You’ve heard that you shouldn’t open PayPal, your bank account and possibly even your email while using public WiFi. But what are the actual risks?
Well, your home WiFi is (hopefully) encrypted; the WiFi at the coffee shop isn’t. This means you’re at risk of people monitoring your online activity, or worse – unless you know how to protect yourself. Here are a few dangers, and how to avoid them.
Unencrypted Browsing Is Public
WiFi uses radio waves, and radio waves are anything but direct. They broadcast, and this means that anyone within range can see everything you’re doing online, if they have the right software.
This means that, without protection, anyone who wants to can see:
- Every site you visit
- Every bit of text you send out
- Your login information for various sites
The danger here is clear, so naturally you’re going to want protection. At home, you can encrypt your WiFi network – this prevents snooping by making all of your traffic unreadable with a key. Public WiFi, however, usually isn’t encrypted – you can tell this is the case when you don’t need to type a password in order to connect.
Does this mean you’re defenceless? No.
Your first line of defence is OpenSSL, a kind of encryption offered by many websites: Google, Facebook and most banks, to name a few. This technology encrypts the traffic between you and another site, meaning no one will be able to snoop on that activity. You’ll know OpenSSL is on when you see “HTTPS” in your browser’s address bar, like this:
OpenSSL isn’t bulletproof – it was recently proven to be vulnerable by Heartbleed. Most sites have patched that up at this point, but the bug proved that everything is potentially vulnerable, even with OpenSSL turned on.
Vulnerabilities, and the fact that many websites aren’t encrypted at all, mean those deeply concerned about privacy should look into using a VPN (Virtual Private Network). These services route all of your computer’s traffic through another server, and usually encrypt that traffic – meaning snooping is impossible. Look into our list of the best VPN services if you’re interested, and consider signing up for a service with encryption. It’s the best way to completely shield yourself from would-be snoops.
Your Fellow Users May Be Infected
Of course, snooping isn’t the only potential danger on a public WiFi network: there’s also the risk of malware. Your fellow coffeeshop patron might be running Windows XP SP1 without any malware protection, putting your computer at risk of infection.
This is why it’s essential to make sure you’ve got a firewall running when you connect to a public WiFi network. In Windows, the simplest way is to set all public WiFi networks as “Public”, when you’re prompted:
This will turn off your computer’s local file sharing, and block most network traffic. Connecting through a VPN would have a similar effect.
Malware protection is also a good idea if you regularly connect to public networks. Check out best of Windows software page for recommendations, if you’re not already protected. You’ll also find a variety of third-party firewalls, which can also protect you while you’re using third party networks.
The WiFi Network May Be A Trap
Sometimes free WiFi seems too good to be true; sometimes, it is. If you’re connected to a WiFi network, and have no idea whose network it is, beware: the hotspot might exist entirely to steal your personal data.
Setting up a WiFi network is neither hard nor expensive, and scammers have started doing so in the hopes they can steal passwords and other personal information. If you connect to a network called something like “Free WiFi”, with no password required and no welcome screen, it might be a trap.
Connect to one of these networks and you’ll think you’re connecting to the Internet as-per-usual, but in reality you’re falling for an elaborate phishing scam. You won’t be able to tell, but you could be entering your email username and password into a fake version of the site you think you’re visiting, giving your password to a scammer in the process. OpenSSL can’t protect you in such cases – everything will appear to be working as usual.
The exact nature of these attacks can vary, but this outline of a DNS-based attack is worth a read for the technically inclined.
How can you protect yourself from such networks? The best way is to connect to WiFi networks only if you know who’s running them. Ask business owners what the name of their network is, to ensure you’re connecting to something legitimate.
But even this isn’t necessarily enough – it’s possible for a coffee shop’s network to be hijacked or replaced. If security is essential, consider an encrypted VPN.
There are other dangers to using public WiFi – scammers are imaginative, and unsecured Internet connections offer a lot of room to use that creativity. But a few key points to keep in mind, if you want to stay safe:
- If your traffic isn’t being encrypted, it’s being broadcast – and anyone who wants to can listen in.
- Ensure you’ve turned on your firewall, and have up-to-date malware protection, or you could run into problems.
- If security is a must, consider using public WiFi only through an encrypted VPN service.
I’m sure you can think of other security tips, so please: help your fellow readers in the comments below.