Is public WiFi safe?

The scenario is common.  The innocent moment when you are on the go and tapping into a wireless network.  You check your social media accounts, get some email, browse a few websites.   What many people don’t know is that public wifi networks are breeding grounds for trouble.

Hackers prey on people tapping into wifi networks in public places and quietly attack.   Only later do you discover that a compromised phone is in your hand – and potentially major aspects of your digital life and security are also hacked.

While the need to stay connected, especially while traveling, is high, the risk of being hacked when connecting on public wifi is even greater.

The benefits of using a Virtual Private Network (VPN) when traveling is covered in Top 6 reasons why you need a VPN when you travel. Below are the top 4 ways you can get hacked using public wifi and how getting your hands on a VPN can protect you in these scenarios.

 

Is it safe to log into a public WiFi hotspot?

You become sitting prey the moment you connect to a typical public wifi hotspot.  Unless you’re using a VPN service, even locked or secured public wifi networks are not completely safe.  Public wifi hotspots are usually free or secured wifi networks available in public spaces like shopping malls, libraries, coffee shops, airports, as well as hotels to name a few.

Scam hotspots historically are easily identified by generic names like “Free Wifi” to lure people to connect to their networks.  Cybercriminals have gotten savvier by using similar names of popular legitimate hotspots.  If you aren’t paying close attention, you will be the next victim.

Below are some preventative tactics for avoiding bad public wifi hotspots in general.

  • Most public wifi hotspots in the US don’t require payment information so that’s a red flag that a hacker might be trying to steal personal and financial information from you.
  • Regardless of how it is named, most closed networks have a lock symbol indicating a wifi network that is more secure with the password available for patrons or provided by the establishment.
  • Usually, legitimate public networks have a prompt that shows up in your browser that asks you to agree to terms and conditions of use while on their network too.
  • Pay attention to the website address you’re going to:
    • Most websites, especially those with sensitive data, usually employ their own encryption techniques so they will likely have HTTPS in the web address so you can always check your URL before logging in.
      • For example: HTTPS://www.paypal.com not HTTP://www.paypal.com. Sometimes browsers autofill commonly visited sites, but you can then click to the web address bar at the top or bottom of your browser and read how the URL is actually showing up once you are directed there.
    • Pay attention to the spelling of the website – there can be similar sites made to look like official sites.  Could be ‘bannkofamerica’ instead of ‘bankofamerica.com’

Of course, you don’t have control over every scenario and maybe using a public wifi hotspot is your last but necessary resort, especially while traveling.  With a secure VPN service, such as ExpressVPN, you connect to a public wifi network without much worry.

 

Is using my phone’s data plan a better option than public wifi?

While using your phone’s data is better for your overall digital security than connecting to public wifi networks, sometimes using your phone’s data isn’t a good option.

Using your phone’s data can be expensive if you don’t have unlimited plans, even unlimited data plans can start to throttle your service after a certain threshold has been met, or the reception or data is poor. Utilizing your mobile plan’s data can be especially difficult if you’re traveling abroad, where the cost of using your phone’s data can be restricted or cost-prohibitive. In these situations, you may be reliant on public wifi hotspots to stay in contact with other travelers on the trip as well as family or friends back home.

There’s a lot of talk about how public wifi hotspots can be bad for you, but there isn’t a lot of conversation about exactly why and how using a VPN can protect you when using public wifi hotspots.

 

How a VPN can protect you when using public WiFi hotspots

Below are the specific ways hackers can breach your privacy and security while using public wifi hotspots and how a VPN service can protect you.

 

Top 4 Public WiFi Hacks

1. The ‘Evil Twin’ (Look closely at the name of the network)

The Evil Twin Hack

We’ve all been there before: You’re at an airport or coffee shop and your reception is shoddy so you join the public wifi hotspot of the establishment while you wait. You know well enough not to join a random network so you click to join the official wifi hotspot of the establishment you are frequenting. You log on to your social media sites and pull up your bank information to figure out which card to use for your purchase. What you may not have noticed is that the wifi network you connected to is actually a fake version with a similar name: CoffeeShop_GuestWifi vs. Coffee_Shop_Guest_Wifi etc.

Once you’re surfing the web on this fake version of a wifi network, all your data is sent to the hacker who created the account.

Solution

When you use a VPN service, it establishes a level of encryption between the end-user and a website regardless of what network you join so any intercepted data cannot be read by the hacker without a correct decryption key.

 

2. The ‘Man in the Middle Attack’ (When a hacker comes between you and the site)

The ‘Man in the Middle’ Hack

A “Man in the Middle Attack” is when a hacker gets between the person trying to access the site and the site itself. A hacker will display their version of a site to you and then intercept any data that you enter. In this hack even if you join a legitimate public wifi hotspot, you can fall victim without a secure VPN connection. Hackers find users on a network to see what users are trying to view and then mimic that website to the user and the user to the website. Even when you’re on a network that isn’t secure, you might think going to an encrypted site, such as PayPal, is secure. Wrong. In a “Man in the Middle Attack”, if you go to an encrypted site such as PayPal,  the hacker pretends to be Paypal to receive whatever verification is necessary to log into Paypal.

Solution

Because VPN services like ExpressVPN encrypt your data, even if hackers intercept your data it isn’t accessible to them. Services like ExpressVPN work both for your personal computer and mobile devices, which means the protection of a VPN service can travel anywhere you go.

 

3. Packet Sniffing (Software reads your data)

The ‘Packet Sniffing’ Hack

Whenever you connect to any network, your devices send data packets that can be read by free software, such as Wireshark. When you’re on an unencrypted network, hackers can use free software, such as Wireshark, to read those data packets.  Ironically, with such software, you can analyze web traffic to find security problems and vulnerabilities that need to be fixed or exploited.

Solution

Even though hackers can still see that there are data packets being sent, if you’re using a VPN, such as ExpressVPN, your data is traveling through a secure and encrypted tunnel protecting exposure and use by hackers. Because your data is encrypted, it renders your information virtually useless to hackers. And because they can see that you’re connecting via a VPN service, hackers can see that you would be harder to hack.

 

4. Sidejacking (Sniffed data is now being used against you)

The ‘Sidejacking’ Hack

When a hacker employs the sidejacking technique, they essentially take the information gleaned from packet sniffing to be used in real-time usually on-location to exploit its victim. Once intercepted, the data is then used to gain access to the original destination website or app.

The hacker uses packet sniffing to read network traffic and ‘steal cookies’. Cookies are files that a website stores on your mobile phone, tablet, or computer as you browse the web. Cookies store a variety of information from language preferences to personal data such as name, physical address, or email address. This allows websites to customize your experience. Once hackers find nonsecure socket layer (SSL) cookies (just HTTP:// not HTTPS://), the information sent to the website or app by you is then captured. This allows the hacker to use what is captured to exploit private information and gain access to this and other sites.

Solution

Hackers scan web traffic to spot unencrypted or exploitably encrypted data so having a secure VPN service most likely takes your data ‘out of the running’ for most hackers as they can see it is encrypted. And even if they do try, information going from and to your device is encrypted so they will likely be unable to access the information itself.

 

Get an Antivirus ‘Insurance’ policy

If you forgot to turn on your VPN service while out and about. you might panic at the thought of all the potential compromises outlined above.  If, however, you’re running an antivirus program, such as TotalAV ($19 your first year (80% off) in the background of your device, you’d still be protected should a hacker infiltrate your device.

Need help choosing a VPN service?  Check out Best VPNs for 2024, or if you’re in the market for quality Antivirus software, check out: Best Antivirus Protection in 2023.

Have you had to rely on public wifi hotspots while out and about? Tell us how using a VPN and/or running an antivirus program in the background helped or put you at ease?

 

CyberGuy’s top VPN picks

ExpressVPN – Best VPN Overall

Get ExpressVPN

 

Surfshark – Best Inexpensive VPN

Get Surfshark

 

Related:

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

How to protect your deliveries from getting stolen by porch pirates

How your browser is spying on you. Hidden dangers lurking behind every click

T-Mobile hacked by Chinese cyber espionage in major attack on US telecoms