Free WiFi is available nearly everywhere these days, giving us the ability to work remotely in hotels, coffee shops, restaurants and public parks. It’s convenient and liberating, but potentially unsafe.
Connecting to a public network requires little authentication — at best you’ll be greeted by a captive portal and have to check a box agreeing to the terms of service (ToS), or ask an employee for the password. Anyone can connect to these networks, including cybercriminals.
Attackers can setup their own “free” WiFi network in an attempt to lure in unsuspecting users. All an attacker has to do is find a high-traffic location, near a hotel or restaurant perhaps, and set up his fake network with an attractive name like “Free Public WiFi” or “Hotel X WiFi.” By the time authorities or telecom employees could arrive with the equipment needed to locate the source of the signal, the attacker would be long gone, stolen user credentials in hand.
We’ll examine the various threats posed by public WiFi as well as some common tools used by attackers and what you can do to keep yourself safe.
Security professionals use the concept of “threat models” to identify the most likely attacker and what steps to take to protect yourself from him. When it comes to public WiFi, the most likely threat is a common hacker or scammer attempting to steal a user’s information for profit.
If you have a three-letter agency in your threat model, such as the NSA or MI5, you’ll have to take extraordinary steps to stay safe anywhere you go. Our threat model is much simpler: a hacker attempting to steal your information and use it for profit.
Attackers could be after personal details such as your name, address, financial information, social security or other identification numbers. You likely wouldn’t notice anything is wrong until it’s too late — like when you notice strange activity on your credit report, six months later.
There is also the potential for blackmail if an attacker finds compromising documents or images on your device. If you have file-sharing options turned on it can be incredibly easy for an attacker to load ransomware onto your device, encrypting your data and demanding a ransom to unlock it. This is yet another reason why creating a backup strategy is incredibly important — if ransomware infects your device, you can wipe the hard drive and start over again thanks to your backups.
Think of an attacker as a fisherman: if he casts a net wide enough he’s bound to catch something. He may not care what it is or who he catches, but he’ll keep it all and sort through it later to find a way to profit from it.
Common Tools and Attacks
It’s easier than you think to attack an unsuspecting user on public WiFi. Tools such as FaceNiff allow anyone with an Android phone to steal your Facebook credentials as you login or use the service. While many sites are switching to Secure Socket Layer (SSL) which provides end-to-end encryption between your devices and the server, there are various ways around this for a determined attacker, such as SSLstrip or getting the attacker’s own SSL certificate installed on the device.
There are various pen testing tools for mobile devices, like zANTI, that make it easy for attackers to scan public WiFi networks and find vulnerable devices — including yours. A hacker could use a phone instead of a laptop, appearing to be another harmless individual browsing Facebook at a coffee shop or hotel bar.
A wide variety of tools are available for download and there is no shortage of public guides to help aspiring hackers learn how to wreak havoc on WiFi networks. It’s so easy, a seven-year-old did it in 11 minutes.
The Man in the Middle
A wireless network consists of the clients (users such as yourself) and an “access point” (AP) and router. The router is connected to the Internet, and wireless APs create the radio signals used to access public WiFi. The easiest way for an attacker to exploit public WiFi is to position himself between clients and the router.
This is called a “man-in-the-middle” attack (MitM). When you attempt to access a website or service the attacker acts as a relay, while also capturing and saving the information passed along. You would likely never notice anything is amiss.
When the attacker acts as a relay he gains access to all the information passing from you to the websites you visit, including passwords, transactions and messaging. Far too many users are using weak passwords, so even if your password is encrypted it is simply a matter of time before the attacker cracks your password. Learn how to create a strong password to make them harder to crack.
Not all public hotspots are legitimate. Attackers can create an open network with a name similar to that of a nearby hotspot, such as a restaurant or hotel name, and unsuspecting users may connect without a second thought.
Attackers can push malware to devices on these rogue hotspots, or trick users into downloading malware by creating a popup or fake advertisement for a “free upgrade” to a piece of software. Users might think this is a legitimate ad, sponsored by their hotel perhaps, only to find out later it was actually a trojan horse or malware.
If you connect to a rogue hotspot or fall victim to a MitM attack, it’s game over. Security relies on the trust between devices and networks and when you accidentally trust a malicious party you become compromised. There is a relatively simple way to secure yourself on public WiFi: a VPN.
VPNs on Public WiFi
A virtual private network (VPN) acts as a secure tunnel for your device. Instead of relaying all of your traffic to an untrusted router on public WiFi, your device connects to a trusted VPN provider, such as PIA or ExpressVPN (we have articles on both these services if you’d like to know more: PIA review and ExpressVPN review). The public WiFi only sees an encrypted connection between your device and the VPN server you are connected to.
The VPN server is your exit point. If you login to Facebook, for example, the request is encrypted and sent across the network to the VPN server. This renders MitM attacks useless, as malicious users cannot see any of your requests or information being transmitted.
Of course, this relies on having a secure and trusted VPN provider that uses strong encryption and certificate authentication. VPNs are not unbreakable — nothing is when it comes to technology — but they are secure as long as they employ strong, proven encryption algorithms.
There are many VPN providers on the market these days, and it can be hard to sort through all the marketing and terminology. To make it a little easier to find the right VPN that meets your needs, we’ve rounded up a list of the best VPN providers. Our reviews compare prices, features and overall security, and we personally test each service to see how it performs.
Public WiFi is a boon to productivity and a convenience for all of us, but it is not without its risks. It’s easy for attackers to steal your login credentials, personal information and other data, and there is an ever-growing arsenal of tools and new exploits and techniques cropping up every day. As technology grows, so do the security flaws.
Thankfully, it’s fairly easy to protect yourself. Use a VPN to secure your connections when you’re on public WiFi or traveling abroad. Encrypt your hard drive, emails, and text messages to make yourself a harder target for attackers. Hackers and scammers go after the low-hanging fruit, and typically won’t bother when they know they’re up against a user taking proactive security measures.
Your data will remain safer at rest and in-transit, eliminating most of the threats that come with insecure networks. We hope you’ve enjoyed this article, feel free to comment below if you have any thoughts about public WiFi security.