Public Wi-Fi security: Why public Wi-Fi is vulnerable to attack
Free public Wi-Fi is available in a lot of places — airports, restaurants, coffee shops, libraries, public transit, hotel rooms, you name it.
And jumping on a free Internet connection can be a convenient way to access online accounts, catch up on work, and check emails while on the go. But don’t forget the privacy and security risks.
The best way to help protect your personal information is to avoid accessing sensitive information or performing sensitive transactions when connected to public Wi-Fi. And there are other safety measures that can help.
According to NortonLifeLock’s 2018 Cyber Safety Insights Report which looked at the cyber safety practices of 16 countries, more than 1 billion adults have been victims of cybercrime, including 800 million in 2018 alone.
That’s why it’s important to take measures to help protect your personal information and your devices. Taking the right steps before connecting to public Wi-Fi is important.
Why is your online privacy vulnerable to cyberattack on public Wi-Fi?
The average free public Wi-Fi connection isn’t secure. Just because you may need a password to log in, it doesn’t mean your online activities are encrypted.
Public Wi-Fi can leave you vulnerable for different reasons. One reason has to do with the encryption protocol used by some wireless networks. Another has to do with the possibility of joining a fake or rogue Wi-Fi hotspot.
Some wireless networks may use older standards for encryption which can raise your security risks. Wireless encryption protocol (WEP), one of the first encryption conventions for wireless networking devices, is considered weak and easily susceptible to being hacked.
Wi-Fi protected access (WPA) was intended to replace WEP as the standard for wireless networking devices, but it too was found to have weaknesses.
Users are especially at risk when connected to a wireless network that uses those outdated encryption protocols.
Another issue? When attempting to use free public Wi-Fi, you may be at risk of joining a rogue Wi-Fi hotspot. In such cases, an attacker creates a fake hotspot with the intent to perform man-in-the-middle (MITM) attacks on unsuspecting victims that join their rogue network.
If successful, this type of attack allows cyberthieves to intercept the communication between you and the servers of the websites you visit, allowing them to read, insert, and modify messages and data.
With pre-built kits that can perform MITM attacks, even minimally skilled hackers can eavesdrop and monitor your online traffic to capture valuable information, such as login credentials, credit card numbers, and Social Security numbers.
Signs you may be logged on to a rogue Wi-Fi
Devices look for known Wi-Fi networks, and hackers can use this to their advantage.
An attacker’s rogue Wi-Fi hotspot can pretend to act as your home network or as a public network that you might come across at a coffee shop or airport, for example. Instead of connecting to a real public Wi-Fi hotspot, your device connects to the attacker’s fake hotspot. This means the attacker’s network is between your device and the actual Wi-Fi network, so they’re able to see your online traffic.
Here’s another tactic. A hacker creates a public Wi-Fi network called “Free Wi-Fi” and waits for victims to join. A lot of people likely will try to connect, especially if free Internet service is being offered.
And here’s one more tactic. You might be away from home — at a coffee shop, for instance — and suddenly your computer shows that you're connected to your home network. Chances are, someone could have intercepted your computer’s broadcast request.
In some cases, you might try to connect to a website, such as your bank or a favorite social media website, that you know should be encrypted — the web address begins with “https.” But the page is rendering in “http.” That means someone may be performing a man-in-the-middle attack and serving you the unprotected http version of the site in hopes of capturing your login credentials.
12 public Wi-Fi security tips: How to stay protected on public Wi-Fi
Here are 12 public Wi-Fi safety measures to help keep your information protected.
1. Be careful what you access
Never use public Wi-Fi networks to access sensitive information. If you need to get online to browse for directions or do something else that’s less sensitive, you probably can do it. But if you’re trying to pay your bills or buy something, it can wait.
If it’s a dire situation — or if you regularly use public Wi-Fi — consider a virtual private network, commonly known as a VPN. You can find a variety of VPN services online, but if you want an effective service you’ll likely have to pay for it. Be sure to choose one from a reputable security provider.
2. Use your employer’s VPN access
If you need to use public Wi-Fi to do work and if your employer offers VPN access, use it. Once connected to the VPN, it creates a private network, or tunnel, through which you send information back and forth, adding an extra layer of security to your connection.
3. Stick with “https”
3.Only browse websites that start with “https” and avoid websites that start with “http” while on public Wi-Fi. Website addresses that start with https are encrypted, adding an extra layer of security and making your browsing more secure. If you connect to an unsecured Wi-Fi network and use regular http instead of https, your traffic could be visible to anyone else on the network.
4. Consider an extension
Consider installing an extension like HTTPS Everywhere* which will force all websites you visit to connect using https. This is a Firefox, Chrome, and Opera extension produced by a collaboration between the Electronic Frontier Foundation and The Tor Project.*
5. Adjust your settings
Configure the wireless settings on your devices to not automatically connect to available Wi-Fi hotspots. This ensures that you do not unknowingly connect to public networks.
You can do this by turning off the “Connect Automatically” feature on your devices so they don’t auto-connect and search for known Wi-Fi networks.
Doing this can prevent your computer or device from broadcasting that it’s trying to connect to “Home Wi-Fi” network and allow an attacker to create a bogus network with that name.
6. Consider using a privacy screen
If you must access sensitive information in public areas, consider putting a privacy screen on your devices. A privacy screen will blacken your display for everyone but you. Fraudsters seeking to copy or photograph sensitive information on your screen will be unable to.
7. Turn off file sharing
Make sure you turn off file sharing before accessing public Wi-Fi. If you keep file sharing on, it’s possible your folders may be accessible to anyone connected to the same public network.
8. Protect your passwords
When you’re using public Wi-Fi, cybersnoops could gain access to your passwords. One way to enhance your protection is by enabling two-factor authentication, or 2FA, on any services that offer it. When enabled, this added protection ensures that even if someone gains access to your password while you’re using public Wi-Fi, they still won’t be able to access your accounts. Usually, you’ll receive a second log-in step — a call or a code on your smartphone, for instance — that you’ll use to log in to your account.
9. Consider a password manager
A password manager can provide an additional layer of protection. Password managers are software applications that create complex, unique passwords for each of your online accounts and store your usernames and passwords, unlocking them with one strong master password.
This is especially helpful in terms of public Wi-Fi security. That’s because many password managers provide strong, high-level encryption, so cybercriminals won't be able to figure out your login credentials or passwords.
10. Keep your software updated
Always update your software as soon as patches and system updates are released. Security issues often happen when software patches aren't enabled and your devices lack the latest protections.
11. Remember to log out
When you’re done browsing, be sure to log out of any services you were using. Also check your settings to make sure your device will ‘forget the network’ and not automatically reconnect to that network again if you’re within range without your permission.
Keep your online activity more secure and private in one click
Norton Secure VPN helps prevent companies from tracking your online activities or location by encrypting your information on our no-log VPN.
Browse the web anonymously from Internet service providers and cybercriminals
* The inclusion of products, websites, or links does not imply endorsement or support of any company, material, product and/or provider listed herein.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.
No one can prevent all identity theft or cybercrime. Not all products, services and features are available on all devices or operating systems. System requirement information on norton.com.
*Important Subscription, Pricing and Offer Details:
- The price quoted today may include an introductory offer. After that, your membership will automatically renew and be billed at the applicable monthly or annual renewal price found here.
- You can cancel your subscription at my.norton.com or by contacting Member Services & Support. For more details, please visit the Refund Policy.
- Your subscription may include product, service and /or protection updates and features may be added, modified or removed subject to the acceptance of the Customer Agreement.
The number of supported devices allowed under your plan are primarily for personal or household use only. Not for commercial use. If you have issues adding a device, please contact Member Services & Support.
§ Dark Web Monitoring in Norton 360 plans defaults to monitor your email address only. Please login to the portal to review if you can add additional information for monitoring purposes.