A VPN can help to protect you from hackers on unsecured public WiFi networks.
Malicious hackers try to gain unauthorized access to or otherwise disrupt the operation of your computer, smartphone, or any other internet-connected device.
While a virtual private network (VPN) is a great way to protect your privacy and security online, it’s not designed to defend you against hackers in all situations. We explain how and when a VPN can help to keep hackers at bay.
How does a VPN protect you from hackers?
Encrypting your internet
Hiding your IP address
What hackers does a VPN protect you against?
Man-in-the-middle attacks
Evil twins (malicious hotspots)
WiFi sniffing
DNS spoofing
Other remote attacks
What hackers does a VPN not prevent?
Get a trusted VPN and more to fight hackers
How does a VPN protect you from hackers?
A good VPN is an essential tool to protect your privacy and improve your overall security online. But it only helps to defend against specific types of online attacks.
By encrypting your internet connection and hiding your IP address, a VPN can help to prevent hackers from exploiting unsecured networks or using your IP address to target you.
Encrypting your internet
With a VPN, all the traffic from your device is securely encrypted, so your internet service provider (ISP), mobile network, or public WiFi provider can’t see your traffic. Your DNS queries, or requests to visit websites, are also encrypted, so your ISP can’t see where you go online.
So if you’re using a VPN on public WiFi, any criminal that hacks into the network can’t monitor your online activity. But most websites and apps now use HTTPS(neues Fenster), which has significantly reduced the threat from public WiFi hackers, as we explain below.
Hiding your IP address
When you connect to a VPN, the original IP address assigned to you is hidden from public view. All anyone online can see is the address of the VPN server you’re connected to.
By hiding your original IP address, a VPN can prevent hackers from using it to remotely hack into or otherwise attack your device.
Let’s consider in more detail the types of hacking a VPN can help to prevent.
What hackers does a VPN protect you against?
Since a VPN encrypts all your internet traffic and hides your IP address, the main scenario where a VPN can defend you against hackers is on unsecured public WiFi networks.
Some free public WiFi networks still use insecure encryption or lack a strong password(neues Fenster), so they’re vulnerable to attack: Hackers can break into the network and spy on you.
With a VPN switched on, the encrypted VPN tunnel between your device and the VPN keeps your online activity safe from hackers’ prying eyes.
However, most websites now use HTTPS, which encrypts the traffic between your device and the website. As HTTPS secures the information you submit online, like personal or financial details, the risk from public WiFi hackers is much lower than it once was.
But HTTPS only encrypts the data you exchange with websites. It doesn’t hide which sites you visit, so a hacker could still monitor where you go online. Nor does it defend you against DNS spoofing (see below).
Man-in-the-middle attacks
In a man-in-the-middle (MITM) attack(neues Fenster), the hacker intercepts the traffic between your device and the WiFi router. That way, they can eavesdrop on what you do, for example, to steal your personal details or impersonate you online.
A VPN hides your internet activity, keeping you safe from attack. MITM attacks include evil twins, WiFi sniffing, and DNS spoofing.
Evil twins (malicious hotspots)
Looking to connect to free WiFi in a cafe one day, you might see several networks on your device: “Seattle_Starbucks_WiFi”, “Starbucks_WiFi”, or “FREE_Starbucks_WiFi”. Be careful, as one could be an “evil twin” malicious hotspot(neues Fenster) created by a hacker — connect, and all your data could be visible to them.
If you do fall for the evil twin, a VPN will hide your data from the intruder.
WiFi sniffing
One way hackers can exploit unsecured networks is to use specialist software to “sniff out” data packets and analyze them. With a packet sniffer(neues Fenster), they could monitor your internet traffic and even hijack your cookies(neues Fenster) to impersonate you online and access your bank (to give a worst-case example).
With your VPN on, your data and real IP address are encrypted and can’t be sniffed.
DNS spoofing
When you enter a website address in your browser, it sends a DNS query to your ISP to look up the website’s correct numerical IP address. Unfortunately, these DNS requests, which can expose your entire browsing history, are typically unencrypted. If a hacker spoofs or “poisons” your DNS requests, they can redirect you to a malicious site they control.
A good VPN handles and encrypts all your DNS requests, meaning hackers can’t tamper with them.
Other remote attacks
As a VPN hides your real IP address, it can also shield you from various attacks that exploit your IP address, whatever network you’re on.
For example, if hackers know your IP address, they can scan the ports(neues Fenster) on your device to spot weaknesses or target you with a denial-of-service (DoS or DDoS)(neues Fenster) attack.
What hackers does a VPN not prevent?
Apart from exploiting unsecured public WiFi, hackers can use various ways to access or damage your online devices. Here are some threats a VPN won’t stop.
Malware
Hackers can use all kinds of malware to access your device, like spyware(neues Fenster), rootkits(neues Fenster), and remote access Trojans(neues Fenster). A VPN isn’t designed as a primary line of defense against malware.
But some good VPNs like Proton VPN can give you some protection. Get Proton VPN Plus, and you can enable NetShield Ad-blocker to block some malware from ever reaching your device.
Still, a VPN is no substitute for antivirus or internet security software, which actively monitors and scans your device for malware. Install antivirus software on your devices and keep it updated.
Software vulnerabilities
A VPN can’t protect you against hackers attacking weaknesses in your apps or operating system. These range from known vulnerabilities, for which security patches may be available, to so-called zero days(neues Fenster), which aren’t known to product developers and have no fixes.
To minimize the risk from known threats, keep your apps, operating system, and antivirus definitions updated to the latest versions.
Human error
One of the easiest ways criminals can hack your device is with your help. If you don’t lock down your online accounts with strong passwords(neues Fenster) and two-factor authentication (2FA)(neues Fenster) where possible, you’re putting yourself at risk of being hacked.
Hackers can also use social engineering(neues Fenster) to trick you into disclosing confidential information or taking action that could compromise your device.
A VPN is no defense if you follow a link in a phishing email(neues Fenster) or download malicious software from an unauthorized website.
Get a trusted VPN and more to fight hackers
A VPN is a great tool to protect your privacy and security online, but it’s only a defense against certain kinds of hacking. As a VPN encrypts your internet connection and hides your IP address, it can help to protect you against public WiFi hackers or anyone using your IP address to attack you.
So a good VPN is just one weapon in your armory against hackers, along with these basic precautions:
- Use strong passwords and two-factor authentication (2FA).
- Install antivirus or malware removal software.
- Beware of phishing, and be careful what you download.
- Keep your operating systems, apps, and antivirus updated.
Remember that a VPN provider can see your online activity and could itself be hacked, so choosing a VPN you can trust is vital. Proton VPN is trusted by millions worldwide, including journalists and activists, because we designed it to be as private and secure as possible.
At Proton, our goal is to give everyone privacy and security online, so join us. Together, we can build a better internet where privacy is the default.