Free public WiFi is everywhere, and it’s an incredible luxury. Just the ability to go to a public space, pull out your phone, laptop or tablet, and be able to connect - for free - to the online world around you. Since 1997 wireless routers have made the internet more accessible by doing away with the need to plug every device into a port.
From then, it’s spread was endemic. Cafes, airports, libraries - all were in a position to benefit from offering free WiFi to keep customers happy.
But like with all parts of information technology, security can be an issue. And with free WiFi, the problem is we rarely stop to consider what we’re doing.
Say you’re out at a cafe. You get a video call coming in, but you don’t want to use your data. Switching on WiFi, you see the cafe has a broadband connection. You connect, accept the call, and that’s the end of it.
But what you don’t see in this interaction could mean trouble later on.
The trouble with public WiFi
By itself, public WiFi isn’t bad. It’s the issues that surround its use that causes problems. You have piggybacking connections, corrupted hardware, snooper software and more. In this article, we’ll cover them all.
But perhaps the biggest issue is encryption - what it is, how it works, and what kind of encryption you need to perform certain tasks.
What is encryption?
Encryption is a valuable tool when it comes to keeping your private online information secure.
But in essence, encryption is the process of mixing the information you send over the internet using a codeword or passkey so it’s not readable to anyone else. Kind of like using a cipher to write a note in code, then passing your note to a friend who also has the cipher. If anyone else gets the note, the writing will be meaningless to them.
When we are talking about public WiFi, we are talking about two types of encryption: hotspot access and secure protocol.
Encryption and hotspot access
When you connect to an open WiFi network, chances are that it is unencrypted. Like in the example above, the network is generally unencrypted - and you can tell because when you connected, you didn’t have have to enter a code.
What this means is that all the information going between your devices and the WiFi router is unencrypted. Anyone with a WiFi dongle and some know-how can see what you see.
But what about HTTPS?
It’s true, your unencrypted network traffic is clearly visible to everyone in range. People can see what web pages you’re visiting, the details you have typed into unencrypted web forms - the list goes on. Yet most people think that if a site is secured with HTTPS, the security protocol will take care of it.
What is the security protocol?
Websites mainly run on a particular language known as HyperText Transfer Protocol, or “HTTP” for short. This standardised language tells your smartphone, laptop or tablet what a website or web app should display and how it should operate. By default, this information - and the information you send it - is not encrypted.
The “secure protocol” is a way of encrypting this information so only your machine and the website server can read it. You can tell if a website has this security protocol in place because the browser window will display the web address as starting with “HTTPS”.
However, even if a web page is protected by HTTPS encryption, an open WiFi network still lets snoopers know what websites you are visiting. And while many websites do offer an HTTPS option, there are often gaps in their efforts, where parts of their pages are secure, but others are not.
How can I manage encryption on a public WiFi connection?
First up, try to only connect via wireless networks that require a password to access their router. This way you know that the secured wireless network will encrypt all the information you send and receive using that network.
Secondly, if you are unable to avoid using an unencrypted connection, only enter personal or sensitive information on sites if the site itself is encrypted, as that encrypted website will protect the information you send to and from that site.
The “HTTPS Everywhere” browser extension can help with this by automatically redirecting your browser to an encrypted version of the page you are viewing if one is available.
And for the more tech-savvy who rely on public WiFi, you may want to pay for a VPN. This connects your device directly to a virtual private network, so any snoopers in the local area will only be able to see that you’re connected to the VPN - not what you’re doing on it.
What other issues do I need to be aware of when using public WiFi?
With public WiFi, it is possible for a device that is compromised by a trojan, worm or virus to try and infect other devices connected to the open network.
This is a simple fix, as most laptops allow you to select a “Public network” option when connecting. Choosing this rather than the “Home” option locks down the connection, ensuring your device won’t share any files or folders with other devices connected to the network.
For this reason, it also pays to make sure that your laptop uses a firewall, and is up to date on security patches. Together, these will protect your device from any compromised laptops on the local network that could otherwise try to infect you.
What about the hotspots themselves?
It’s true, malicious hotspots do exist. Some may be compromised by malware, while others may be set up deliberately as a “honeypot” trap. Both of these are rare, but if you are concerned there are still some simple steps you can take to minimise their potential impact.
An infected router can be spotted using some free browser extensions. And a trapped router can be thwarted by asking someone in a position of authority (such as the cafe manager) for the name of the official WiFi connection in the establishment. If they don’t know or say they don’t have one, don’t connect!
If you frequently use public WiFi, then a VPN connection would likely be a wise investment, as it encrypts all traffic, and only shows publicly that you are connected to the VPN.
Simplest of all, if you are connecting to free public WiFi, just don’t do anything that involves entering personal information. No banking, no transactions, no email - not even on sites that use HTTPS. Just plain browsing gives away no publicly identifiable details. Meaning you’re okay!
Dos and Don’ts.
Dos:
- Set your connection to “public” when connecting away from your own WiFi
- Use encrypted connections whenever possible
- Ask for the WiFi connection from an authority
- Use HTTPS supported sites
Don’ts:
- Use public WiFi to perform sensitive transactions such as banking or email
- Connect a device without first installing anti-malware software
- Connect to a device that you feel is suspicious
- Input personal or sensitive information
Prevention is better than cure.
To answer the question posed by this article, public WiFi is only as safe as you can make it. Educate yourself on the dangers and the realistic solutions you have on hand. The best way to keep safe using public WiFi is to avoid using it for sensitive information. If you don’t transmit it, no one can steal it!