What are the risks of using public WiFi?

green text and binary on black screen

Monday, 19 August, 2019

Although 4G provides a perfectly adequate method of data connectivity while we’re out and about, most of us are happy to utilise open networks periodically.

Traditional stone buildings often block cellular connectivity, while many parts of the UK only enjoy reasonable signal strength outdoors.

In shopping centres, basement cafés and rural hotels across the land, open WiFi networks provide a practical way to get our smartphones and laptops online.

However, there’s a problem.

Although these hotspots are generally free, security tends to be lax – or completely absent.

Businesses aren’t going to throw significant sums at cutting-edge data encryption for a free service. And anyway, that would make it harder for occasional visitors to get online.

As a consequence, public WiFi risks are more significant than people generally realise…

Hotspot or notspot?

A survey conducted last month by cybersecurity company Bullguard uncovered some startling revelations about our attitudes to public WiFi.

Firstly, it revealed that forty per cent of survey respondents would automatically try and connect to any wireless network whose name matched their location.

In other words, they wouldn’t bother to check whether it actually was a WiFi network provided by their host, or a spoof network set up by cybercriminals to trick the unwary.

Connecting to the latter might get a device online, but every bit of data sent and received would be monitored – and potentially reused to commit theft or fraud in the victim’s name.

Less than one in five people invested any time or effort in checking network security. And few claimed to be concerned about logging onto a network without needing a password.

A thief’s treasure trove

Bullguard also revealed over a third of daily public WiFi users are happy to distribute sensitive information across insecure open networks which anyone can snoop on.

Logging into online banking, completing ecommerce transactions and accessing password-protected accounts are just three examples of irresponsible data sharing over public networks.

Bullguard describes this as “choosing convenience over safety”. And they’re not wrong.

Public WiFi risks include so-called man-in-the-middle attacks. That quiet chap on a laptop in the corner could be studying every data packet sent from every device over an open network.

From identity theft to password cloning, this treasure trove of information is far easier to access than over a domestic WiFi network, where WPA2 encryption comes as standard.

Shockingly, over 60 per cent of people have devices set up to automatically connect to the strongest WiFi signal, irrespective of its authenticity.

Minimising public WiFi risks

With almost half of people believing antivirus software will protect them from cybercrime across insecure WiFi networks, many of us clearly need an education on staying safe online.

Firstly, remember any public WiFi network represents an easy target for eavesdroppers. In a café, they can even enjoy a latte and an Empire biscuit while they target unwitting victims.

Secondly, avoid conducting any financial or ecommerce transactions over a public network – crooks won’t be especially interested in web browsing or mundane work emails.

Connect to the internet through a VPN, or use the Tor browser. This prevents man-in-the-middle attacks by fully encrypting every data packet sent to and from your device.

If your device’s screen isn’t fitted with a privacy filter to prevent spying from oblique angles, be mindful of people nearby who might be able to view your keystrokes or screen contents.

Be wary of any public networks which don’t ask users to accept terms of service prior to getting online – these could well be bogus networks set up by criminals.

And rather than using apps, visit HTTPS-certified desktop websites instead.

If in doubt…

Finally, if you have any doubts about a network you’ve connected to, disconnect and tell the device to forget the connection.

Clear your browser cache, run malware checks and change any passwords on accounts accessed during this browsing session.

You should also report your suspicions to staff, in case the network actually is fraudulent or compromised.

This might even encourage them to upgrade the security offered by their WiFi networks…

Neil Cumins author picture

By:

Neil is our resident tech expert. He's written guides on loads of broadband head-scratchers and is determined to solve all your technology problems!