtual-private-networkA VPN (or virtual private network) is essentially a tool that lets you secure your connection to another network across the Internet. Most people use VPNs to access various region-restricted websites or to download content that they might not be able to with an IP address in their native country. They can also help hide your IP address, in a way.

However, VPNs can also be useful for shielding your browsing activity from anyone who might be trying to snoop on your data in a public Wi-Fi network.

You can avoid public Wi-Fi entirely (recommended), but if you absolutely must connect to unsecured Wi-Fi networks, we’d heavily recommend using a VPN in conjunction with them.

This is especially true if you have employees that need to connect to the Internet on the go frequently. Have them use one of the best VPN services make it mandatory for them to connect to the VPN before beginning any personal or company business.

Use HTTPS Sites Only

https-and-httpYou (and/or your employees) should also try to only use sites that are SSL certified or otherwise begin with https. If you aren’t aware, an HTTPS site protects the traffic coming and going by encrypting it before sending it on its way.

Even better, it uses other security tools to verify that every step of communication is legitimate. It makes it much harder for hackers to perform man-in-the-middle attacks or otherwise get a hold of your personal data.

Any website that has HTTPS at the beginning of their address bar takes the security of their visitors seriously and is much safer to browse over public Wi-Fi than sites that begin with regular HTTP.

This being said, keep in mind that HTTPS encryption is far from foolproof, and it doesn’t necessarily mean that hackers won’t be able to get your data. Some hackers are able to change redirects from HTTPS to HTTP sites if they already are between you and any servers outside the public Wi-Fi network, for instance.

Don’t Access Sensitive Sites

If you don’t access a site that asks for this information, you probably won’t provide it voluntarily elsewhere, so it’s best just to stay away from things like your banking site while using public Wi-Fi. But take extra precaution and remember to never set up a new account, even for something as ostensibly risk-free as a fan forum or legitimate company website. Doing so may reveal any personal information you type into the server to a potential hacker.

For Companies, Use Two-Factor Authentication

If you or your employees need to access sensitive company websites on public networks, be sure that two-factor authentication is a standard across your organization. Two-factor authentication essentially means that two methods of identifying someone are needed to access sensitive information.

For instance, this might be both a password and a biometric thumbprint scanner built into a company laptop. With this example, even a hacker that could get the password of an employee couldn’t get into their company website without also having a matching thumbprint and scanner.

Have Up to Date Antivirus!

antivirus-programThis should go without saying, but we’ll repeat it for anyone who doesn’t already have it: get excellent antivirus and keep it up-to-date at all times! Antivirus is the first and last line of defense for your computer against any unwanted intruder or malware attack.

Quality antivirus programs can be purchased for reasonable prices or even grabbed for free depending on the provider.

Either way, antivirus comes with malware firewalls and the tools you might need to remove any viruses you pick up from an unsecured Wi-Fi network.

Similarly, make sure that your other software, like your operating system, is always up-to-date and any patches go through as soon as they come out. Many of these help your computer take advantage of public Wi-Fi security protocols that roll out and update all the time.

Using up-to-date software effectively isolates you from outdated hacker attacks.

So, Should You Use Public Wi-Fi?


It’s almost always a better idea to never use public Wi-Fi if you can avoid it. There are sometimes situations where you need to login to finish a bit of work or jump into a meeting with other company employees – we get that. Still, it’ll go a long way to limiting your vulnerability to the kinds of attacks described above by not opening yourself up to such intrusions in the first place.

Summary


All in all, public Wi-Fi is a very useful tool for many people, but it comes with serious security issues that are unlikely to ever be fully fixed due to its nature. It’s simply easier for hackers to get ahold of your personal information, or inject malware in your computer, through a public Wi-Fi network than it is a secured network.

Our advice is to stay away if possible. But if you must use public Wi-Fi, be sure to do so safely and responsibly by following the above advice and maintaining good digital safety practices.