When it comes to the dangers of public wifi, many people tend to take one of two extreme approaches. Some don’t give it a thought at all. Some refuse to use it at all. Neither approach is completely practical. So what are the dangers of public wifi, and how can you avoid them?
Here are the dangers and the precautions to take against them.
Unsecured wifi risks
A related problem is unsecured wifi in general, but unsecured wifi is generally more common in public places these days. Newer, faster wifi standards like 802.11n and 802.11ac force at least rudimentary security, so completely open, unsecured wifi in homes is slowly dying out.
The biggest problem with unsecured wifi is its complete lack of encryption. So anyone else on the unsecured network can see what everyone on the network is doing. If the web sites you’re visiting are HTTPS sites, and not standard HTTP, they’re safe as long as you’re certain the network isn’t intercepting and redirecting the traffic. Modern web browsers will warn you if the network is interfering with your HTTPS traffic.
Whether the wifi is secure or not, operators of public wifi can use it to track you. They may or may not be able to associate your mobile device with you specifically, but they’re able to track the device’s movements. In a space like a restaurant, that’s no big deal. In a mall or a big-box store, you might not like that.
Even if they don’t actively go out of their way to track you, they can triangulate where you were based on which access point you connect to.
In some regards, this is a two-edged sword. By tracking people, they can get a better idea if their store layout makes things hard to find. That’s good. But if someone concludes that you’re pricing materials to make a pipe bomb, that’s bad. You don’t have any way to review and correct what they’re tracking about you, and metadata without context is a very bad thing.
If you’re sitting on a public network and don’t know who else is there, someone could try to infect your computer with malicious software of one kind or another. As long as your computer is patched and up to date and runs some kind of a personal firewall on public networks (Windows does this by default), the chances of infection are slim, but not zero.
The greatest danger is someone intercepting your traffic and stealing account information. Some people set up unsecured wifi in public places, especially airports, for precisely this reason. This lets them get in between people and their bank accounts, Facebook, and other services that may have value to them and potentially harvest usernames and passwords. From there, all kinds of bad things can happen.
Be especially wary of unofficial, free wifi at airports.
First things first: Not all public networks are created equal. If your computer tells you the network is unsecured, it’s far more dangerous than one that it says is secured. If you have to enter a username and password to even connect to the network–not just on a browser page–it’s better. Of course, you don’t usually have a whole lot of choice.
I still recommend a few precautions no matter what kind of network you’re using.
If you’re traveling on business and using a business-owned computer, VPN in to work when you’re at the airport, in the hotel, or working at a coffee shop on the road. Then your Internet traffic all tunnels through a second encrypted layer back to your workplace and out, safe from inspection by anyone else on the network. Be sure to comply with your workplace policies as far as what sites you visit. But the VPN exists to protect you on the road, so you might as well use it.
I’ll disconnect from the network if I’m not doing anything sensitive, like watching videos or casually reading news sites and blogs.
I don’t recommend paying your bills from the road, but I have to admit there have been times I realized it was the 14th of the month and I was two states away from home. When that happens, use your cellular network rather than public wifi. Cellular networks provide much better isolation from other users. It’s possible for someone to set up rogue cellular networks, but it’s much harder than setting up a rogue wifi connection.
And finally, here’s something that’s not at all intuitive. If you hide your SSID at home, don’t do it. At attacker can see your device beaconing and trick it into connecting to a fake network that looks like your home network.