Is public WiFi safe to use?

We have all done it: connected to a free public WiFi network we did not know to check emails, read the news, or scroll Instagram. What we often do not think about is that the same convenience that makes public WiFi so easy to use is also what makes it so attractive to hackers. Since most public WiFi services lack a strong password, they are vulnerable to a number of techniques that hackers can use to observe your online activity, collect your personal and financial data, or even break into your device.

Risks of using Public WiFi

Here are some fairly simple exploits that a hacker could use to access your device while you are connected to public WiFi:

1. Man-in-the-middle

In a MITM attack, the hacker intercepts the network traffic being transmitted between your device and the WiFi router, allowing them to monitor your online activity and even alter your interaction with websites. One method is called “ARP spoofing” in which the hacker associates their media access control address with the IP address of your device causing any traffic meant for your IP address(new window) to be shared with the hacker. This can all be done without the end user – you – realizing anything is amiss. Meanwhile, the hacker behind the MITM attack could potentially read every email you open and watch every password you enter. They can even redirect you to spoof websites, which look like the legitimate website you wanted but are actually under the control of the hacker, allowing them to steal any information you enter

2. Malicious hotspots

Often when you are in an airport or in a mall looking for free WiFi you will see several WiFi networks with very similar names, like “Airport_WiFi,” “Airport_Public_WiFI,” and “Airport_WiFi_Free.” In these cases, it is very likely that a hacker has created their own hotspot and is trying to pass it off as the legitimate public WiFi. If you connect to a hotspot controlled by a hacker, all your network traffic is visible to them unless you are using a VPN.

3. Malware

If you have enabled file-sharing or Bluetooth or if you are connected to an unsecured WiFi network, hackers can connect to your device and send it malware. This is what the hacking group known as “Darkhotel(new window)” did, targeting business travelers that stayed at luxury hotels. Malware encompasses a lot of nasty software and programs that are designed to steal your bandwidth, shut down your device, or even give complete control of it to a hacker. What’s worse, most malware works in the background of your device’s operating system, making it hard to detect and eliminate without the proper software.

4. WiFi sniffing

There are numerous programs available that allow you to monitor a hotspot’s network traffic. If the WiFi network is not secured, either due to a reliance on insecure protocols or because there is no password or both, these types of programs allow hackers to capture data packets and analyze them. With this information, they can easily monitor your online activity, steal your passwords, and see any personal or financial information you access while you are online.

5 ways to stay safe on public WiFi

While public WiFi will never be 100 percent secure, there are some simple steps that you can take to reduce your vulnerability.

1. Use a trustworthy VPN

A VPN(new window) is the best protection you can have when connecting to a public WiFi network. A VPN will encrypt your network traffic, meaning that even if someone is intercepting your data, they still cannot see it without decrypting it. This makes it impossible for them to monitor your online activity in real time. A VPN combined with HTTPS(new window) makes it very difficult for a hacker to perform a MITM attack.

2. Use HTTPS to ensure you are visiting the right site

If you visit sites using HTTPS (or if you use the EFF browser extension HTTPS Everywhere(new window)) you are encrypting part of your network traffic and making it more difficult for someone running a MITM attack to send you to a spoofed website they control.

3. Disable automatic connections, Bluetooth, and file sharing

You should always be aware of what network your device is connected to. The easiest way to do this is to disable automatic connections. That way you will need to select what WiFi network you connect to. It may add an extra step, but it prevents your device from being connected to a WiFi network and exposed to risks without you knowing. The same logic applies to Bluetooth and AirDrop and other file sharing services. Only activate Bluetooth(new window), AirDrop(new window) or other file sharing services for a specific function and then turn it off once you are finished.

4. Know who runs your hotspot – and ask for the password

Before logging on, you should always find an employee of the hotel/café/airport you are in and ask them if they have free WiFi and what the name of their network is. This will help you avoid connecting to malicious and fake hotspots. Even if you verify the WiFi network is genuine and it is password-protected, we still advise you to avoid using it without first protecting your connection with a VPN.

5. Avoid sensitive accounts

If you use public WiFi without a VPN, the best way to ensure your personal data is not compromised is to not check accounts that could expose that information. Even if someone has successfully begun monitoring your online activity, if you do not check your bank accounts, open your emails, or read private messages while you are on public WiFi, then then they cannot access them either. If you are going to check any type of sensitive account on an unsecured network, always use a VPN.

Proton VPN is brought to you by Proton Mail, the world’s largest encrypted email provider(new window). It is a free VPN service that provides IP addresses in 43 countries and counting.

There will always be a security risk if you use public WiFi, but that does not mean you should never use it. The basic precautions listed above will help you keep your personal data safe from the majority of attacks against public WiFi hotspots.

Best Regards,
The Proton VPN Team

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter (new window)Facebook(new window) | Reddit(new window)

To get a free Proton Mail encrypted email account, visit: protonmail.com (new window)

Related articles

How to fix a 502 error
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.
Proton VPN for Windows ARM
We’re pleased to announce a new Proton VPN app with native support for Windows devices that use the ARM chipset.
What is doxing and is doxing illegal
  • Privacy basics
We look at what doxing is, who does it (and why), and at how to protect yourself from doxing .