We have all done it: connected to a free public WiFi network we did not know to check emails, read the news, or scroll Instagram. What we often do not think about is that the same convenience that makes public WiFi so easy to use is also what makes it so attractive to hackers. Since most public WiFi services lack a strong password, they are vulnerable to a number of techniques that hackers can use to observe your online activity, collect your personal and financial data, or even break into your device.
Risks of using Public WiFi
Here are some fairly simple exploits that a hacker could use to access your device while you are connected to public WiFi:
1. Man-in-the-middle
In a MITM attack, the hacker intercepts the network traffic being transmitted between your device and the WiFi router, allowing them to monitor your online activity and even alter your interaction with websites. One method is called “ARP spoofing” in which the hacker associates their media access control address with the IP address of your device causing any traffic meant for your IP address to be shared with the hacker. This can all be done without the end user – you – realizing anything is amiss. Meanwhile, the hacker behind the MITM attack could potentially read every email you open and watch every password you enter. They can even redirect you to spoof websites, which look like the legitimate website you wanted but are actually under the control of the hacker, allowing them to steal any information you enter
2. Malicious hotspots
Often when you are in an airport or in a mall looking for free WiFi you will see several WiFi networks with very similar names, like “Airport_WiFi,” “Airport_Public_WiFI,” and “Airport_WiFi_Free.” In these cases, it is very likely that a hacker has created their own hotspot and is trying to pass it off as the legitimate public WiFi. If you connect to a hotspot controlled by a hacker, all your network traffic is visible to them unless you are using a VPN.
3. Malware
If you have enabled file-sharing or Bluetooth or if you are connected to an unsecured WiFi network, hackers can connect to your device and send it malware. This is what the hacking group known as “Darkhotel” did, targeting business travelers that stayed at luxury hotels. Malware encompasses a lot of nasty software and programs that are designed to steal your bandwidth, shut down your device, or even give complete control of it to a hacker. What’s worse, most malware works in the background of your device’s operating system, making it hard to detect and eliminate without the proper software.
4. WiFi sniffing
There are numerous programs available that allow you to monitor a hotspot’s network traffic. If the WiFi network is not secured, either due to a reliance on insecure protocols or because there is no password or both, these types of programs allow hackers to capture data packets and analyze them. With this information, they can easily monitor your online activity, steal your passwords, and see any personal or financial information you access while you are online.
5 ways to stay safe on public WiFi
While public WiFi will never be 100 percent secure, there are some simple steps that you can take to reduce your vulnerability.
1. Use a trustworthy VPN
A VPN is the best protection you can have when connecting to a public WiFi network. A VPN will encrypt your network traffic, meaning that even if someone is intercepting your data, they still cannot see it without decrypting it. This makes it impossible for them to monitor your online activity in real time. A VPN combined with HTTPS makes it very difficult for a hacker to perform a MITM attack.
2. Use HTTPS to ensure you are visiting the right site
If you visit sites using HTTPS (or if you use the EFF browser extension HTTPS Everywhere) you are encrypting part of your network traffic and making it more difficult for someone running a MITM attack to send you to a spoofed website they control.
3. Disable automatic connections, Bluetooth, and file sharing
You should always be aware of what network your device is connected to. The easiest way to do this is to disable automatic connections. That way you will need to select what WiFi network you connect to. It may add an extra step, but it prevents your device from being connected to a WiFi network and exposed to risks without you knowing. The same logic applies to Bluetooth and AirDrop and other file sharing services. Only activate Bluetooth, AirDrop or other file sharing services for a specific function and then turn it off once you are finished.
4. Know who runs your hotspot – and ask for the password
Before logging on, you should always find an employee of the hotel/café/airport you are in and ask them if they have free WiFi and what the name of their network is. This will help you avoid connecting to malicious and fake hotspots. Even if you verify the WiFi network is genuine and it is password-protected, we still advise you to avoid using it without first protecting your connection with a VPN.
5. Avoid sensitive accounts
If you use public WiFi without a VPN, the best way to ensure your personal data is not compromised is to not check accounts that could expose that information. Even if someone has successfully begun monitoring your online activity, if you do not check your bank accounts, open your emails, or read private messages while you are on public WiFi, then then they cannot access them either. If you are going to check any type of sensitive account on an unsecured network, always use a VPN.
Proton VPN is brought to you by Proton Mail, the world’s largest encrypted email provider. It is a free VPN service that provides IP addresses in 43 countries and counting.
There will always be a security risk if you use public WiFi, but that does not mean you should never use it. The basic precautions listed above will help you keep your personal data safe from the majority of attacks against public WiFi hotspots.
Best Regards,
The Proton VPN Team
You can follow us on social media to stay up to date on the latest Proton VPN releases:
Twitter | Facebook | Reddit
To get a free Proton Mail encrypted email account, visit: protonmail.com
Am I suppose to buy proton for each of my devices? I have up graded to the 3rd package and it still shows that I am on the free package. How can I move to a different countries Ip?
Hi Anthony. If you buy a Plus plan you can use ProtonVPN on up to 5 devices at the same time using the same account. With a Visionary plan this number goes up to 10. To change countries, simply select a different country (or individual server) from the list in our apps. If you have upgraded to Plus or Visionary plan, but your app is still saying you are on the free plan, please contact our Support Team for assistance.
I have had issues where I can not navigate on any browser My wifi does connect to a network, but it suddenly stopped navigating any browser. My emails however are still comming in. I thought my wifi antena or computer were broken, took it to the shop, and as soon as they erased proton VPN, the browsers started navigating again. Why does this happen. this happened both with the VPN on and off. Must clarify that this happened with the free version of VPN.
Hi flyingChico. This should not be happening. Please contact our Support Team for assistance.
I downloaded Proton VPN on my mac and it has been awful. I have like 50 windows telling me my wifi is insecure, but they will not close. I cannot quit the app, I cannot delete the app because it will not close. It is taking up my entire desktop and doing nothing. How the hell do I get it off my computer???
Hi Emma, this shouldn’t be happening. Please reach out to our support team: https://protonvpn.com/support-form Thank you!
Hello!
I am very new to all of this vpn and encryption stuff. Sorry if this is a dumb question, but… if I use ProtonMail / ProtonVPN, through my employer’s WiFi, will my employer be able to read my personal messages? Thanks!
Hi Maxwell, good question. If you are using your personal ProtonMail account, your employer will not be able to monitor your messages.
PtotonVPN has proven reliable with over 90% of traffic routing I make between work and outside servers, is there an additional layer of encryption you would recommend for local level FIPS140-2 or higher that would encrypt email not sent via ProtonMail accounts?
It would also be helpful if file attachments met FIPS140-2 or higher locally before being sent over open connection routers or public hotspots.
Hi,
I have downloaded ProtonVPN Free for Windows. I did that hoping that I can safely use a public Hotspot.
So I connected to your Server FR#31 using the hotspot to connect to your server. I now see an IP number but how do I know, that ProtonVPN is working and that I’m “invisible” for all other participants of the hotspot?
Thank you for a quick reply.
best regards, Dietmar
Hi Dietmar, you can see what IP address is visible to others by visiting https://ip.me/. Thanks for using ProtonVPN!
can i use my own personal hotspot
Yep!
Very informative article. I have been recommending Proton to all of my friends.
I understand how encryption protects data between the user and the VPN service provider’s servers, but what about vulnerabilities between the VPN server and the destination server? Am I misunderstanding the idea?
Good question! You are correct that your traffic will make the jump from our server to the destination server without VPN encryption. However, the connection will most likely be protected with TLS encryption (this is why it’s always important never to send sensitive information to websites that do not use HTTPS), and the IP address that the destination sees will be that of our server.
Hi, I’d like to Thank you and your company for the wonderful job that you are doing
and also I would like to know more about your safe VPN service prices
why won’t my computers mobile hotspot work when I’m connected to protonvpn?
windows 10
toshiba
Hi. Using Panera wifi. We have the upgraded account and use “SECURE CORE” But when we activate either the SECURE CORE or REGULAR PROTON VPN, our connection is blocked. So it seems that Panera wifi does not allow anyone to use a VPN Is there anyway around this? thank you
Suggestion – prompts for PC, ok Mac users as well to open their sharing/Bluetooth setting to disable.
Is it safe to use 4g with vpn
Hi Tony, good question. It certainly is safe to use ProtonVPN if you are using a cell data (4G). This will prevent your mobile service provider from monitoring your online activity.
Hello,
Most (all?) of your apps have a kill switch function that blocks all connections when the VPN is not connected. This creates a problem when connecting to public WiFi’s that require a login or acknowledgement of terms. Those pages don’t open since your app blocks all connections. So you are having to disable or close the ProtonVPN app to access the WiFi’s login page. Then, until the app is restarted, there is a window of time when the connections don’t go through VPN. Smart phone apps are very aggressive and as soon as they see a connection within this window, they communicate, and you are exposed without VPN. Same if you have a browser window open, it will try to connect.
Can you make your kill switch function a bit smarter and let the connection with the router that serves the login pages go through, and block everything else?
Thanks in advance.
Thanks fur the article. I do not run Protonvpn 24/7, as I typically am on known secure WiFi most of the time. Protonvpn app won’t connect to a Pvpn server without having a data connection in the first place. So in connecting to a public WiFi, do I connect first and then establish the VPN via the app? (I also don’t run mobile data 24/7, just when needed.)
Yes, in order to use a VPN you need to be connected to WiFi or mobile data. Please note that a VPN is the best protection you can have when connecting to a public WiFi network: https://protonvpn.com/blog/public-wifi-safety/. If you are having trouble connecting to our servers while on mobile data, please contact us at https://protonvpn.com/support-form and we will assist you accordingly.
Helpful and useful information. Would love to see information and commentary for internet users in China in particular foreigners who travel there for work. There is a general understanding of the “Great Firewall” but not exactly how we can protect our privacy and Data while working there and using hotel/public WiFi in China. Would be extremely informative .
Great Articles always! Thank You.
Is there any indication of when the ProtonVPN iOS app may be ready?
Another update of OpenVPN now with disconnects in abundance regardless of server, part time seamless tunnel, and craftily worded data collection/gathering clause.
An update about the coming app would be a wonderful blog topic.
Hey WIll! The iOS is definitely coming out sooner than you think, however we cannot reveal the exact release date just yet. Follow us on social media to get all the exciting news first!
After updating the OpenVPN app, we would recommend deleting old VPN profiles and upload them once again. Also please check your OpenVPN credentials, since you might need to enter them again while creating profiles (you can check your OpenVPN credentials under the ACCOUNT tab while logged in to http://protonvpn.com ). These tips should solve any connection problems.