Public Wi-Fi: An ultimate guide on the risks + how to stay safe
September 15, 2022 4 min read
Public Wi-Fi is used every day. But is it safe? To learn more about public Wi-Fi, its risks, and how you can safely use it, read this comprehensive guide.
Whether you work remotely, travel frequently, or just love staying connected wherever you go, chances are you've used a public Wi-Fi hotspot.
They are nearly everywhere — airports, restaurants, coffee shops, libraries, public transit, hotel rooms, you name it.
Using these free Wi-Fi hotspots is super convenient, allowing you to access online accounts, catch up on work, and check emails while on the go. But these networks aren't perfect and could leave you vulnerable to cyberattacks.
To learn more about public Wi-Fi, its risks, and how you can safely use it, read through this comprehensive guide.
What are public Wi-Fi security risks?
The problem with public Wi-Fi is that there are a tremendous number of risks that go along with these networks. While business owners may believe they’re providing a valuable service to their customers, chances are the security on public Wi-Fi is lax or nonexistent. Follow along to learn more about public Wi-Fi security risks.
One of the most common threats on these networks is called a man-in-the-middle (MITM) attack. Essentially, a MITM attack is a form of eavesdropping. When a computer makes a connection to the internet, data is sent from point A (device) to point B (service/website), and vulnerabilities can allow an attacker to get in between these transmissions and “read” them. So what you thought was private no longer is. Scammers may also carry out a MITM attack using phishing emails. In these emails, they'll impersonate a trusted source to trick you into sharing your private information.
When using an encrypted network, the information sent between your device and the Wi-Fi router is in a "secret code." Because of this, nobody can see the information without a key. Most Wi-Fi routers have encryption turned off by default and must be turned on when setting up the network. If you connect to an unencrypted network, it is much easier for a scammer to get ahold of your web traffic and use it for nefarious activities like MITM attacks. While the public Wi-Fi network you want to use may be encrypted, there is no sure way to tell if this has happened.
Thanks to software vulnerabilities, there are also ways that attackers can slip malware onto your computer without you even knowing. A software vulnerability is a security hole or weakness found in an operating system or software program. Hackers can exploit this weakness by writing code to target a specific vulnerability, and then inject the malware onto your device.
Wi-Fi snooping and sniffing
Wi-Fi snooping and sniffing is exactly what it sounds like. Cybercriminals can buy special software kits and even devices to help assist them with eavesdropping on Wi-Fi signals. This technique can allow the attackers to access everything that you are doing online — from viewing whole webpages you’ve visited (including any information you may have filled out while visiting that webpage) to being able to capture your login credentials, and even hijack your online session.
Malicious hotspots, also known as rogue access points, trick victims into connecting to what they think is a legitimate network because the name sounds reputable. Say you’re staying at the Goodnyght Inn and want to connect to the hotel’s Wi-Fi. You may think you’re selecting the correct one when you click on “GoodNyte Inn,” but you haven’t. (Note the capital N.) Instead, you’ve just connected to a rogue hotspot set up by cybercriminals who can now view your personal information.
How to stay safe on public Wi-Fi: 11 cybersecurity tips
Now that you know the possible public Wi-Fi security risks, you might be wondering how you can use a public network safely. While there is always some degree of risk, there are ways to protect yourself from the dangers of public Wi-Fi. Follow along to learn how you can stay safe when using a public wireless connection.
1. Avoid accessing sensitive information
When using a public Wi-Fi network, it’s best to avoid accessing sensitive information. If you need to get online to browse for directions or do something else that’s less sensitive, you can probably do it. But if you’re trying to pay your bills or buy something, it may be best to wait.
2. Use a VPN
A great way to minimize public Wi-Fi security risks is to use a virtual private network (VPN). By using a VPN on public Wi-Fi, you’re accessing a private network, or VPN tunnel, through which you send and receive information, adding an extra layer of security to your connection. While some VPNs are free, you’ll likely have to pay to get the best security features. Be sure to buy your VPN from a trusted provider to ensure your data is safe.
3. Stick to “HTTPS” websites
Only browse websites that include an SSL certificate while on public Wi-Fi. A website has an SSL certificate when the URL begins with “HTTPS.” Website addresses that start with “HTTPS” are encrypted, adding an extra layer of security and making your browsing more secure. If you connect to unsecured Wi-Fi networks and use “HTTP” instead of “HTTPS” addresses, your traffic could be visible to anyone else on the network.
4. Use browser extensions
Consider installing an extension like HTTPS Everywhere* which will force all websites you visit to connect using “HTTPS.” This is a Firefox, Chrome, and Opera extension produced by a collaboration between the Electronic Frontier Foundation and The Tor Project. By using this extension, you can reduce the risk of ending up on an unsafe website.
5. Adjust your connection settings
Configure the wireless settings on your devices to not automatically connect to available public hotspots. You can do this by turning off the “Connect Automatically” feature on your devices so they don’t auto-connect and search for known Wi-Fi networks.
Doing this can prevent your computer or device from broadcasting that it’s trying to connect to your “home Wi-Fi” network and allow an attacker to create a bogus network with the same name.
6. Use a privacy screen
If you must access sensitive information in public areas, consider putting a privacy screen on your devices. A privacy screen will blacken your display for everyone but you, keeping fraudsters from being able to copy or photograph any of your sensitive information.
7. Turn off file sharing
Make sure you turn off file sharing before accessing public Wi-Fi. If you keep file sharing on, your folders may be accessible to anyone connected to the same public network, allowing a hacker to get their hands on your private information without your permission.
8. Use two-factor authentication
When you’re using public Wi-Fi, cyber snoops could gain access to your passwords. One way to enhance your protection is by enabling two-factor authentication (2FA) on any services that offer it. When enabled, this ensures that even if someone gains access to your password while you’re using public Wi-Fi, they still won’t be able to access your accounts. Usually, you’ll receive a second login step — a call or a code on your smartphone, for instance — that you’ll use to log in to your account.
9. Keep your operating system up to date
It’s crucial to always update your operating system (OS). OS updates often include important security patches that can further protect your device from Wi-Fi threats. By always installing the latest updates, you can browse the web knowing you're protected by the most up-to-date security features.
10. Remember to log out
When you’re done browsing, be sure to log out of any services you were using. Also, check your settings to make sure your device will “forget the network” and not automatically reconnect to that network again if you’re within range without your permission. This can help minimize the time your device is connected to a public network.
11. Use antivirus software
Using antivirus software is another great way to stay safe while using public Wi-Fi. With antivirus software installed, you can use public Wi-Fi networks knowing you are protected against cybersecurity threats such as computer viruses and spyware.
Now that you know how to safely use public Wi-Fi, let’s take a look at some of the signs of an unsafe network.
Signs you may be connected to an unsafe Wi-Fi network
While many hackers love public Wi-Fi networks, some may go the extra mile and create a hotspot solely for malicious purposes. To help you avoid these types of networks, take a look at some of the common signs of a rogue Wi-Fi network.
The network name matches a trusted network: In some cases, a hacker may set up a fraudulent Wi-Fi network to impersonate an existing network. An example of this is seeing duplicate network names or being connected to your “home network” even if you’re away from home.
“HTTPS” sites render as “HTTP”: If you’re trying to connect to a secure website and notice that the page is loading as an “HTTP” site instead, you may be connected to a rogue Wi-Fi hotspot. This could mean that someone is trying to steal your information using a MITM attack.
The name is generic: Certain rogue networks may show up in a highly populated area with vague names such as “Free Wi-Fi,” hoping to lure in users. In most cases, legitimate public Wi-Fi networks such as ones at coffee shops will have a more specific name that is displayed in their place of business.
Now that you know the nitty-gritty of public Wi-Fi safety, its risks, and how you can use it safely, you’re well on your way to maximizing your internet safety no matter where you go. To ensure your personal cybersecurity doesn’t stop there, you may also want to assess the security of your own Wi-Fi network to help keep your home Wi-Fi safe.
FAQs about public Wi-Fi
Still wondering about the risks of public Wi-Fi? Take a look at the answers to some common questions about staying safe on public Wi-Fi.
Is it unsafe to use public Wi-Fi?
While it’s not a guarantee that you will run into security threats when using public Wi-Fi, it can be risky. Because of this, it’s crucial to be aware of public Wi-Fi security risks and take the proper precautions to stay secure online.
Can public Wi-Fi see your history?
Yes, it's possible. Most Wi-Fi routers keep a log of the websites visited using their connection. Because of this, the owner of the router can look through the internet activity of the connected users, therefore exposing your history.
What should you not do on public Wi-Fi?
If you do have to use public Wi-Fi, it’s best to avoid any internet activity that includes sensitive information such as:
By avoiding these activities altogether, you decrease the risk of your private information ending up in the wrong hands.
Is public Wi-Fi as safe as private?
No, a public Wi-Fi network is not as safe as a private network. Unlike your own private network, you won’t know how the public Wi-Fi network was set up, who runs it, or who else is using it, making it much riskier to use.
Can public Wi-Fi give you a virus?
Yes, a public Wi-Fi network can expose your computer to a virus. Due to its lack of security, a public Wi-Fi connection may be compromised by a hacker, allowing them to inject your device with viruses and malware.
*The inclusion of products, websites, or links does not imply endorsement or support of any company, material, product and/or provider listed herein.
Cyber threats have evolved, and so have we.
Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.