Sign up to our newsletter
It’s often one of the first questions that now comes to mind when eating out, boarding a train or checking into a hotel: “Do you have Wi-Fi and is it free?” Nine times out 10, the answer to both parts of the question will be a very welcome “yes”.
While we wouldn’t necessarily be lost without it in public and non-domestic settings – we can use our own, paid for data – we nevertheless expect Wi-Fi to be available in most places. It’s a sign of how times have changed in the 21st century.
However, in the rush for convenience, we seem to have overlooked security when it comes to public Wi-Fi. And, as this feature investigates, there are plenty of dangers to be wary of.
The importance of the internet to how we live
Not many people will disagree with the idea that the internet in growing in importance in our everyday lives. From communicating with one another to organizing busy schedules or doing business, a lot of activity is now done via the world wide web.
In fact, the availability of wireless connectivity is changing the way we behave and the decisions we make, with studies showing that people are more likely to spend time and money at venues that offer Wi Fi. For example, one study from UK hotel chain Amba Hotels revealed that most customers believe free Wi-Fi is the most important factor when choosing a hotel, more so than price or bed comfort.
Not knowing the risks that come with public Wi-Fi
For all its benefits, there are certain shortfalls with free and public Wi-Fi. This is especially the case when it comes to online privacy and security. Experts have long since warned of connecting to hotspots which could be spoofed, while researchers have shown countless proof-of-concept (POC) hacks on how they can steal data from unsuspecting victims sipping on their cappuccinos. Earlier this year, even a seven-year-old managed to hack public Wi-Fi in just ten minutes.“95% of public Wi-Fi hotspots are not encrypted … ideal for cybercriminals.”
And yet, as AARP’s recent Fraud Watch Network report found, most adults who surf online are largely unaware of the potential risks of using public Wi-Fi. A quarter of the 800 respondents surveyed, who access free public Wi-Fi at least weekly, were found to be “clueless about the potential risks”, with nearly half “flunking” a simple seven-question quiz on online and wireless security.
This security naivety is important considering the same study found that up to 95 percent of public Wi-Fi hotspots are not encrypted, meaning an attacker could potentially eavesdrop and steal data. This is particularly worrying for the 27 percent of respondents who said they use public Wi-Fi for online banking and shopping, with most also admitting to not monitoring their bank accounts for fraudulent activity.
The dangers of public Wi-Fi are not to be underestimated
The security dangers around free Wi-Fi are very real, with concerns typically around how unsecure hotspots could allow attackers to harvest personal details or provide them with the opportunity to infect users with malware in so-called man-in-the-middle (MiTM) attacks. Last year, for example, even the European Parliament was forced to shut down its public Wi-Fi network for a short time after it found it was being used to launch similar attacks.
One of the biggest threats to users of public Wi-Fi are cybercriminals positioning themselves between the user and the connection point. This means that all your personal details are accessed first via the attacker – like credit card details, emails and even security credentials – before the service provider picks them up or the website receives the information.
A common attack like this sees hackers create a fake Wi-Fi hotspot through the use of easily purchasable kits like the Wi-Fi Pineapple. Through hacking such a device, attackers can change the hotspot name to ‘Free Wi-Fi’ and wait for people to connect to it to get online. However, by doing this, cybercriminals can also monitor and steal their web traffic.
Attackers can also use an unsecure Wi-Fi connection to distribute malware. For example, if you allow file-sharing on your computer – and it is recommended that you turn this off when on public Wi-Fi – an attacker may find an opening to plant malware on your system. A good recent example of this is the Chameleon malware, which attempts to infect access points, like wireless routers, and then uses wireless connectivity to spread further damage.
Some cybercriminals can even hack the connection point itself, causing a pop-up window to appear during the connection process. This will typically offer an upgrade to a popular software, but it is a trick – clicking the window installs the malware. Needless to say, this highlights the importance of doing software updates in a secure environment that is protected by passwords, antivirus and a firewall.
Attitudes need to change to get the most out of public Wi-Fi
This feature has demonstrated that public Wi-Fi, while certainly useful and increasingly available, has numerous pitfalls. On its own, it poses significant security and privacy concerns for users, but in combination with a lack of understanding about the risks, the threats are markedly amplified.
It is clear that more needs to be done to make users of public Wi-Fi aware of the dangers involved and to encourage best practice among those who use it to ensure that the advantages of accessing the service are not outweighed by the negatives. As a start, check out these top 10 tips – you’ll certainly be a lot more secure after reading this than simply logging in without a second thought about how safe the connection is.
Author Editor, ESET