Why you should be wary of connecting to public wifi
There are several scams to be aware of when deciding whether or not to use the wifi on offer
That wifi network may look legitimate, but is it? Scammers may set up networks that look similar to a genuine network, grabbing your private data when you connect to the wrong network. Photograph: iStock
Most of us love a freebie, especially when it’s something useful. Take wifi, for example.
With our lives so hooked into our smartphones, tablets and online services, internet access has become just as important to our daily lives as light and heat, a utility in its own right. Increasing mobile coverage and unlimited data plans mean there are few instances where you would find yourself out of data coverage.
But venture into more rural areas or even outside the State, and you may find yourself cut off.
That’s where wifi hotspots come into their own. If you have ever been abroad, where roaming charges could result in an eye watering bill, and found a cafe or a hotel that offers wifi that is not only free but also open and password-free, you might have felt a little bit like you hit the jackpot.
Free wifi sounds like a great idea. But – and isn’t there always a but? – there are reasons why you should be wary of connecting to any old public network, and even more as to why you shouldn’t do any sensitive business over public networks you connect to regardless.
It’s not just computers that are at risk either; your tablet or smartphone could equally open you up to attack. Think about how much you do on your smartphone every day, and how much information your device collects. There are good reasons for wanting to keep it protected.
So what are the risks of using public wifi?
Transfer your confidential data over an insecure network and you may find it falls into the wrong hands, leaving you at risk of identity fraud, losing access to your online accounts or having your financial data stolen, or all of the above.
There are several scams to be aware of when deciding whether or not to use the wifi on offer. First up, fake hotspots.
That wifi network may look legitimate, but is it? Scammers may set up networks that look similar to a genuine network, grabbing your private data when you connect to the wrong network.
If in doubt, check with staff about their network’s identity, and if you can’t be sure, steer clear of using it.
There are also man-in-the-middle attacks to be wary of. This is when an attacker essentially eavesdrops on your internet traffic, quietly interrupting a data transfer while posing as a legitimate participant. Users may find themselves inadvertently transferring data to the attacker instead of their intended recipient.
There is also the ubiquitous problem of malware. Have you ever seen the notification that asks if you want to share files with other devices on the network? Pay close attention next time. If you allow file sharing between your device and others on the network, an attacker could exploit that to insert malware on to your machine.
And as we’ve seen in recent weeks, hackers only need one weak link to exploit and they hit the jackpot.
That’s all before you get into packet sniffing and session hijacking: there are good reasons to protect yourself. The questions is: how?
If you have been paying attention to technology in recent years, encryption is likely to be a familiar topic. This is what protects your data from unauthorised users, scrambling your network connection so people can’t just drop in and look at what you are doing online. Or at least, that is what it is meant to do.
Even if there is encryption on the wifi network, it may not be good enough; it depends on what encryption the network is using. The oldest and least secure form of encryption that you may come across in the wild is WEP, which is far easier to break than the standards that came after it.
WPA2-AES encryption is considered the best and most easily implemented option.
Since iOS14, Apple will now warn you if you are connected to a wireless network that has poor security or that needs its protection updated to something more robust. Some encryption may be better than none, but if you are using WEP on any network, it may be time to consider an upgrade to your equipment.
All those risks shouldn’t scare you off from using all wifi hotspots; it just means you should take a few precautions and be careful of what type of business you are conducting over the network.
Use a VPN
A virtual private network creates a sort of tunnel through the internet, giving you an encrypted connection no matter what wifi network you are using.
Not only can they help you hide your location – a handy way to get around geoblocks for certain services such as video streaming – they make it more difficult for users to be traced and also help keep your internet traffic safe from prying eyes. That means advertisers trying to build profiles of you as well as potential hackers who may try to intercept your communications.
VPNs aren’t difficult to get started with. Services such as Express VPN and TunnelBear have apps for your mobile devices that will allow you to turn on your encrypted connection quickly and easily, as well as desktop services to keep your laptop and personal computers safe. NordVPN is another good option for users that will earn its price tag.
Make sure you are connected to secure sites
If you are going to go online on a free, unsecured wifi hotspot, make sure the websites you are visiting are secure. Look for https in the address bar, which indicates data sent between a web server and a web browser is secure. It will give you some protection while on a public wifi hotspot.
Don’t reuse credentials
It’s evergreen advice from security professionals – reusing passwords is a bad idea. If you do get caught out by hackers while using insecure public wifi, reusing your passwords means you may have just handed hackers the keys to your online accounts.
Even the most inexperienced of hackers will be aware that people reuse passwords and log in details across multiple accounts, so using strong, unique passwords will cut off one avenue of attack.
If your accounts provide multi-factor authentication, enable it. That way, if someone manages to steal your password, they’ll still need another verification method to actually gain access to your important accounts.
Turn off sharing
As previously mentioned, file-sharing on a public network is a bad idea. It grants wireless access to folders on your computer, meaning anyone with access could access that data – or leave some of their own.
While file sharing may be useful on a private home or office network, it’s not a good one on a public network, so disable it when it’s not needed.
Windows 10 allows you to set profiles for wireless networks you connect to, designating them private for your trusted home or office network and public for all other networks. The latter automatically hides your computer and files from others on the network, so it can’t be used for file or printer sharing.
If you aren’t sure, open the Network and Internet settings, and look under the Network Sharing Centre.
Turn off automatic wifi connection
Regardless of whether you use a tablet, a laptop or a smartphone, switch off your device’s ability to automatically connect to wireless networks. Most of the networks you will connect to are genuine, but removing that auto connection will reduce the risk of accidentally logging on to a fake network impersonating a legitimate one.
It’s a minor inconvenience to have to manually select a network, but it is once that could keep you safe.
Update your protection
You may not be able to completely keep people out of your devices, but you can make it as difficult as possible for them. Keep your antivirus, anti-malware and firewall software up to date, and make sure that important security patches are installed.
Avoid doing sensitive business on free wifi
If in doubt, don’t conduct anything too sensitive on public wifi networks. You may have taken every precaution open to you, but nothing is 100 per cent sure. Your own mobile data connection – if that is an option open to you – is a more secure option, and one that is under your control.
The bottom line is, you can’t eliminate all risks. But if you really want to use public wifi hotspots, you can significantly reduce the risks by implementing a few security changes.