Public Wi-Fi, what are the dangers and how to protect ourselves
The use of public Wi-Fi has now become the norm, we can connect to the internet anywhere but be careful, public networks can provide us with internet but also the possibility for cybercriminals to access our data.
Public WI-FI is everywhere , in hotels, in restaurants, in the subway, in squares, most of the time you don’t even need a password to connect but it can represent a threat not only for individual users but also for companies. With the advent of smart working, people can now work practically anywhere : in a bar, in a hotel in another city or even while waiting for a plane at the airport.
According to Forbes Advisor, most people (56%) connect to public Wi-Fi networks that don’t require passwords . This convenience comes at a price and many are unaware that criminals can steal credit card details, passwords and other sensitive information as well as the fact that they may have created a fictitious free network to steal data.
There are various ways of attack by cybercriminals, who have an easy time with public Wi Fi
- Man-in-the-Middle (MITM) attacks : This is one of the most common threats to public Wi-Fi. In a MITM attack, the hacker gets “in the middle” between the Wi Fi and the user and alters the communication between the two parties. The user believes they are communicating directly with a website, email server, or another user, but the cybercriminal transmits the information, and simultaneously acquires sensitive data in the process.
- Eavesdropping : Public Wi-Fi networks, especially those without encryption, allow hackers to “listen” to data transmitted over the network. There are tools like packet analyzers that can capture unencrypted traffic, allowing hackers to easily extract sensitive information.
- Rogue hotspots : A hacker can set up a fake Wi-Fi network , often with a name similar to a legitimate network (e.g., “CoffeeShopFreeWiFi” instead of “CoffeeShop_WiFi”), unsuspecting users connect to this hotspot, and the hacker can monitor all traffic, capturing all sensitive data transmitted.
- Honeypot networks : Similar to scam hotspots, these are malicious networks set up to lure users. Once connected, the hacker can distribute malware or attempt to exploit vulnerabilities in the user’s device.
- Spoofing : In a spoofing attack, the hacker spoofs his identity i.e. impersonates another device on the network, redirecting traffic through his device. This allows them to acquire and manipulate data.
- Session hijacking : (Session Hijacking) in this case the attacker hijacks a session between the client and the server (for example, a session accessing a website). This may allow them to gain unauthorized access to accounts or services.
- Malware Distribution : Public Wi-Fi can be used as a means to distribute malware. For example, malware can be inserted into software updates or downloads . Once the malware has infected the user’s device, it can steal information, monitor the user’s activity, or place the device in a botnet.
- Login page phishing : Some public Wi-Fi networks redirect users to a login or terms acceptance page before granting access. Hackers are able to replicate these pages to acquire login credentials or other personal information.
To protect yourself from these threats when using public Wi-Fi you need to take preventive measures :
For hotspot owners: first you need to take advantage of the web filter for Wi-Fi hotspots. Not only will you be able to protect customers from malware and harmful resources, but you will also be able to increase customer loyalty by informing them that the venue offers a safe Internet area. Using a DNS filtering service will also allow you to collect valuable anonymous statistics about your users’ preferences, which can be leveraged in marketing campaigns.
Some recommendations for public Wi Fi users
- Implement DNS filtering services, such as SafeDNS .
- Avoid accessing sensitive sites or services, such as banking platforms.
- Turn off sharing settings on your device.
- Always turn off the network after disconnection to avoid automatic reconnections.
- Use HTTPS websites and ensure SSL/TLS is in use when transmitting sensitive data.
- Turn off your phone’s Wi Fi when it is not in use
- If possible, use a virtual private network or VPN
- Have a reliable antivirus
In summary, while public Wi-Fi offers convenience, it is crucial to be aware of its vulnerabilities and take the necessary precautions to ensure data security.