Enjoy going for a drink at your local coffee store whilst getting some work done or browsing the web? With more and more cafes, bars and libraries these days resembling public workspaces and free Wi-Fi feeling like an essential part of daily life, it is very easy to go to a local café and feel at home.
But are public Wi-fi hotspots really safe places to browse the Internet or do we have to be on high alert anytime we’re online in a public place?
Let’s have a look at some of the dangers one faces when connecting to a public network:
It’s easy to take for granted that a venue’s network actually belongs to that specific venue.
How many times have you sat down at a cafe and connected to the venue’s network at the click of a button? It’s this simplicity that hackers take advantage of when creating a malicious access point.
It’s very easy for an attacker to create a fake page that looks very much like the real thing. For example, when you sign up to the network you may be redirected to a Facebook sign in page. This could potentially be a fake, and entering your details would send them straight to the cyber attacker.
Luckily there are small indicators that can help us, on most occasions, to know if a page is definitely a fake.
Facebook for example, encrypts all data sent to its pages by connecting its users via SSL.
If any page that typically connects through SSL doesn’t show a padlock next to the page address it’s best not to give personal details!
In an open network it is very easy for an attacker to capture the data traffic sent from your device. In fact, there are free easy to use apps, called “sniffing apps”, dedicated to this very purpose.
Although the common WPA2 routers do encrypt connections, these apps are capable of sniffing out the PSK (password). If an attacker does this they can then decrypt all traffic connected from a device to the network.
These risks have actually led police in Derbyshire in the UK to release a statement this month on the growing dangers of cyber crime:
“The UK now has more than 300,000 public Wi-Fi hotspots, which means more people than ever before are potential targets for cyber criminals, simply because they don’t know how secure the networks they’re using are.”
Third-Party Data Gathering
Sadly, even when you’re connected to a venue’s actual network you have no guarantee of privacy. In fact, venues often use their public Wi-fi hotspots to gather information about consumers.
Though third-party data gathering isn’t likely to end up with your passwords or your identity being stolen, your personal details are often being taken without your consent.
Whilst most venues directly ask a customer for an email address or number in order to access their Wi-fi, some go the extra mile of injecting cookies into your device’s network in order to track your browser history, typically resulting in an onslaught of targeted ads.
A great way to protect yourself against these attacks as well as against sniffing apps is to use a VPN (Virtual Private Network) service. This will ensure that all data traffic from your device is encrypted, whether the page you’re visiting is secure or not.
Another step that can be taken is to use a personal mobile broadband dongle, which, though slower, can be used in public spaces and is less likely to be compromised.
The best bet always, however, is simply to avoid sharing personal information, especially bank details, when on a public network. Stick to that principal rule and you should be ok.