Let’s face it, we desire to stay connected to the internet at all times. So when we see a sign for free public Wi-Fi, our pulse quickens. While the convenience is great, there are some dangers to joining these public networks that should make us think twice.
When you join a network – any network, from any device – you become a ‘node’ on that network. On a public network, in an airport or hotel for example, hundreds of nodes may be connected. Each device, including yours, may have services, shares or other information available for anyone else on that network to consume. For example, if you share a pictures folder (from your laptop) so someone at home can see it, that folder is viewable by anyone on that public network. So always think about what you’re about to share. If you don’t intend or desire to share anything from your device while on Wi-Fi, you can assure this upon log in. When you join, you’ll be prompted to answer if it is a home, work or public network. Always answer “public,” as that limits what other nodes on the network can see on your device.
So now you are connected to a public network. What do you do to make sure you are secure? Be paranoid. If you are on a public network, assume someone is monitoring and capturing your traffic. Period. Is this really true? Probably not, but eventually, careless use of public Wi-Fi could come back to bite you. So it’s important to make sure that either all of your traffic is encrypted, using a VPN tunnel, or, at least, ensure that you’re always connected to an SSL-encrypted website. Use of encryption defeats the most common tactic used by cyber-crooks, the Man in the Middle (MITM) attack. This attack is run by tricking your device into thinking that another device (the attacker’s) is your gateway to the internet. All of your traffic now passes through the hacker’s device and can be inspected for passwords, credit card numbers, etc. The attacker can also redirect you to a different website or do what is called “SSL stripping” – removing ‘https’ from your URL requests and replacing it with ‘http’. This sends you to an unsecured site, allowing the attacker to view your data in plain text.
Even though using SSL encryption keeps you secure, always think about what you are doing in public. If someone is scanning your traffic while you watch a YouTube video, you probably don’t care. But if you are doing your banking, it’s safer to disconnect from the public network and use your phone’s 4G connection or a personal Wi-Fi hotspot.
There are ways public Wi-Fi providers can ensure their guests’ security. The biggest measure they can take to enable “endpoint isolation,” which means that – when you join a network – you get access to the internet or other set destinations, but not to other devices on the network. Keep in mind, however, that these security measures come with a cost. The majority of the free public internet you use will be provided via cheap consumer-grade devices as a convenience for customers; therefore your information security will remain your responsibility, one you should take seriously.