Public Wi-Fi networks allow you to connect to the internet for free in many public places like coffee shops, airports and hotels. But while getting free internet access without having to use any data from your personal phone plan might look like a great idea on the surface, using public Wi-Fi comes with a number of significant risks, as these networks tend to have very little security — if any.
According to Europol’s Cybercrime Centre, packet sniffing is a cybercrime involving an attacker that “monitors and intercepts unencrypted data as it travels across an unprotected network.” Cybercriminals can do this by buying special software kits, allowing them to see everything you are doing online. They can view the webpages you have visited, the information you fill out while visiting said webpages and even capture your login credentials.
One of the most common threats when using a public Wi-Fi network is what is known as a Man-in-the-Middle attack. Similar to packet sniffing, a MitM attack is a form of eavesdropping. “When a computer makes a connection to the internet, data is sent from point A (computer) to point B (service/website), and vulnerabilities can allow an attacker to get in between these transmissions and ‘read’ them,” Norton explains. “What you thought was private no longer is.”
Another way cybercriminals can use public Wi-Fi to spy on you is via malicious hotspots that use legitimate network names to manipulate you to connect to them. For example, hackers near your hotel can set up their own Wi-Fi network with the same name as the hotel’s and boost the signal to ensure it is stronger than the legitimate one. Once you accidentally connect to the malicious hotspot, the attacker can then monitor everything you do online.
Unencrypted public Wi-Fi networks and software vulnerabilities can allow attackers to place malware on your computer without your knowledge. “A software vulnerability is a security hole or weakness found in an operating system or software program,” Norton says. “Hackers can exploit this weakness by writing code to target a specific vulnerability and then inject malware onto your device.”
According to Luke Bencie, managing director of Security Management International, malware distribution was one of the primary tools behind a sophisticated hacking campaign dubbed “Dark Hotel,” which targeted U.S. executives, government agencies, CEOs and other high-profile individuals as they traveled to Asia. As these individuals connected to their luxury hotel’s Wi-Fi networks and downloaded what they thought were regular software updates, their devices were infected with malware. “This malware could sit inactive and undetected for several months before being remotely accessed to obtain sensitive information on the device,” Bencie writes in a May 2017 article for the Harvard Business Review.
There are many ways to protect your information while using public Wi-Fi. The best one is to use a virtual private network, which will keep everything you do encrypted; but if that’s not an option, there are still recommended practices to minimize risk. For example, do not allow your Wi-Fi to auto-connect to networks, do not access websites that hold sensitive information like healthcare or financial accounts, do not log into a network that isn’t password protected, and do not leave your Wi-Fi or Bluetooth® enabled if you are not using them. Additionally, Bencie recommends setting up two-factor authentication so that “even if malicious individuals have the passwords to your bank, social media, or email, they won’t be able to log in.”
Even if you have to connect to a public Wi-Fi network, knowing the risks can help better prepare you against attacks. Nonetheless, you would be better off buying an unlimited data plan for your device to enable you to stop using public Wi-Fi altogether.