April 2016 (updated May 2020) by Richard Lee
Its Easy, Convenient and Widespread but is it Safe?
Public Wi-Fi is being offered at many facilities including airports, coffee shops, hotels and shopping centres even the library. Whether you're using a laptop, a tablet or a smart phone to browse the web on Public Wi-Fi your information can be at risk. Cybercriminals often target these wireless networks. They don't even have to be within the premises offering the free internet service. They only need to be within reasonable range of the wireless router itself. These criminals can use something called a Sniffer (software that can intercept and gather all visible traffic on a wireless channel) to perform a Man in the Middle Attack. When a device connects with a wireless hot spot a process called a four way handshake is negotiated with the connecting device. WPA2 is the currently recommended security standard. It uses a pre-shared key (PSK) in the form of text letters to authenticate users and encrypt data. A determined attacker is able to sniff the four way handshake and capture the PSK. That person can decrypt all the traffic designated to your device. A recent survey from Norton found that around 60% of Australians feel safe online, and a massive 83% of respondents claimed to have used public Wi-Fi to log into their email accounts, shared photos and videos even checked their bank balances. Be cautious also about what SSID you connect to. Some SSIDs are created to mimic the intended venue offering the service. In fact they could be a bogus one that was set up by a cyber criminal for the primary purpose of stealing your personal information. It may not be obvious either as the look and feel could appear to be genuine. What would a cyber criminal do with your information? Well they could pretend to be you and this would be called Identity Theft. They could on sell your personal info including user names and passwords to other criminals. They could use your banking information to transfer money out to an external account or pay for goods and services while pretending to be you.
This can obviously have a detrimental impact to your Name, Credit rating and Bank Balance so you should be concerned. What can be done to use Public Wi-Fi safely? - limit your internet access to non sensitive browsing (ie news and other sites that do not require you to enter username and password) - use a VPN which is a virtual tunnel that can encrypt all data from your device going to the hot spot - ensure you have installed anti malware software ideally with up to date real time protection - verify that the Hotspot you are connecting to is in fact provided by the establishment you're intending to connect with - never use the Public Wi-Fi to download and install software to your device (that process could potentially download malware instead of legitimate software) - turn off File and Printer Sharing in Network and Sharing Centre If you must use public Wi-Fi to access sensitve websites: - browse using HTTPS instead of HTTP protocol as the later does not use encryption - use strong complex passwords and ensure that you don't use the same password to access multiple sites
- limit your time online Better still don't use Public Wi-Fi at all! For the ultimate wireless security, you can use your mobile phone network instead or better still: bring your own portable internet 3G/4G device with you and use that instead of Public Wi-Fi. Or use your mobile as the hotspot to access internet instead of using the Public Wi-Fi. Some laptops have a built in slot to accept a SIM card which can be used to connect to the internet. This may be an even better solution than having to carry a separate portable Wi-Fi modem with you.