Thanks to the nearly universal accessibility of public Wi-Fi, FaceTiming mom in Houston while you’re slurping pho in Hanoi is remarkably easy these days. As of this year, there is one Wi-Fi hot spot for every 28 people on Earth. Connectivity is not so much a luxury as it is an expectation.
However, as easy as connecting to public Wi-Fi may seem, the dangers that go along with it should not be taken lightly.
In February of 2015, USA Today reporter Steven Petrow spent a three-hour flight from Dallas to Raleigh catching up on work using American Airlines’ GoGo Wi-Fi service. When he left the plane, a fellow passenger approached him, warned him of his vulnerability, and proved his point by directly quoting sensitive emails Petrow had written while on board.
How does this happen?
Keith Waldorf, VP of Engineering at iPass, tells this story as a cautionary tale for all Wi-Fi users. iPass is a global hot-spot service based in Silicon Valley that provides secure networks for businesses around the world.
“This kind of snooping can happen to anybody that is unaware of the dangers of public Wi-Fi,” says Waldorf. “The hacker was doing something we call sniffing, or side-jacking, which means that he’s on the same network and basically keeping tabs on what you’re doing and what information you’re sending and receiving.”
Petrow got off lucky. This kind of snooping allows hackers to piece together information about their victims, which then they can either sell (ever wonder why you get calls offering a “free cruise”?) or use for future and potentially more harmful exploitations. A more direct version of this attack is a man-in-the-middle breach, also known as MitM. Here, a hacker intercepts a Wi-Fi user’s online communications and is able to send and receive sensitive information without him or her knowing. Wi-Fi users are particularly susceptible to MitM attacks when accessing online banking platforms or any site that requires a login.
Another—and probably most menacingly named—attack is the evil twin.
“Say you’re in a Starbucks,” says Waldorf, “And you see a wireless network named ‘Starbucks.’ You hit connect and it takes you to a login page where you enter some personal information like your email address and phone number. Of course, you’re not going to question it because the name seems legitimate, and you’re in a popular public spot.” Despite its friendly name, there’s a chance that it’s a hacker broadcasting his or her own signal. Like MitM and side-jacking attacks, this “evil twin” connection gives hackers access to a slew of sensitive personal information.
With this short list of common dangers, safely using Wi-Fi might seem like an impossible task. Luckily, there are several ways to be smart and safe on the go. Here’s how.
When you’re on the road and have more information stored on your device than usual (think: scans of your passport, credit cart and flight numbers, hotel names and addresses), safely getting online is essential. Anti-viruses and malware will protect users against viruses, yes. But network snooping? No.
The best thing you can do is use a network encryption service, which, in its simplest form, hides your activity from any potential hackers on the same network. You can and should subscribe to a VPN service, which reroutes your activity to a known, secure wireless hot spot. There are a dizzying amount of options to choose from, but Hotspot Shield has a highly rated mobile and desktop app, as does VPN Unlimited.
However, if that doesn’t suit you, perhaps Waldorf’s tips for safe use of public Wi-Fi will. The simplest one: turn off your device’s automatic Wi-Fi connectivity when it’s not actively in use. This way, you will avoid joining sketchy public networks without your knowledge. Once you do join a network, verify it. Do not just connect to the one called “Hyatt Shanghai 123” because you’re in the Hyatt and it’s unlocked and available. Ask your hotel concierge to confirm the name and password before taking any action.
In terms of active browsing, you should avoid making any sort of transaction that involves credit card information over a public network. However, if you need to check your statements or make a reservation on the go, either use the bank’s mobile app (most have them, these days), or simply type the site’s address directly into your browser. In fact, for any well-known site where a login is required, skip the search engines. For many transactional webpages, you’ll know that you’re on at a properly encrypted website if the browser begins with https, rather than the standard http.
Ultimately, nothing will keep you safer than avoiding public Wi-Fi altogether. But with expensive data-roaming fees and the need for constant connectivity, that might be unrealistic. Being smart about how you connect, however, is not.
“I tell my wife and kids that Wi-Fi safety is just like personal safety,” says Waldorf. “You need to be aware of your surroundings, and stay vigilant.”