Widespread access to Wi-Fi is convenient and essential for our modern lifestyles, but it’s not as harmless as it may seem. Most people using public Wi-Fi networks are blissfully unaware of the risk they run of accidentally sharing secret, important, or sensitive information, which could cause a major problem in the hands of a skilled hacker. If you want to stay safe while using public Wi-Fi, you need to know what the potential threats are.
Here are some of the dangers public Wi-Fi might pose to users.
One of the most serious and common threats concerns theft of personal information. Personal information comes in many forms:
- Login credentials
- Financial information
- Personal data
- Pictures
If a hacker gets access to your computer or other personal devices through a compromised public Wi-Fi connection, they could have free rein over everything stored. For example, they might get access to your login credentials and log into your bank’s or credit card’s website. Once hackers obtained your details, they can log in to your personal pages and cause damage to your finances and reputation. If they don’t get full access to the data on your computer, they could still intercept information you are sending over the internet.
2. Unencrypted connections
When you connect to a website that supports encryption, the data that goes back and forth gets encrypted using a secure key. If someone were to intercept that data without the possession of the key, they wouldn’t be able to read it – the data would look like unreadable computer code. Not all websites offer encryption though. An encryption-free connection allows hackers to monitor all file sharing and traffic that is sent between the user and server on a public Wi-Fi network.
A well-positioned attacker can easily track the network users connected to the router of an unsecured network and inject malicious JavaScript into their devices. You can tell by the HTTP prefix stated before the domain name. If it starts with HTTPS, it is an encrypted site. If the web address just contains HTTP, it is not encrypted. When you are connected to a public Wi-Fi network, anyone within range of your computer can intercept everything you send or receive. If you are connected to an unencrypted website, it will all be fully readable.
3. Rogue networks (Man-in-the-middle attacks)
A rogue network or rogue access point is essentially a “back door” that has been installed on a network’s wired infrastructure without the administrator’s knowledge or consent. This type of security breach, which some refer to as a “man-in-the-middle attack”, disguises itself as a legitimate Wi-Fi connection to trick users into connecting to it.
For example, say you are staying in a SleepTight hotel for the night. The hotel offers free Wi-Fi to its guests so you power up your laptop, turn on Wi-Fi and see a network called “SleepTyte”. If you are not paying close enough attention, you might miss the slight misspelling. In fact, the SleepTyte network is actually someone in a room down the hall who has their own hotspot set up to lure unsuspecting guests.
When you connect to it, the internet works as expected so you would not think twice. But in reality, everything you do while on that connection goes through the hacker’s computer. Those “men-in-the-middle” could have access to all your login information, passwords and anything else you do while on that Wi-Fi connection.
4. Malware distribution
One of the major threats you can face on public Wi-Fi is the forced installation of malware – also known as malicious software – on user devices. This is the umbrella term for all code and apps written to harm devices or intercept information. Malware exists in many forms:
- Viruses
- Worms
- Trojan horses
- Ransomware
- Adware
Malware has the capability to wreak havoc and spy on the devices it infects. Hackers can infect the public Wi-Fi network, which then infiltrates the devices that connect to it. If someone on the same public WiFi as you has bad intentions, they could plant malware on your computer if it is not protected properly. A suspect Wi-Fi provider could use the hotspot itself to infect your computer with one or more of these threats.
It could be as simple as using the Wi-Fi network to place ads on every website you visit. The website itself does not run ads, but the Wi-Fi service can overlay them on top of other websites. In that case, the ads would normally disappear once you disconnect from the Wi-Fi and go back to your home or office connection. In more serious cases, they could install malware on your personal devices that would persist across all connections.
5. Cyber attacks on businesses
Business travellers and others who are on the road throughout the day may connect to public Wi-Fi to check their emails, download files, review customers’ information, and perform various other tasks that require a network connection. Most businesses have security measures in place to reduce the risk of connecting over Wi-Fi, but if you or your colleagues need to log into some sort of security tool to get access to the company’s network, there are still risks with using a public connection.
For instance, you never know what the Wi-Fi provider might track. A lot of public connections are free to use but that does not mean there is not a cost involved. The Wi-Fi provider might be tracking everything you do on the Wi-Fi connection and sell your data to advertisers. A good way to think about it is if you are not paying to use a service, someone else might be paying them for data about their users. You also cannot always assume you are connecting to a legitimate Wi-Fi service, which brings us to the next potential threat.
6. Packet sniffing (Network snooping or eavesdropping)
Anyone connected to the same Wi-Fi network as you can eavesdrop on what you send and receive using a tool called a packet analyzer or packet sniffer. These tools provide the possibility to view everything transmitted over the Wi-Fi network, provided it is not encrypted. These tools are not inherently bad. Like many tools, you can use them for good or bad purposes.
Packet sniffers let network administrators troubleshoot connection problems and other performance issues with their wireless networks (good). On the other hand, they also let hackers intercept other users’ information and steal anything of any value – whether it’s credit card information, passwords, or any number of other sensitive details (bad).
7. Session hijacking
Public Wi-Fi networks open the door to something called session hijacking, which consists of the exploitation of a legitimate web browsing session. In this case, an attacker intercepts information about your computer and its connection to websites or other services. Once the attacker has that information, he can configure his own computer to match yours and hijack the connection. For example, hackers could hijack your connection to your bank’s website after you log in. From the bank’s end of the connection, it would look like your computer and since you are already logged in, the attacker would have access to everything in your account.
Final thoughts
Walk into any coffee shop during the week and you will see patrons typing away on laptops at most of the tables. Many business people, students, and entrepreneurs treat these locations like a second office. Staff in those coffee shops will tell you, “What’s your WiFi password?” is one of the most common questions they get throughout the day. Hotel staff often share the same experience.
It is understandable that the convenience of using public Wi-Fi is sometimes hard to pass upon. Just like a coin with two sides, a free hotspot can bring both positive and negative impacts. However, the dangers of public WiFi should make you think twice about using them, at least for any type of sensitive information. Make sure to not let yourself get lured in.
