Return to protonvpn.com Facebook   Twitter   Reddit   ProtonMail

Is public WiFi safe to use?

Posted on October 4th, 2018 by in Privacy, Security.

 

Airports, cafes, hotels – we are surrounded by free hotspots. While they are convenient, if you are not careful, public WiFi connections can put your device and personal data at risk to hackers. Here are some steps you can take to secure your connection and your personal data.

We have all done it: connected to a free public WiFi network we did not know to check emails, read the news, or scroll Instagram. What we often do not think about is that the same convenience that makes public WiFi so easy to use is also what makes it so attractive to hackers. Since most public WiFi services lack a strong password, they are vulnerable to a number of techniques that hackers can use to observe your online activity, collect your personal and financial data, or even break into your device.

Dangers of using Public WiFi

Here are some fairly simple exploits that a hacker could use to access your device while you are connected to public WiFi:

Man-in-the-middle
In a MITM attack, the hacker intercepts the network traffic being transmitted between your device and the WiFi router, allowing them to monitor your online activity and even alter your interaction with websites. One method is called “ARP spoofing” in which the hacker associates their media access control address with the IP address of your device causing any traffic meant for your IP address to be shared with the hacker. This can all be done without the end user – you – realizing anything is amiss. Meanwhile, the hacker behind the MITM attack could portentially read every email you open and watch every password you enter. They can even redirect you to spoof websites, which look like the legitimate website you wanted but are actually under the control of the hacker, allowing them to steal any information you enter.

Malicious hotspots
Often when you are in an airport or in a mall looking for free WiFi you will see several WiFi networks with very similar names, like “Airport_WiFi,” “Airport_Public_WiFI,” and “Airport_WiFi_Free.” In these cases, it is very likely that a hacker has created their own hotspot and is trying to pass it off as the legitimate public WiFi. If you connect to a hotspot controlled by a hacker, all your network traffic is visible to them unless you are using a VPN.

Malware
If you have enabled file sharing or Bluetooth or if you are connected to an unsecured WiFi network, hackers can connect to your device and send it malware. This is what the hacking group known as “Darkhotel” did, targeting business travelers that stayed at luxury hotels. Malware encompasses a lot of nasty software and programs that are designed to steal your bandwidth, shut down your device, or even give complete control of it to a hacker. What’s worse, most malware works in the background of your device’s operating system, making it hard to detect and eliminate without the proper software.

WiFi sniffing
There are numerous programs available that allow you to monitor a hotspot’s network traffic. If the WiFi network is not secured, either due to a reliance on insecure protocols or because there is no password or both, these types of programs allow hackers to capture data packets and analyze them. With this information they can easily monitor your online activity, steal your passwords, and see any personal or financial information you access while you are online.

How to stay safe on public WiFi

While public WiFi will never be 100 percent secure, there are some simple steps that you can take to reduce your vulnerability.

Use a trustworthy VPN
A VPN is the best protection you can have when connecting to a public WiFi network. A VPN will encrypt your network traffic, meaning that even if someone is intercepting your data, they still cannot see it without decrypting it. This makes it impossible for them to monitor your online activity in real time. A VPN combined with HTTPS makes it very difficult for a hacker to perform a MITM attack.

Use HTTPS to ensure you are visiting the right site
If you visit sites using HTTPS (or if you use the EFF browser extension HTTPS Everywhere) you are encrypting part of your network traffic and making it more difficult for someone running a MITM attack to send you to a spoofed website they control.

Disable automatic connections, Bluetooth, and file sharing
You should always be aware of what network your device is connected to. The easiest way to do this is to disable automatic connections. That way you will need to select what WiFi network you connect to. It may add an extra step, but it prevents your device from being connected to a WiFi network and exposed to risks without you knowing. The same logic applies to Bluetooth and AirDrop and other file sharing services. Only activate Bluetooth, AirDrop or other file sharing services for a specific function and then turn it off once you are finished.

Know who runs your hotspot – and ask for the password
Before logging on, you should always find an employee of the hotel/café/airport you are in and ask them if they have free WiFi and what the name of their network is. This will help you avoid connecting to malicious and fake hotspots. Even if you verify the WiFi network is genuine and it is password-protected, we still advise you avoid using it without first protecting your connection with a VPN.

Avoid sensitive accounts
If you use public WiFi without a VPN, the best way to ensure your personal data is not compromised is to not check accounts that could expose that information. Even if someone has successfully begun monitoring your online activity, if you do not check your bank accounts, open your emails, or read private messages while you are on public WiFi, then then they cannot access them either. If you are going to check any type of sensitive account on an unsecured network, always use a VPN.

There will always be a security risk if you use public WiFi, but that does not mean you should never use it. The basic precautions listed above will help you keep your personal data safe from the majority of attacks against public WiFi hotspots.

Best Regards,
The ProtonVPN Team

You can follow us on social media to stay up to date on the latest ProtonVPN releases:

Twitter Facebook | Reddit

To get a free ProtonMail encrypted email account, visit: protonmail.com 

Prior to joining ProtonVPN, Richie spent several years working on tech solutions in the developing world. As a senior editor and writer at Latterly, he covered and commented on international human rights stories. He joined ProtonVPN to advance the rights of online privacy and freedom.

Post Comment

3 comments

  1. T

    Helpful and useful information. Would love to see information and commentary for internet users in China in particular foreigners who travel there for work. There is a general understanding of the “Great Firewall” but not exactly how we can protect our privacy and Data while working there and using hotel/public WiFi in China. Would be extremely informative .

  2. Will

    Great Articles always! Thank You.
    Is there any indication of when the ProtonVPN iOS app may be ready?
    Another update of OpenVPN now with disconnects in abundance regardless of server, part time seamless tunnel, and craftily worded data collection/gathering clause.
    An update about the coming app would be a wonderful blog topic.

  3. Richie

    Hey WIll! The iOS is definitely coming out sooner than you think, however we cannot reveal the exact release date just yet. Follow us on social media to get all the exciting news first!

    After updating the OpenVPN app, we would recommend deleting old VPN profiles and upload them once again. Also please check your OpenVPN credentials, since you might need to enter them again while creating profiles (you can check your OpenVPN credentials under the ACCOUNT tab while logged in to http://protonvpn.com ). These tips should solve any connection problems.

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base

 

Secure Your Internet Today

Get ProtonVPN