Free Wi-FiThis month, cybersecurity company Symantec released the results of its second Wi-Fi Risk Report, which digs into the reasons why consumers, both in America and across the world, use free or public Wi-Fi. While experts have espoused the dangers of accessing public Wi-Fi for years, if Symantec’s survey is any indication, the message seems to have fallen on deaf ears. In this post, we’ll go over the highlights of Symantec’s research, discuss the dangers of using public Wi-Fi and detail some alternatives.

Why is free Wi-Fi so popular?

Globally, Symantec found that more than half of consumers (55%) don’t think twice about accessing free Wi-Fi and are willing to do a lot – like share personal information and download unknown apps from advertisements – to have free Wi-Fi. For Americans, the cybersecurity firm found that 57% of us can’t wait for more than just a few minutes after arriving somewhere before logging onto a Wi-Fi network. The report also explains that 70% of Gen Z-ers (18 to 20 year olds) in the U.S. say it’s important to use Wi-Fi to avoid using up their data, while 59% of Americans over 72 use pubic Wi-Fi to ensure that they are reachable for loved ones. A large majority of respondents also indicated that access to public Wi-Fi was essential to their travel arrangements. Whether they were visiting a hotel, transport hub, a restaurant/café or an airport, consumers planned around having access to Wi-Fi.

What do people do while accessing free Wi-Fi?

It seems like everyone, Americans especially, want to get the most out of public Wi-Fi. Over 60% of Gen Z-ers say that it’s important to have public Wi-Fi access for social media use, and more than half of Americans (51%) said that public Wi-Fi enabled them to use GPS applications to get around. But it’s not just social media and maps consumers are using public Wi-Fi to access; the survey also found that at least 92% of Americans have potentially put personal information at risk by accessing their bank account over public Wi-Fi. The willingness to use these types of services over public Wi-Fi doesn’t seem to come out of a complete sense of disregard, however, as 40% reported they’d feel horrified if their information was leaked and published online.

What’s so dangerous about free Wi-Fi?

Consumers have repeatedly been told how dangerous public Wi-Fi is, but the point clearly hasn’t sunk in for reasons not elaborated on in Symantec’s survey. Although we’ve talked about it before, below we give an in-depth analysis as to exactly how hackers and those looking to steal your identity can harm you on public Wi-Fi:

  • Your web activity can be monitored. Public Wi-Fi and free hotspots tend to lack password protection, meaning that anyone can see all of the Internet activity happening on the network. Using a technique called packet sniffing or snooping, hackers can watch users’ activities on a vulnerable network with dozens of free tools that anyone can learn to use in a few minutes. Even if the Wi-Fi network you connect to is password protected, that alone might not be enough to stop hackers from sniffing, as traffic monitoring programs often come with decryption tools. It also doesn’t help that the one layer of security between you and a hacker, the Wi-Fi password, is publicly known – assuming there even is a Wi-Fi password.
  • Your web activity can be manipulated. Sniffing alone can be a major threat to the average user, but when hackers really want to get their hands dirty, they engage in what are known as man-in-the-middle (MitM) attacks. These types of hacks allow hackers to become the hidden middleman between you and your Internet connection through some combination of phishing and social engineering. One such attack, sometimes called Wi-Phishing or an Evil Twin attack, allows a user to pretend to be the hotspot you want to use. With a custom-made portable router called a Pineapple, or other inventive solutions, a hacker’s device can assume the name of a nearby hotspot. Unsuspecting users then connect to this rogue device, the “evil twin,” instead of the hotspot or Wi-Fi network they were intending. From this point on, the hacker can both view and edit the contents of their victim’s Internet activity – they can send users to fake web pages designed to look like real ones, steal personal information or feed commands into the victim’s device.
  • Your device can be infected with malware. As you might have noticed, none of the attacks mentioned in this post are completely mutually exclusive. In addition to viewing your online activity, someone conducting a MitM attack can also force installations onto your device. They could make your system download unwanted programs or worse, malware of their choosing. This means that your trouble won’t simply end after you disconnect from the public Wi-Fi network.

What can you do to stay safe?

1. Turn off Wi-Fi/Bluetooth when you’re not using them. We’ve talked before about metadata or the data you create when you use certain devices and programs. Devices that are always on, like wearables or smartphones with their Wi-Fi seeking function enabled, effectively broadcast some metadata. This alone usually can’t compromise your privacy, per se, but over time it could. It can also definitely be taken advantage of by hackers with Evil Twin setups to force your device to connect with theirs when you’re not paying attention.

2. Consider getting a beefier data plan. Although there’s a premium involved, if you must stay connected and want the convenience of Wi-Fi anywhere, using your cell phone provider’s data network will always be safer than public Wi-Fi. As such, it makes sense to pay a little more every month for your data, as opposed to taking the risk on public Wi-Fi and saving a few dollars.

3. Use a VPN. If you’re unfettered by all the warnings and absolutely need to use public Wi-Fi, you should at the very least make sure you only access public networks while having a Virtual Private Network (VPN) active. This hides your device’s activity by routing it through another network not accessible to anyone using the public networks you may connect to. VPNs aren’t a silver bullet, but when it comes to protecting your privacy and security, they are generally a solid bet.

4. Only access sites with HTTPS active (or use HTTPS plugins). Regardless of whether you’re connected to public Wi-Fi or using a private network at home, you should also consider avoiding sites that don’t use HTTPS encryption. HTTPS is another layer of encryption between the site you’re using and your device which makes it harder for anyone passively sniffing your web traffic to see it. Although not all sites use HTTPS, certain browser plugins, like HTTPS Everywhere, can force most websites to communicate with your device using HTTPS, which ensures that your information stays safe.

Cybersecurity can be something that’s hard to manage, so keep reading our technology blog to help make sense of new scams and technology exploits.