Public Wi‑Fi security: Your questions answered

We look at the five top questions you should be asking before connecting to public Wi-Fi - while convenient, there are risks.

We look at the five top questions you should be asking before connecting to public Wi-Fi – while convenient, there are risks.

There are expected to be 350 million Wi-Fi hotspots around the world by 2018. While this brings with it a high level of convenience, there are significant security risks as well. With that in mind, we look at the five top questions you should be asking before connecting to public Wi-Fi.

How does Wi-Fi work?

The term Wi-Fi is short for ‘Wireless Fidelity’. It was coined by the trade body Wi-Fi Alliance, which certifies products as conforming to their standards and interoperability. This means that no matter what brand of router, access point or wireless card you’re using, they will all usually ‘play nice’ and work with one other.

Wi-Fi creates a localized network so that devices within this area can access broadband internet. Wi-Fi makes use of radio waves to transmit information across a network, much like TVs and mobile phones, and from your device to the router.

A Wi-Fi hotspot, meanwhile, is simply a public place where you can connect your computer or handheld device wirelessly to the internet.

What are the security risks?

Cybercriminals often target public Wi-Fi users because, quite often, these networks tend to be open (low hanging fruit) – they are therefore easy to exploit.

For example, an attacker may look to carry out a man-in-the-middle attack, putting themselves between the user and supplier by intercepting data sent in transit from the device to the open public Wi-Fi hotspot.

They may also create their own rogue network, sporting an ordinary name like ‘Free Wi-Fi’. The hope is that unsuspecting users will connect to it, or launch a brute force attack on the password of a genuine hotspot.

Once they have compromised that web connection, there are a number of devious ways to develop the attack. Some cybercriminals will direct users to malicious websites for drive-by-download malware attacks, while others could look to create spoofed banking login pages to capture sensitive information entered onto that page.

All of the above highlights the important of making sure you are logging into an authentic, secure and trusted network, whilst also making sure your own security is in good order.

What should I not send over public Wi-Fi?

Some online activities shouldn’t be done through public Wi-Fi – instead, they should be carried out at home, which tends to be a safer and securer environment (so long as you are following best practice).

Most of all, you should avoid carrying out banking transactions, logging into social media sites or carrying out other sensitive activities over open and unsecure Wi-Fi, especially if you’ve got no additional security in place like VPN or two-factor authentication (2FA).

This is because attackers could be looking at your accounts and, unbeknownst to you, stealing your credentials and details as you go about your business.

What can I do or use to be safer?

You should always start by ensuring you’ve done the basics on your computer, such as keeping the operating system and all software up-to-date and installing a security software solution. After that, it’s worth looking at using virtual private networks (VPNs), password managers and 2FA for safer browsing and password management.

VPNs are useful because they encrypt your web connection from end-to-end, making it harder for cybercriminals to intercept, while 2FA makes password guessing almost impossible for attackers to infiltrate.

Further, make sure your laptop, tablet or smartphone is set to manually select any Wi-Fi network (rather than automatically connecting); try and use HTTPS websites to encrypt the web connection from end-to-end where possible; and log out from public Wi-Fi when not in use.

What should I look out for when connecting to public Wi-Fi?

You should always look to connect to hotspots that are secure – either via password or online login – and that the Wi-Fi in question is managed by a trusted supplier (in this case, it is always worth asking the venue for the login details).

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center