Nowadays, free Wi-Fi is an important feature when you look for accommodations or places to have lunch/coffee. After all, you have to keep up with the latest Facebook news and check your emails.
However, as people say, there is no such thing as a free lunch. While public Wi-Fi is convenient, it also poses a high-security risk for your personal information and identity. More worrisome is the fact that a lot of people remain oblivious of the danger.
So, today I’m going to explain to you what the risks are of using free Wi-Fi. Keep on reading.
Is Public Wi-Fi Really Dangerous?
Let’s say that you go to your favorite coffee shop, and you notice a sign saying “Free Wi-Fi.” You decided to connect to that Wi-Fi and do some work. What you don’t realize is that your device is in danger the moment you connect without even opening your browser.
But how is that possible? Every day millions of people use public Wi-Fi without a second thought, right?
For once, hackers can set up fake Wi-Fi access points. They target a place where people frequently use free Wi-Fi and set up a phony Wi-Fi using the same name as the original and blocking the real signal.
It’s almost impossible to tell that you’ve connected to a fake Wi-Fi. So, you’d be none the wiser while the hackers inspect your online activity and harvest your data.
In addition to this, once you connect to public Wi-Fi, you become part of that Wi-Fi network.
As such, your phone/laptop is connected to all the other devices that are currently part of the network, and it can see and talk to them. It also means that all the other devices can see your activity.
Let’s say that your software is not up-to-date and that your firewall is not set to block incoming connections. Then you might get hacked by somebody sitting in the booth next to you.
It’s so easy because they are numerous hacks and tricks online that teach even inexperienced hackers how to perform such attacks.
For example, Wi-Fi Pineapple is a simple device that hackers can use to perform man-in-the-middle attacks and gather essential information and scan for vulnerabilities.
Metasploit can scan the whole network and return a list of vulnerable points which the hackers can attack to get access to your system. Scary, right?
What can Hackers Steal Through Free Wi-Fi?
Since your traffic is not encrypted when you use public Wi-Fi, hackers can get their hands on a lot of information with ease. That includes unencrypted emails, messages, or frequently visited websites.
In addition to this, they can steal sensitive logging information because some sites don’t use encryption protocols and are vulnerable to attacks.
Logging into such a site means that everything you enter, for example, username and password will be visible for the hacker.
Does the Green Lock Indicate a Safe Site?
If you use Firefox, you might notice the green padlock when you load certain pages.
This padlock shows that the connection between you and the page’s server is encrypted with the TLS or SSL protocol. That’s why the address starts with HTTPS, not HTTP. As a result, even when you’re connected to a network, no one can see your password or username.
So far, so good.
However, malicious sites might get a green lock with no problems and still steal your information. Let’s say that you’re visiting your bank account through a public Wi-Fi. The hacker might redirect you to a fake webpage that looks identical to the original.
You see the green lock next to the URL and check the URL to make sure it’s the right one. So, you’re confident that the page is legitimate, but it’s not.
While two webpages can’t have the same URL, hackers have some tricks that can fool even the most vigilant ones.
One of them is to replace regular letters with Cyrillic or Greek ones. The URL looks identical to the real one, and you enter your username and password without a second thought. That’s called IDN homograph attack.
Fortunately, browsers can warn you when the web address has a mixture of characters. If you see such a warning, do not enter any information but close your Internet session immediately.
In addition to homograph attacks, hackers use misspelling to trick users. For example, they can replace l with a capital “i,” and you’ll never know it until your money disappears.
So, you shouldn’t rely on the green lock to tell you which sites are safe and which are not. It’s just an indication that your connection to the webpage’s servers is encrypted, but it’s not a guarantee that you’re opening the right page.
Can Hackers Mess up with the HTTPS protocol?
Sometimes hackers try to get a user’s personal information by downgrading his HTTPS protocol to the unprotected HTTP one. That’s called SSL stripping. If it’s successful everything you send/receive won’t be encrypted by the HTTPS protocol and will be vulnerable.
Fortunately, most browsers will warn you when you’re about to log into a website that has an unsecured connection.
In addition to this, you can use a browser extension called HTTPS Everywhere, which will make sure that the HTTPS is employed when you load pages.
As for website owners, they can use HTST, which stands for HTTP Strict Transport Security. It doesn’t allow the webpage to be loaded through an unsecured connection. However, it can only be implemented from the owner’s side.
Is a Password-Protect Public Wi-Fi Safe?
By now you’re probably wondering if a public Wi-Fi is safer than others if it’s password protected. Unfortunately, the password works as long as no outsiders know it.
So, since owners keep the password somewhere customers can see it, everybody can connect o this network, including hackers. Having a password-protected public Wi-Fi is the same as locking the door and leaving the key inside the lock.
As a whole, it’s not a good protection measure. It will prevent people from joining the network only if they have never been inside the venue before and used the Wi-Fi.
How can You Protect Your Devices when Using Public Wi-Fi?
If you have to use public Wi-Fi and you don’t have other options, here are some tips on how to stay safe:
Alternatively, you can use mobile hot spots instead as long as you have enough mobile data available. The connection between the hotspot and your device is encrypted, so it’s safer than free Wi-Fi.
Don’t feel bad if you’ve been using free Wi-Fi without thinking about the consequences. Despite the dangers, more than 60% of the users consider themselves safe when using public Wi-Fi, even though most of them don’t use VPNs.
Just be careful what information you’re providing and make sure that your system is up-to-date. Don’t make it too easy for the hackers.
What do you think about the dangers of public Wi-Fi? Do you agree or not? Share your opinion in the comment section.