I am guessing everyone at some point has connected their smart phone or laptop to a Free WiFi service in a coffee shop or a hotel and especially when travelling abroad where cellular data is prohibitively expensive?
Free WiFi is everywhere these days, and is often a deciding factor whether or not to go into a coffee shop. We often get really annoyed when it isn’t there or we have to pay for it. However, did you also know that when you are connecting to public WiFi, you are more than likely not protected by encryption and your privacy and security may be at risk. Information is collected by the access point you are connecting to and if you provide an email address or phone number to connect then you are open to being spammed by whoever the service provider sells your information to.
You have to ask yourself ‘if you are not paying for the service, how does it get paid for?’ If you are not paying for the product, you and any information you share are likely the product.
Hackers often use free WiFi to eavesdrop on unsuspecting users and it is important to understand what you may be letting yourself in for. There are a number of possible cyber attacks that can be executed when you connect to an open WiFi, including:
- Man-in-the-Middle Attacks
- Malicious hotspots
- Snooping on your activity
- Extracting information transmitted over unencrypted services (e.g. email) or over unencrypted http connections (https is encrypted).
The hacker doesn’t even have to be connected to the WiFi network, since he can use hacking programs to capture the traffic that is freely transmitted over the WiFi connection.
What you need to understand is that when you connect to a WiFi network, you are connecting over a radio link and these signals go everywhere, not just to the WiFi network you are connecting to. They can even go outside of the coffee shop you are sitting in and a hacker could be in a parked car across the street from where you are sitting.
What can I do to protect myself?
If you have a good cellular connection, then use that. Most smartphones have a means to connect your laptop to a hotspot provided by the phone, and if your provider lets you (you may need to pay for a monthly tariff), then this is a safer way to connect while on the go.
If you must use a public WiFi, take the following precautions:
- If you can connect to an encrypted WiFi network, but be warned that most free WiFi is not encrypted
- Make sure you always connect over a HTTPS connection when browsing the internet – this is encrypted
- If you use an instant messenger, make sure it is end-to-end encrypted; services like WhatsApp, Facebook Messenger, Skype, Telegram are encrypted, but make sure yours is
- Don’t use email unless you access it via a web browser over an https connection, use an encrypted email app or encrypt the email at source
- Don’t enter any personally identifiable information, e.g. your email address, phone number, home address, financial information
- Don’t access your bank account or credit card apps/websites while connected to Free WiFi
- Do not auto-connect to a public WiFi network
- Turn off your device WiFi and Bluetooth when not in use as your devices WiFi radio will be pinging off every public WiFi network in the high street.
You can also connect to a free WiFi network using a Virtual Private Network (VPN), which provides a secure link to your VPN provider and encrypts everything. However, be careful when selecting your VPN as a lot of free VPN’s are as bad as not having one in the first place. The premium services (e.g. Express VPN, NordVPN) are the best as they guarantee privacy, but a lot of the free ones do not. If you have an Android phone, you can also use Orbot which provides a connection to the TOR network. However, even with a VPN some information can be extracted, so best to take precautions as mentioned above.
If you are connecting your Windows PC to a free WiFi network, make sure you identify the connection as a Public network when you connect. This will ensure Windows does not transmit system information. This is normally not an issue for a smartphone as nothing gets exported (e.g. file shares, media streams).
Another piece of advice is to make sure your device is fully updated to the latest version of the operating system, any security patches are always applied and you have the latest version of any apps you use.
Other resources you can look at on this site:
- Our blog on Protecting your Online Privacy
- Our Glossary of Cyber Security Terms
- Our blog on Precautions to take when Travelling
- Our blog on Guidance on Effective Use of Passwords.