The estimated reading time for this post is 5 minutes
When you’re out and about connecting to public Wi-Fi may seem like a great idea — easy and free Internet, what could be wrong with that? But by connecting to Wi-Fi you may be falling into a trap set by hackers who can steal your passwords, email, personal information and more.
Last year a security firm called F-Secure conducted an experiment by setting up free public hotspots in London to see how many people would connect to them. Within 30 minutes of setting up a public network, the F-Secure hotspots had 250 people connected to them.
F-Secure was able to access email messages, usernames, passwords in addition to other data from people who connected to the networks. The company deleted all of the information it collected.
As further proof of the dangers of connecting to an unsecured Wi-Fi network, a terms and conditions page was added part way through the experiment that required users to agree to before they were connected to the network. F-Secure figured no one would take the time to actually read the terms and conditions before agreeing to them.
The terms and conditions page required that the user give up their “first-born child or most beloved pet” upon connecting to the public Wi-Fi network. (Hey, at least they didn’t require both!) The good news is that the firm didn’t try to enforce the terms and conditions, collecting neither children nor adorable pets
Just as you wouldn’t trust some computer sitting in a lobby somewhere to check your email, you shouldn’t trust some wi-fi connection that is there to connect your device through. I think that there is a psychology there, which is I trust my iPad, so I will connect to the wi-fi and I am safe.”
— F-Secure
This video shows how F-Secure’s hotspots were set up using a crude device held together with rubber bands, how quickly people connected to the Wi-Fi networks, and what data F-Secure could see:
You can read the full report on the experiment from F-Secure here:
Tainted Love: How Wi-Fi Betrays Us
Man in the Middle Attack
Hackers don’t even need to set up their own Internet source to get you to connect. They can use what’s called a Man in the Middle attack where hackers set up a connection to an existing public Wi-Fi network, using a hotspot that sends out a stronger signal than the existing network. People wanting to connect to Wi-Fi will be lured to the stronger signal so they connect to the hacker’s hotspot that serves as an intermediary to the existing public network.
The hackers who use the Man in the Middle attack then have access to your data while you’re connected to the public Wi-Fi network through the bogus hotspot.
Also see => How to Turn Off the Hotspot Feature on Your Xfinity Router
What You Can Do
Be aware when you’re connecting to a Wi-Fi network whether it is secure. If you don’t recognize the name of the network, realize it could be unsecured. When in doubt, assume that the network isn’t secure. “Public” could mean anyone.
Don’t connect to public Wi-Fi networks. Turn your Wi-Fi off when you’re away from secure connections if you don’t need to be on the Internet. Wait until you can get a secure connection to surf the Web.
Use your phone as a Wi-Fi hotspot. Use the hotspot feature on your cell phone to connect your computer or tablet to the Internet. See, Need Internet? How to Turn Your Phone into a Wi-Fi Hotspot.
Use cellular data networks when possible. You may be trying to conserve your use of cellular data but that may end up costing you more in the long run if you’re hacked when you use a public Wi-Fi network.
Use a VPN (Virtual Private Network) if you must use public Wi-Fi. Hackers will only see that you’re using a VPN and your data transmitted over the VPN will be encrypted. See, PC World, How (and why) to set up a VPN today and Ars Technica, Even with a VPN, open Wi-Fi exposes users
Don’t log into sites using your user name and password while on public Wi-Fi networks. Wait until you have a secure connection to do online banking, log into email and use social media accounts.
Look for encrypted and secure websites. Check for “https” in the web address to make sure the hacker’s hotspot hasn’t re-routed you to a malware site.
Even if a Wi-Fi network requires a password, it may not be secure. The Wi-Fi network could be set up by a hacker. Others who have logged onto the network may have access to your data.
Don’t automatically connect to known networks. Hackers can trick your device into thinking that their hotspot is a known network. From F-Secure:
I once heard it described like this: You‘re in a black room, very dark. You‘re trying to work out who else is in that room and you can‘t see anybody there. What you‘re doing is effectively saying ‘I am Mark. I know Bill, I know Charles, I know Dave and I know Jane. Bill, Charles, Dave, Jane – are you there? It is hoping that somebody in that dark room will suddenly say ‘I am Dave. I am here. I will connect with you Mark.’ That‘s what‘s going on. If the information is being put out there, it‘s not just one person‘s name. It is for example the fact that you have connected to Starbucks, you might have gone to a hotel, you might have connected to a company website and you might have connected to a lawyer‘s website. Somebody can aggregate all that information which is freely being broadcast by your device and build up a very accurate profile – not only of your working practices, but also potentially of who you are and that is quite troubling.”
Also see, Lifehacker, How to Stay Safe on Public Wi-Fi Networks
Your Thoughts
Were you aware of the dangers of public Wi-Fi networks? Do you try to avoid connecting to public Wi-Fi networks when possible? Are you mindful of keeping your information private when connecting to public Wi-Fi networks? Share your thoughts in the Comments section below!
In Case You Missed It
In the unlikely event you missed my appearance on the Going Home with Tony radio show on Thursday, you can catch it on his podcast, available in iTunes: Celebrating The Wonder of Tech.
* Free Wi-Fi Zone image (edited) courtesy of Podere Casanova via Flickr and Creative Commons
Carolyn, This is an extremely important subject. Personally, I only go to financial (bank, broker) sites from my home laptop. It never travels. On the road I use an iPadmini to access news and emails and Facebook. Knock on wood I don’t think I’ve been hacked during the past 10 years (before that I don’t remember any, but those are starting to be days dinosaurs roamed the web). On my iPad I have an app called “Lookout” which seems to be helpful although I don’t know much about it. Recently I have gone to “Dashlane” on my laptop and am very happy with it. I still don’t know how well it is working on the iPad though I paid for a subscription covering the iPad. I guess I need to investigate that some more. Thanks for any comments you may have on this important subject. Lee
Hi Lee, Thank you, I completely agree, this is something everyone should know. I was talking to a Wonder of Tech reader who told me that he logs into his bank account to pay bills over public Wi-Fi every week. I advised him that wasn’t a good idea and then realized that I hadn’t covered this topic yet at The Wonder of Tech.
The experiment that F-Secure conducted last year is a chilling illustration of how very easy it is for hackers to set up public Wi-Fi hotspots to lure people into their trap. But many people are completely unaware of these dangers.
Knowing about these traps is the first step towards avoiding them. If we wait until we are using a secure Internet connection we can discourage hackers from using this trick. Imagine if a hacker set up a public Wi-Fi network and no one connected. That would be a beautiful thing.
Hi Carolyn,
This could be useful information for me. I don’t connect when I’m out very often. Sometimes I try on the long wait at the hospital! I did try to connect my tablet to wifi, when I needed to talk to a student in China while I was in the bank! Fortunately, the bank checked her account for me without her permission. Technically they shouldn’t do that, but I had all the details including the fact the account was empty. A lot of cash had got lost in the system, it eventually turned up after 6 weeks! You never know when banks make mistakes if it’s them or your mistakes or a hacker though!
I have all my photos archived now on my old hard drive that I removed and replaced with the SSD. My computer is still really fast! I also have an on-line library because I have 100Gb of web space for my website. I’ll have a busy weekend soon with the carnival on the Saturday and a ‘drive’ involving horses and carts that will come from around the country. I’ve also been researching Anglo Saxon Britain because I’m now admin of the Facebook page for the local history group. I’m keeping busy!
Hi Mike, Yes, when you want to connect to public Wi-Fi, make sure you’re not logging into any accounts. You can do things like surf the Web, read the news, check out The Wonder of Tech, etc. But avoid logging into your accounts over public Wi-Fi. You don’t want your user names and password to get into the hands of hackers!
Congratulations on covering so many local events. Your area seems like a very festive and fun place from your wonderful photos!
Hello Carolyn,
That’s quite true. If we don’t secure our Wifi connections properly there is always a chance that someone would hack it and use your connection for malicious purposes which ultimately can cause danger to you. Thanks a lot for this beautiful share to make us aware about the security of WIFI connection.
Regards,
Ovais Mirza
Hi Ovais, Yes, many people aren’t aware of the dangers of public Wi-Fi while others may need a reminder about who may be watching. We wouldn’t hand our user names and passwords over to criminals on purpose, but that may be exactly what we’re doing when we connect to public Wi-Fi networks.
This has exactly been happening to me, I use a personal computer to access free internet especially when doing my homework since I have to get on Google and find answers. So recently I noticed some fish activities on my Facebook account where a person had accessed it and started messaging my friends that I am in trouble and I need their help in the form of money. This is quite happening and thanks for sharing!
Hi Stanley, I’m so sorry that happened to you but that’s a perfect example of what can happen when you connect over public Wi-Fi networks. I had a similar experience a few years ago. I logged into my Facebook account over a public Wi-Fi network in Delaware and within a few minutes I got a message from Facebook that someone was trying to log into my Facebook account in Brooklyn.
If you realize that you’ve been hacked, be sure to change your password once you’re on a secure network.
You are absolutely correct Carolyn, Free Wifi networks are very dangerous even a novice attacker can perform a MITM attack easily over them and get confidential data that is being transfered.
Hi Rajnish, You’re right, a Man in the Middle attack is very easy for the hackers to do. The video above shows how crude the device can be and still work well to trick people into connecting. Knowing the dangers is important so we can avoid these traps!
Yes, Carolyn that video was great while I do not agree with it completely, it shows that hacker will have that kind of creepy device. I have done the same things with just my laptop at my college to show their security leaks. After that I personally set VPNs in my batchmates mobiles and laptops, to encrypt their data.
Hi Rajnish, That’s great you set up VPN’s to avoid this issue. Yes, the device that F-Secure set up in the video was so very basic, literally held together with rubber bands, that most people wouldn’t suspect the device was actually a powerful cyber-weapon.
Great Idea, cellular data but that may end up costing you more in the long run if you’re hacked when you use a public Wi-Fi network.
Hello Manajemen, Welcome to The Wonder of Tech! You’re right, sometimes we are so mindful of our cellular data usage that we connect to public Wi-Fi to save money. But if that means we’re hacked then the Wi-Fi is much more expensive than cellular data!
Thanks for sharing this awesome post, it’s true if you use public wifi it’s may be harmful for you. thanks next time I will remind in my mind if I use public wifi.. good article ..
Regards
Mohd Arif
Hi Mohd, Thank you. Yes, even if we know not to connect to public Wi-Fi, we sometimes need a reminder. If you keep your Wi-Fi turned on when you’re out and about, your phone might connect to public Wi-Fi without you even realizing it. Checking your connection is never a bad idea!
Use a VPN (Virtual Private Network). and protect your device