Sometimes, we find ourselves in a situation where we urgently need an internet connection, but we are not at home or work. We might want to do some online tasks, such as checking our email, browsing social media, or streaming our favorite show. However, what if the only available option is a public WiFi network that we are not familiar with? How can we use it safely without exposing our privacy and security?
This is a dilemma that many people face, even those who are experts in cybersecurity. Case in point, Blackhat, the world’s largest hacker conference held annually in Las Vegas, brings together thousands of cybersecurity professionals from all over the world. They attend the conference to learn about the latest cyber threats and solutions. But even these skilled professionals can fall victim to the hazards of public WiFi.
The event organizers have a playful way of exposing this vulnerability. They monitor the network traffic and display the names of those who have been tricked by a fake or compromised WiFi hotspot. This is the notorious “Wall of Sheep.”
The Wall of Sheep showcases the unfortunate consequences of network security negligence. The people on this wall are not willing participants, but careless attendees whose private data was captured and revealed to everyone.
These stories should serve as a stark warning to anyone who is concerned about the potential pitfalls of using public WiFi. Even the most experienced cybersecurity professionals can be vulnerable to unsecured networks.
MORE: 5 WAYS TO SECURELY ACCESS WIFI ON YOUR PHONE WHILE TRAVELING
Real-life examples of hackers’ victims at Blackhat
You may wonder what the big deal is about ending up on the Wall of Sheep, but it can be far worse. Some of the horror stories include:
The hotel hotspot trap
One attendee checked into a nearby hotel during Blackhat week and decided to catch up on work using the hotel’s open Wi-Fi network. Unbeknownst to them, a hacker had set up a rogue hotspot, mirroring the hotel’s official network. The hacker intercepted the attendee’s login credentials and gained access to sensitive work emails and confidential documents.
The overconfident developer
A seasoned developer known for his coding skills headed to Blackhat thinking he was invincible. He ignored warnings and connected to a rogue network named “SecureConferenceWiFi.” Confident in his skills, he used the same weak password for all his accounts. Little did he know that his email and social media accounts were compromised. This turned out to be an embarrassing leak of sensitive project data and personal conversations.
The crypto investor’s nightmare
There was also a crypto investor who attended to participate in discussions about blockchain technology. During the conference, he went to access his online wallet and entered his passphrase on an unsecured network. Within minutes, a hacker intercepted his credentials, and emptied his wallet, leaving him penniless and devastated.
MORE: HOW TO CHECK IF SOMEONE IS STEALING YOUR WIFI
You become sitting prey the moment you connect to a typical public WiFi hotspot
Unless you’re using a VPN service, even locked or secured public WiFi networks are not completely safe. Public WiFi hotspots are usually free or secured WiFi networks available in public spaces like shopping malls, libraries, coffee shops, airports, as well as hotels to name a few.
Scam hotspots historically are easily identified by generic names like “Free Wifi” to lure people to connect to their networks. Cybercriminals have gotten savvier by using similar names of popular legitimate hotspots. If you aren’t paying close attention, you will be the next victim.
Preventative tactics for avoiding bad public WiFi hotspots
- Most public WiFi hotspots in the US don’t require payment information, so that’s a red flag that a hacker might be trying to steal personal and financial information from you.
- Regardless of how it is named, most closed networks have a lock symbol indicating a WiFi network that is more secure with the password available for patrons or provided by the establishment.
- Usually, legitimate public networks have a prompt that shows up in your browser that asks you to agree to terms and conditions of use while on their network too.
- Pay attention to the website address you’re going to:
- Most websites, especially those with sensitive data, usually employ their own encryption techniques, so they will likely have HTTPS in the web address so you can always check your URL before logging in.
- For example: HTTPS://www.paypal.com not HTTP://www.paypal.com. Sometimes browsers autofill commonly visited sites, but you can then click on the web address bar at the top or bottom of your browser and read how the URL is actually showing up once you are directed there.
- Pay attention to the spelling of the website – there can be similar sites made to look like official sites. Could be ‘bannkofamerica’ instead of ‘bankofamerica.com’
- Most websites, especially those with sensitive data, usually employ their own encryption techniques, so they will likely have HTTPS in the web address so you can always check your URL before logging in.
Of course, you don’t have control over every scenario, and maybe using a public WiFi hotspot is your last but necessary resort, especially while traveling. With a secure VPN service, you connect to a public wifi network without much worry.
My top recommendation is ExpressVPN. It has a quick and easy setup, is available in 105 countries, and will not log your IP address, browsing history, traffic destination or metadata, or DNS queries.
Right now, you can get 3 extra months FREE with a 12-month ExpressVPN plan. That’s just $6.67 per month, a saving of 49%! Try 30 days risk-free.
MORE: CLEVER TRICK TO MAKE A CONNECTION FASTER ON YOUR WIFI NETWORK
5 common attacks to people using public WiFi
1) Evil Twin Attacks
Imagine being at your favorite coffee shop and connecting to what appears to be their free Wi-Fi network. When you begin to browse the web, you are completely unaware that you’ve fallen victim to an “Evil Twin Attack” as hackers have set up a malicious hotspot with the same name as a legitimate network. The attacker is now able to intercept data, steal your login credentials, and launch further attacks.
Solution
When you use a VPN service, it establishes a level of encryption between the end-user and a website regardless of what network you join, so any intercepted data cannot be read by the hacker without a correct decryption key.
2) Man-in-the-Middle Attacks (MITM)
“Man-in-the-Middle” attackers position themselves between your device and the intended server. Unbeknownst to you, this allows them to intercept all data traffic, including every email, chat message, or login attempt. Your sensitive data, private conversations, and financial transactions are now all available to them.
Solution
Because VPN services encrypt your data, even if hackers intercept your data, it isn’t accessible to them. VPN services work both for your personal computer and mobile devices, which means the protection of a VPN service can travel anywhere you go.
3) The ‘Packet Sniffing’ hack: (Software reads your data)
Whenever you connect to any network, your devices send data packets that can be read by free software, such as Wireshark. When you’re on an unencrypted network, hackers can use free software, such as Wireshark, to read those data packets. Ironically, with such software, you can analyze web traffic to find security problems and vulnerabilities that need to be fixed or exploited.
Solution
Even though hackers can still see that there are data packets being sent, if you’re using a VPN, your data is traveling through a secure and encrypted tunnel, protecting against exposure and use by hackers. Because your data is encrypted, it renders your information virtually useless to hackers. And because they can see that you’re connecting via a VPN service, hackers can see that you would be harder to hack.
4) The ‘Sidejacking’ Hack
When a hacker employs the sidejacking technique, they essentially take the information gleaned from packet sniffing to be used in real-time, usually on-location, to exploit its victim. Once intercepted, the data is then used to gain access to the original destination website or app.
The hacker uses packet sniffing to read network traffic and ‘steal cookies.’ Cookies are files that a website stores on your mobile phone, tablet, or computer as you browse the web. Cookies store a variety of information, from language preferences to personal data such as name, physical address, or email address.
This allows websites to customize your experience. Once hackers find nonsecure socket layer (SSL) cookies (just HTTP:// not HTTPS://), the information sent to the website or app by you is then captured. This allows the hacker to use what is captured to exploit private information and gain access to this and other sites.
Solution
Hackers scan web traffic to spot unencrypted or exploitably encrypted data, so having a secure VPN service most likely takes your data ‘out of the running’ for most hackers as they can see it is encrypted. And even if they do try, information going from and to your device is encrypted, so they will likely be unable to access the information itself.
5) Malware Infection
Public WiFi networks are often secured poorly or entirely unsecured. This allows cybercriminals with the ability to infect your device with various forms of malicious software including spyware and ransomware. Once infected, your data is at risk of theft or encryption. Your device can also be turned into a puppet for remote control.
Solution
If you forget to turn on your VPN service, while out and about. you might panic at the thought of all the potential compromises outlined above. If, however, you’re running an antivirus program, in the background of your device, you’d still be protected should a hacker infiltrate your device. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices allowing hackers to gain access to your personal information.
Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
Find my review of Best Antivirus Protection here
Kurt’s key takeaways
Understanding the risks and taking precautions while using public Wi-Fi can protect you and your data. Keep in mind that using your cell phone and its data network should be your preference if a login is required or if you will be sharing personal or financial data. Remember that unless you are in Las Vegas at Blackhat, you won’t find yourself on a “Wall of Sheep,” but it could be something much worse.
Have you ever encountered a risky situation while using public WiFi? If so, how did you handle it? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🛍️ SHOPPING GUIDES:
KIDS | MEN | WOMEN | TEENS | PETS |
FOR THOSE WHO LOVE:
COOKING | COFFEE | TOOLS | TRAVEL | WINE |
DEVICES:
LAPTOPS | TABLETS | PRINTERS | DESKTOPS | MONITORS | EARBUDS | HEADPHONES | KINDLES | SOUNDBARS | KINDLES | DRONES |
ACCESSORIES:
CAR | KITCHEN | LAPTOP | KEYBOARDS | PHONE | TRAVEL | KEEP IT COZY |
PERSONAL GIFTS:
PHOTOBOOKS | DIGITAL PHOTO FRAMES |
SECURITY
ANTIVIRUS | VPN | SECURE EMAIL |
CAN'T GO WRONG WITH THESE:
2 comments
Im so new at this. Am I compromising myself if I check the balance of my bank account outside a Trader Joe’s after a long day of spending?
Checking your bank account balance in a public place like outside a Trader Joe’s is generally safe, but you should be sure to ise a secure network. Avoid using public Wi-Fi networks to access sensitive information. These networks can be insecure and could potentially be monitored by malicious actors. Instead, use your mobile data or a VPN.