3 Public WiFi Security Risks and How You Can Avoid Them

By RMON Networks | November 25, 2019

Public WiFi is almost everywhere in today’s technology dominated world. Coffee shops, libraries, airports, hotels and businesses have installed hotspots to feed the growing demand for universal access to WiFi. While convenient to use, there are hidden security risks and dangers you should know about.

  • Shady individuals can use techniques combined with special computer programs to steal your data over public WiFi networks.
  • Cyber criminals can see all your internet activity right from their computers.
  • Hackers can sit at your favorite coffee shop with a fake WiFi hotspot named after the business and monitor your browsing traffic. They can then analyze your browsing history to see if any personal information can be gathered from the sites you visited.

Remember, the WiFi you’re connecting to is shared with others which substantially increases your risk of becoming a victim of data theft. You never know who will be using the same public network as you. Let’s take a deeper look into these 3 common methods that hackers use to gain access to your information which makes using public WiFi dangerous.

Public Wifi Security Risks Infographic

1. Packet Sniffing

Colasoft.com defines packet sniffing as “the act of capturing packets of data flowing across a computer network. The software or device used to do this is called a packet sniffer. Packet sniffing is to computer networks what wire tapping is to a telephone network. Packet sniffing has legitimate uses to monitor network performance or troubleshoot problems with network communications. However, it is also widely used by hackers to gather information illegally about networks they intend to break into.”

Packet sniffers make it possible to capture data like passwords, IP addresses, protocols being used on the network and other information that will help the attacker infiltrate the network according to colasoft.com.Hacker stealing data using packet sniffing

Because most people use the same username and password for multiple accounts, their risk is magnified. It is alarmingly easy to get a hold of these types of programs; many are even free. Once an attacker steals your credentials, they can compromise far more than your Twitter or Facebook account.

They can even gain access to your banking information or other private data like birthdays, Social Security numbers, your mother’s maiden name, and your billing address. Check out this article from medium.com to see how much information hackers can dig up from unsuspecting victims in under 20 minutes.

You might think that an expert would be needed to carry out such an attack. However, that’s far from the case. Free plugins list out the URLs you are visiting, compromising your privacy and your security. Consider the following Amazon URL: https://www.amazon.com/s?k=nail+polish&ref=is_box_Amazon uses similar URLs for every part of your shopping experience. The result is that the attacker can see your browsing history and start to see a pattern and use this data to log in to your accounts.

Using a VPN is the best defense against packet sniffing. If you don’t have access to one, using HTTPS sites, or SSL encrypted browsing sessions, is the next best option. Check out this helpful guide from theverge.com on how to setup a VPN for a variety of devices and/or browsers.

2. Man-in-the-Middle Attacks

Man-in-the-Middle (MITM) isn’t a new type of schoolyard game. Instead, it’s a type of attack where hackers are able intercept all your internet activity. It’s like they are eavesdropping on a conversation between you and your financial advisor. They can watch you log into your online banking app and gather the data you used to gain access to your account which they can use to impersonate your identity later. From there they can see all the information that only you and your bank should see.

Public wifi risk of a hacker stealing your credit card information While similar to packet sniffing, MITM attacks are significantly more dangerous. This is because the information that the attacker gathers can be modified. When you go to buy something online, the attacker can learn your credit card number. They can also change the account number when you initiate a transfer of funds, so that your money goes right into their bank account and you don’t even know it.

Netsparker.com provides a list of way to avoid being a victim of Man-in-the-middle attacks. Here are 3 of their easiest methods:

  • Be wary of links that you click to avoid phishing attempts that lead to MITM attacks.
  • Always keep your operating system and your browser up to date. This way, the attackers will not be able to use exploits to install malware on your computer.
  • If you have a website or web application, regularly scan it for vulnerabilities and resolve issues.

3. Malicious WiFi HotspotsMalicious public wifi hotspot

WiFi hotspots can be named anything the owner would like. How do you know that the StarbucksWiFi free access point is the official one?

Any malicious attacker can set up a hidden hotspot and name it whatever they want. While you browse, your traffic is recorded and later analyzed for any sensitive information that may prove useful in compromising your accounts.

Instead of just connecting to a random WiFi access point, check with establishment to ensure that you’re connecting to their official WiFi and not a fake hotspot.

In Conclusion

Free WiFi is tempting and convenient but is risky and exposes you to data theft. The best way to avoid public WiFi dangers, is to not use it. If you need to access an area’s public network use HTTPS, SSL encrypted browsing sessions, or a VPN. You should always confirm the authenticity of the hotspot of the establishment before you connect. Lastly you should be wary of phishing links, keep your operating system/browser up to date, and regularly scan your web application for vulnerabilities.

How frequently do you connect to a public WiFi hotspot during the week? Let us know in the comments!

Contact Us

Leave a Comment

Your email address will not be published.