Get CactusVPN for $3.5/mo!
In case you’d like to learn more about that, we’ve got you covered. Here’s how to protect yourself on public WiFi from the most common threats:
Not really. There are actually a lot of cyber threats that await people who use public WiFi without taking proper security measures. And, unfortunately, it seems that even though most people know about that, they still choose to use public WiFi. According to research, approximately 81% of online users do that.
What kind of threats are we talking about? Well, here are the most common ones:
If you’re not familiar with MITM attacks, it’s when a cybercriminal manages to position themselves between two networks or devices that are communicating with each other. In the case of public WiFi, a hacker would position himself/herself between your device and the WiFi network you’re connecting to, or the websites you access while using public WiFi.
Unfortunately, since public WiFi is often not properly secured or just has various vulnerabilities, cybercriminals can abuse that to set up MITM attacks – and you won’t even be aware of that. If a MITM attack is successful, a hacker could easily monitor any traffic and data that is shared between your device and the network, meaning they can easily steal your email login credentials, social media account details, or even credit card numbers.
Depending on how secure a public WiFi network is, a MITM attack could even be performed in around 15 minutes!
Your device isn’t guaranteed to be infected with a malware or virus if you connect to a public WiFi network, but there is always a risk that might happen. After all, it’s not too hard for a hacker to expose a public network to a malware or virus – especially if the security is pretty lax.
In fact, a cybercriminal might not even have to worry about WiFi security. They could just send phishing messages to the staff working at the place offering free WiFi, and trick them into infecting the network with malicious links and attachments.
If that happens, any device that connects to the network becomes exposed to malware and viruses. Simply put, your device can quickly become infected with spyware, ransomware, adware, keyloggers, trojans, or worms – just to name a few examples. The results are obvious – your device’s integrity becomes damaged, and you lose valuable personal and financial data.
One of the main reasons people love public WiFi so much (the fact that it’s usually free to access) is also its main downside. Since no password is normally required to access public WiFi, that also means no encryption is used on the network.
And if encryption is used, it can often be the wrong type – like WEP or WPA, which are easy to crack. In fact it seems that approximately 24.7% of WiFi networks don’t use any encryption, or just use outdated security. And those are statistics from 2016, so the number of unsecured networks has likely only gone up since then. In fact, around 34.8% of WiFi networks don’t use WPA2 encryption right now.
Considering that the total number of public WiFi networks is expected to reach 432 million by 2020, these stats show that anywhere between 106 million and 150 million networks won’t use any reliable encryption.
Why is that so concerning? Because if a public WiFi network doesn’t use reliable encryption, a hacker could easily eavesdrop on user connections. That means they can easily see everything you do while connected to the network, and steal sensitive data like login credentials, personal messages, and bank account/credit card details.
Since WiFi networks are so widely available, and many people don’t even think twice about connecting to them, a crafty cybercriminal could easily set up a fake public WiFi network that imitates a legit one.
For example, they can set up a network that imitates (with a few subtle misspellings) the name of an airport, restaurant, or hotel WiFi network. People who aren’t careful enough can end up connecting to the fake hotspot by accident, and they might even be more tempted to do it if they see that no password is needed.
If that happens, the cybercriminal who runs the fake network can log everything the user does on the Internet – from what they type in to messaging apps to what passwords they use to access various accounts.
And the worst part? Setting up a fake WiFi network or access point isn’t even that difficult.
While the name might sound amusing, the practice isn’t. Essentially, packet sniffing involves hackers analyzing data packets that are sent over unencrypted networks, and trying to see what data they contain. For instance, a cybercriminal could manage to find out what your social media password is by analyzing the right packet.
If that’s not scary enough, you should also know that there are free tools that let people do things like that. Wireshark is just one example, and you can even find how-to guides showing you how to use the tool to “sniff” unencrypted network traffic.
Sometimes, public WiFi threats don’t even need to be high-tech. Some criminals are so crafty they can get a glimpse of your password, username, bank account PIN, or credit card number by just looking over your shoulder – it’s as simple as that.
That’s the kind of thing that can happen in very crowded places – especially in an airport when you are checking your email, bank account, or social media account on your mobile device while waiting in line. People who do this are hoping you’re distracted enough by your screen so that you don’t notice them.
File-sharing is convenient, but it’s very risky if you do it outside of your home – especially on an unsecured public WiFi network. Leaving the fact that you might get in trouble with the WiFi network owner depending on how legal file-sharing is in your country, a hacker could also abuse the fact that file-sharing is enabled, and expose your device to malware infections.
Even if you’re using legit file-sharing that’s not a legal issue (like Dropbox, iCloud, or Google Drive), it can still be a huge risk on public WiFi. Why? Because the wrong people may have access to the files you share if they’re connected to the same network, and the network’s security is very lax. In that situations, anything from vacation photos to client invoices and spreadsheets can easily get stolen by cybercriminals.
And, once more, a hacker can use malicious files to infect your devices that way too. They just create a shared folder full of malware and viruses, and wait for you to accidentally interact with it.
Sidejacking (also called session jacking) is not that common, but it can be very dangerous. Essentially, cybercriminals rely on packet sniffing to target data packets that contain cookies.
What’s so special about that? Well, hackers will usually target cookies associated with the login process for various online platforms. For instance, they could intercept the cookies that are sent to your device when you log into Twitter. Using them, they can pose as you, and log into your Twitter account since the platform will think it’s you.
One of the best ways to boost your public WiFi security is to make sure all the devices you use to connect to a public network have antimalware/antivirus software installed on them. Don’t worry about the different names – both types of software do the same thing. Don’t forget – a virus is a type of malware.
Since it can be easy to become exposed to malware and virus infections if you’re using an unsecured network that’s also infected, it’s paramount to make sure you have a way to protect yourself from such threats. Essentially, antivirus/antimalware solutions can easily stop a malicious threat from infecting your device.
There are plenty of antivirus/antimalware software providers to choose from, but our recommendations are Malwarebytes and ESET.
Oh, and be sure to keep your security program up-to-date all the time. It’s the only way it can keep up with the latest malware threats.
Using an unencrypted public WiFi network is like asking to become the victim of a cyber attack, so make sure you only connect to encrypted hotspots. As a general rule of thumb, if a network requires a password for you to connect to it, it’s encrypted.
You should also ask the people responsible for maintaining the network what encryption they are using. If that’s not possible, you can just try inspecting the WiFi network by tapping or clicking on it, and checking its configuration.
If the encryption is WEP or WPA, don’t bother with the network since it’s not secure. WPA2 is the only security standard you should trust for now.
However, we do need to mention one thing – WPA2 isn’t 100% reliable. While it is pretty secure, it does have one weakness – the KRACK cyber attack.
“But some time has passed since that issue was discovered, so it was patched, right?”
Not really. While some fixes were applied, an updated version of the KRACK attack soon followed them. So, for the moment, WPA2 still has vulnerabilities.
“At least the people behind the KRACK attack are ethical hackers.”
That’s true, but their research is available on the web for anyone to read. Therefore, real cybercriminals can use that info to run their own versions of the KRACK attacks if they want to. Luckily, WPA3 will fix that problem but it’ll take a few years until it becomes fully deployed.
So, how to protect yourself on public WiFi then if even encrypted networks aren’t really secure? Well, our next piece of advice will be covering that.
If you really have to use a public WiFi network, then having a VPN installed and running on your device is a must. If you’re not familiar with VPNs, they are online services that hide your IP address, and encrypt your online traffic. In this case, it’s the second part you should be interested in. Why? Because VPN encryption can ensure that hackers can’t monitor your online communications – not even on unsecured public WiFi!
Basically, if cybercriminals try to see what you are doing on the web by analyzing your traffic they’ll only see gibberish.
And here’s the best part – a VPN’s encryption will keep your data and traffic safe even if a WPA2-secured public WiFi is breached by hackers. Naturally, having antivirus/antimalware software installed will help keep your device secured too.
CactusVPN is just the solution you need. Our high-end VPN service offers military-grade encryption (AES) that will make sure no cybercriminals are keeping tabs on what you do on public WiFi. What’s more, we also offer access to strong VPN protocols (SoftEther, IKEv2, SSTP, OpenVPN) to boost your security even more.
On top of that, you get to enjoy other security perks, like: DNS leak protection, a Kill Switch, a no-log policy. We also throw in high-speed connections and unlimited bandwidth.
And once you do become a CactusVPN customer, we’ll still have your back with a 30-day money-back guarantee.
If you really want to learn how to protect yourself on public WiFi, you need to take care of offline threats too. And one of the best ways to combat shoulder surfing is to use a privacy screen – a panel placed on your device’s screen to limit how much people can see from different angles. It’s easy to use, and it’s the perfect way to protect your privacy – especially when using WiFi in public, crowded areas.
Plus, a privacy screen will also protect your device’s screen from damage, as well as your eyes from blue light and monitor glare.
Some decent privacy screen options include:
And while we’re on the topic of shoulder surfing, here are other things you can do to prevent it:
Since you now know how risky file-sharing can be if it’s enabled on public WiFi, it’s best to just disable it on your device when you leave your home. Make sure you don’t just do that on your mobile devices, but on your laptop as well.
Still, if you – for any reason – need to have file-sharing enabled, make sure to use an antivirus/antimalware solution alongside a reliable VPN on your device. At least you’ll be protected from malware infections, and your traffic will be encrypted this way.
Signing up on a new platform while using public WiFi might not seem like something that’s dangerous to do, but it really is. After all, you’ll be sharing quite a lot of personal details over an unsecured WiFi connection – like your email address, mobile number, physical or work address, full name, etc.
That’s the kind of data cybercriminals love to harvest so that they can use in phishing attacks and other scams, or just sell off on the deep web.
As for risky actions, we’re referring to stuff like:
Basically, anything that could leak personal and financial information which a cybercriminal could monitor and steal.
Still, you should know that if you use a VPN, you can safely do any of the above since all the data will be encrypted.
As tempting as it is to keep your WiFi enabled on your device while you’re out and about, it’s better if you don’t do that. Why? Because your device might accidentally connect to a fake WiFi network that’s run by a cybercriminal.
How? Well, it’s pretty simple – when you connect to a WiFi network, disconnect, and then leave, your device will memorize said network’s SSID (WiFi network name) so that it can automatically reconnect to it when you reach its WiFi signal again. The problem is that even if you are out of that network’s range, your device will continue broadcasting a signal that pretty much asks nearby WiFi networks if they have the same SSID as the network you previously used.
If a cybercriminal sets up a fake WiFi network that imitates that network’s SSID, your device will be tricked into connecting to it. If you happen to do any online banking, check your email, or browse social media while connected to the malicious network, all your traffic and data can be monitored and stolen.
“Okay but something like that is hard to set up for a hacker, right?”
Not really – there’s actually a device called the WiFi Pineapple that can allow cybercriminals to perform such attacks. Worst of all – it’s available for as little as $200. The tool is normally used by people who are paid by companies to attack their own networks to find vulnerabilities, but hackers can use them too for their own nefarious purposes.
Basically, the WiFi Pineapple can easily scan broadcasted public WiFi SSIDs, and then rebroadcast them as if they were its own SSIDs. So, your device can accidentally connect to a cybercriminal’s network if such a device is used.
That’s why you need to disable WiFi after disconnecting from a network. To be even safer, make sure your device “forgets” WiFi networks. Here’s how to do it on most platforms:
Before you connect to a public WiFi network, look at the name closely. If it’s a misspelled version of the name of the place you are at, there’s a chance it’s fake. For example, if you’re at Starbucks, and the WiFi network is called “$tarbucks” or “Starbuks.” To be certain you’re accessing the right network, we recommend asking the staff before connecting.
In case you want to test the network to see if it’s fake (not something we recommend doing), you can try the following:
This advice isn’t exactly related to staying safe while you’re using public WiFi, but it’s nonetheless important. Basically, if you’re really interested in how to protect yourself on public WiFi, one of the best things you can do is not use it at all. Instead, you should consider using your mobile data plan – especially for online banking or checking your email.
That’s why we recommend getting a big or unlimited plan. It’s worth the money, and you’ll be glad to have it when you’re taking a long train or bus ride, and want to surf the web to pass the time.
Firewalls can be annoying at times, but they’re a “necessary evil” on public WiFi. They can prevent unauthorized external access to your device, and can even protect you from some types of data-based malware.
Keep in mind that firewall on its own won’t provide top-notch protection. But if you use it alongside a powerful antivirus/antimalware program and VPN software, you’ll get more than decent public WiFi security.
If you somehow end up using an unencrypted WiFi network, you can add a small but rather useful layer of security by only browsing HTTPS websites. While hackers would be able to see you doing that, they normally (emphasis on “normally”) shouldn’t be able to monitor what you do on those platforms.
So, always make sure you’re connected to a website whose URL starts with “https” instead of “http.” Of course, if a cybercriminal manages to spoof an HTTPS website, the extra security won’t help you too much.
Securing your device is a great start, but you also need to make sure your browser is safe from cyber attacks too. One good way to do that is to use privacy-oriented extensions like Disconnect, which can easily protect you from threats like clickjacking and session hijacking.
Besides Disconnect, you should also install script blockers like uMatrix and uBlock Origin. They’re very helpful if you end up on a shady or malicious website because they prevent malware-infected scripts from starting up in the background.
Also, Stanford’s anti-phishing extensions might prove very useful in protecting yourself from phishing websites and messages on public WiFi – and in general, for that matter.
Public WiFi security is pretty iffy – especially since many hotspots don’t even use any encryption to protect your online communications. Even the networks that use encryption can often be exposed to all sorts of cybersecurity threats and malware infections.
Luckily, there are ways to keep yourself safe on public WiFi: