We’ve all used public Wi-Fi: it’s free, saves you data quotas, and always helps speed up load times.
You may like public Wi-Fi, but hackers do too.
Here’s a list of several ways cybercriminals can hack into public Wi-Fi devices, get their hands on your private data, and potentially steal your identity. And, because sometimes you don’t have much choice but to use public Wi-Fi, you can protect yourself from public Wi-Fi hackers.
1. Man-in-the-middle attack
A man-in-the-middle (MITM) attack is a cyberattack in which communications between two participants are intercepted by a third party. Instead of being shared directly between the server and the client, the data is broken by another element.
Unsolicited hijackers can then present their own version of the site to display to you and add their own information.
Anyone using public Wi-Fi is particularly vulnerable to MITM attacks. Because the information transmitted is generally unencrypted, this is not only the disclosure of hotspots but also your data.
A compromised router can vacuum up a lot of personal material relatively simply: hackers getting into your emails, for instance, gives them access to your usernames, passwords, private messages, and plenty more. They could even visit services, click the “Forgot your Password?” options, and reset your credentials, locking you out of all your accounts.
How to protect yourself from MITM attacks
Public Wi-Fi may not have encryption, but most major websites that require passwords, such as PayPal, eBay, and Amazon, use their own encryption technology. Check this by looking at the URL. If it’s an HTTPS address —that additional “S” means “secure”—then there’s some level of encryption.
If you see a website that may not be really not a notification, don’t enter any data, even if you’re desperate. If you visit an unsafe website, most browsers will give you a warning message.
2. Fake Wi-Fi connection
This variant of the MITM attack is also known as the “Evil Twin”. The technology intercepts your data in transit, but bypasses any security systems that public Wi-Fi hotspots may have. Victims may hand over all their private information simply because they have been tricked into joining the wrong network.
Setting up a fake access point (AP) is fairly easy and well worth the effort for cybercriminals.
They can use any device with internet capabilities, including smartphones, to build an AP with the same name as a real hotspot. Any transmitted data sent after joining a fake network is passed through hackers.
How to Protect Against Evil Twin Hacks
There are some tips on how to spot the “evil twins” public Wi-Fi. If you see two network connections with similar names, be sure to screen them carefully. If they are related to a shop or restaurant, talk to the staff there.
If you find a fake AP at work, alert management.
You should also consider a virtual private network (VPN) that uses data encryption. This establishes a degree of encryption between the end user and the website, so without the correct decryption key, hackers cannot read potentially intercepted data.
3. Packet Sniffing
It’s an amusing name, but the actual practice of “packet sniffing” is far from a laughing matter. This method enables a hacker to acquire airborne information and then analyze it at their own speed.
A device transmits a data packet across an unencrypted network, which can then be read by free software like Wireshark. That’s right: it’s free.
You’ll even find “how to” guides online, teaching you how to use Wireshark. It can be used to analyze web traffic, including (ironically) finding security threats and vulnerabilities that need patching.
Packet sniffing is relatively simple and in some cases not even illegal. IT departments often do this to ensure that security practices are maintained, faults are detected, and company policies are adhered to. But it’s also useful for cybercriminals.
Hackers can get to large amounts of data and then scan it at their leisure for important information such as passwords.
How to Protect Against Packet Sniffing
You need to rely on strong encryption, so invest in a VPN and make sure sites requiring private information have SSL/TSL certificates (i.e. look for HTTPS).
4. Sidejacking (Session Hijacking)
Sidejacking relies on obtaining information via packet sniffing. Instead of using that data retroactively, however, a hacker uses it on-location, in real-time. Even worse, it bypasses some degrees of encryption!
Login details are typically sent through an encrypted network and verified using the account information held by the website. This then responds using cookies sent to your device. But the latter isn’t always encrypted—a hacker can hijack your session and gain access to any private accounts you’re logged into.
While cybercriminals can’t read your password through sidejacking, they could download malware to obtain such data, including on video chat platforms like Skype. Furthermore, they can get plenty of information to steal your identity. A wealth of data can be inferred from your social media presence alone.
Public hotspots are particularly attractive to this type of hacking because there is usually a high percentage of users who are open.
How to Protect Against Session Hijacking
Standard encryption methods can hit the left side of the door, so a VPN encrypts information coming in and out of your device.
As an extra security measure, make sure you always log out when you leave the hotspot, otherwise you risk hackers continuing to use your meetings. For social media sites, you can at least check where you’re logged in and then log out remotely.
While this may seem obvious, we often forget about this simple security measure.
Whenever you use an ATM, you should check the people around you to make sure no one peeks at you as you enter your password. It’s also a danger when it comes to public Wi-Fi. If someone is wandering around while visiting a private website, be suspicious. Don’t submit anything personal, like a password. This is a very basic scam, but it certainly still works for scammers and hackers.
A “shoulder surfer” might not even need to be behind you: just watching what you type can give criminals something to work with.
How to Protect Against Shoulder Surfers
Stay vigilant. Get to know the people around you. Sometimes, paranoia can help you. If you’re not sure about the people around you, don’t do anything personal.
Also don’t underestimate the importance of what you fill out or read: for example, medical information may be useful to identity thieves. If it’s a file or webpage that you don’t want others to see, take precautions to prevent this from happening.
How can VPNs protect against public Wi-Fi hacks?
The core problem with public Wi-Fi is the lack of encryption. A VPN encrypts your personal information, so it can’t be read without the correct decryption key (in most cases). If you use hotspots a lot, a VPN is essential.
Luckily, you can find completely free VPNs, including devices like laptops and smartphones. But you should also keep an open mind and consider paying for one; In order to save your personal information, it is worth it.
Finally, since the vast majority of us use public Wi-Fi, we need to be more careful.