What Are the Risks of Using Public Wi-Fi?

Home Security Heroes independently tests and reviews every product. We may earn a commission when you buy through our links. Read more here.

Brandon King
Editor
September 25, 2023
Finger touching a phone with wifi

Image by creativeart

Nearly half of Americans rely on public Wi-Fi for various reasons. Plus, it’s free, and who doesn’t like freebies? 

Public Wi-Fi is also virtually everywhere: coffee shops, restaurants, hotels, salons, parks, and train stations. It’s easy to connect to the Internet when you’re on the go. 

You’d also agree that public Wi-Fi can make a delayed flight slightly better. Or, make a trip to the laundromat a breeze. But most people don’t know how risky using public Wi-Fi is.

Like anything free, there are usually strings attached. And, with free Wi-Fi, you may not want to tug at those strings.

This article will cover the risks of using public Wi-Fi and explain the safety measures you can use to protect yourself if you must use it.

The Risks of Using Public Wi-Fi

Couple on a bench using social media

Image by Freepik

Imagine visiting the doctor, and they use an unsterilized needle on you.

You probably won’t contract any disease, but do you really want to risk it?

This is pretty much what happens when you connect to an unsecured Wi-Fi network.

Let’s look at the numbers:

About 25 percent of public Wi-Fi networks have no encryption at all. That’s alarming. But it gets worse. Approximately 31 percent use the WEP (Wired Equivalent Privacy) protocol. That may sound better, but the WEP was created over 25 years ago.

Since then, there have been countless security updates, meaning it’s now completely unreliable. A skilled hacker will probably need only a few minutes to break into such networks.

That’s scary because it effectively means more than half of the world’s public Wi-Fi networks are unsafe.

So, what does this all mean, and how does it affect you?

In the following paragraphs, I’ll discuss some of the risks of using public Wi-Fi.

1. You Could Become a Victim of Identity Fraud

Connecting to an unsecured network may expose your financial and personal information to hackers.

How?

Cybercriminals can use public Wi-Fi hotspots to steal your credit card information to commit financial fraud. 

They only need enough information about you, and they could potentially withdraw money from your bank accounts, take loans and rack up debts, make an online purchase, or even commit other crimes in your name.

If you’re lucky and the hacker doesn’t do any of the above, they may still be able to see your location through public Wi-Fi. This means a hacker might know where your home and work addresses are.

Although many people wouldn’t care if hackers knew their address, it would creep me out.

2. Hackers May Install Malware on Your Device

You might also unintentionally expose your computer or phone to malware attacks.

Hackers can exploit software vulnerabilities to install malware on your computer without your knowledge. This includes viruses, trojans, and worms. 

Worms are actually dangerous. They can replicate on their own without human action. You don’t have to do anything, like share a file or click a link.

This means they can spread faster to your email contacts or other computers, making them more dangerous than viruses.

You could be using Wi-Fi at your local coffee shop, but the network has been infected with malware. This means any device that connects to the hotspot will be affected.

Read: How to Protect Your Phone from Hackers

3. Man-in-the-Middle (MITM Attack)

Imagine talking to your spouse, and someone is on the other side of the wall eavesdropping. This is what a man-in-the-middle attack feels like in the real-world context.

And it could happen when you connect to a public Wi-Fi. In a MITM attack, a hacker intercepts communication between a user and an application.

For example, when using the Internet, you are “point A,” sending a request to “point B,” which could be a service or website.

Unfortunately, bad actors can intercept that transmission and “read” the data because the Wi-Fi’s encryption is typically weak. This means your conversations and anything you do online are no longer private.

Here’s a scenario:

Imagine logging into your email, but the hacker can see what you’re doing. They can see your login credentials in plaintext.

That’s how dangerous this is.

If you frequently reuse passwords (something you should never do anyway), then the attacker now has the login information of all the online accounts with the same password.

Read Also: What Is Shoulder Surfing and How Do You Prevent It?

4. Hackers Hijacking Your Session ID

This can be seen as a variant of the MITM attack because they share similarities. But in this case, the hacker takes control rather than just capturing data packets. 

During a session hijacking attack, hackers can intercept, relay, and alter messages.

Depending on who you ask, session hijacking can also be called session fixation. In this case, the hacker blocks the session ID.

Every time you connect to an application or website, you get a unique identifier called a session ID. Anyone with the session ID can do whatever you can with an app or website.

So, if you can make purchases, transfer money, or access sensitive information, the hacker that intercepted the session ID can do the same.

For example, let’s say I logged into my online bank account to make a quick money transfer using public Wi-Fi.

A hacker can intercept the session ID, which is stored as a cookie or token in your browser, and use it to access your account. They can transfer money into their account from there.

5. An Evil Twin Attack

In this case, the hacker creates a fake but legitimate-looking access point (AP). It’ll have the same network name, just like the real one.

For example, if you’re connected to a “Big Joe’s Restaurant Wi-Fi.” A hacker might create an evil twin with the name “Big Joe’s Restaurant Wi-Fi 2,” or “Big Joe Restaurant Wi-Fi” without the “s.”

Most people wouldn’t notice anyway.

In some cases, the evil twin may have a stronger signal than the real one, which will look more enticing to anyone.

Once a user connects to the fake one, BOOM! The attacker can intercept their private conversations, steal passwords, or perform malicious actions.

In the end, you’ll be paying DEARLY..

6. Network Snooping for Confidential Information

If you thought that was crazy, wait till you see how hackers can snoop on confidential information via your browser!

As the years pass, hackers are getting better. Plus, they can access special tools that search for passwords saved in your browser, apps, websites, or emails. In most cases, they can only do this when you’re connected to a public Wi-Fi.

There’s a real-world example of this type of attack.

In May 2022, tech giant Cisco was hacked after hackers compromised an employee’s personal Google account login details. The victim saved their credentials in their browser’s password manager.

Although the threat actor was removed, this instance shows how you may not be the only one at risk from public Wi-Fi. Your family and work colleagues could be as well.

7. Hackers May Use Phishing Attacks

Sometime in 2018, an 86-year-old hacker entered his local coffee shop and broke into its public Wi-Fi hotspot in under 17 minutes. Then, he distributed phishing emails to everyone connected to the hotspot.

The coffee shop was lucky that Alec Daniels was an ethical hacker – a good guy who finds security vulnerabilities to fix rather than exploit.

Threat actors can compromise public Wi-Fi networks and use social engineering tactics to craft deceptive messages that lure victims into revealing sensitive information.

Attackers can use phishing emails, voicemails, and even text messages to gain access to passwords, authentication codes, and sensitive documents.

8. Ransomware Attack

This is a form of malware attack where an attacker injects malicious code into a computer system, blocking access to sensitive information until a sum of money is paid.

Here, the attacker encrypts your files and blackmails you to send them money for the decryption key.

What happens if you don’t pay?

They may threaten to expose what they have on you. It could be pictures you want to keep private or even conversations.

We all have things we’d rather keep from the private eye.

Recently, a 17-year-old boy committed suicide after three Nigerian men threatened to reveal his nude images. This is only one of the many consequences.

9. Remote Control of Your Device

How would you feel if someone could control your phone or computer from anywhere in the world without your permission?

It’s not cool.

But, hackers could potentially control your device remotely because you are or were connected to a public Wi-Fi.

Many people won’t even know this has happened. So, here are some signs that may indicate someone is controlling your phone or computer:

  • Your mouse may begin to move on its own.
  • Applications on your device may open or close on their own.
  • Sometimes you may see network activity like data being sent or received, especially when you’re not actively using your device. 
  • A new account or application you didn’t create or install may appear on your device. 
  • Suspicious messages or pop-ups may even crop up on your screen.
  • There are changes in your device settings – changes you didn’t make.

A hacker controlling your device is dangerous. They can use your device to steal sensitive information or commit a crime.

10. Fake System Updates with Data-Exfiltration

System updates are awesome, but you need to be careful too!

Sometimes, hackers may hack the connection point and send false pop-up notifications that your device’s software needs updating. 

The pop-up might say your favorite application needs to be updated so you can access the newest features.

If you’re like me, you’d click on the update button since you use the application regularly.

But it may be a scam!

Clicking on these links leads to you installing malware on your device.

These risks we’ve just listed are only a few. There are many more potential risks that using public Wi-Fi exposes you to. 

Now, how do you protect yourself, your business, and your loved ones from this danger?

How Do You Protect Yourself When Using Public Wi-Fi?

Close-up smartphone with wireless sign

Image by Freepik

Below are actionable steps to protect yourself when using public Wi-Fi:

1. Buy a Premium Virtual Private Network (VPN)

Before you connect to any public Wi-Fi, first turn on your premium Virtual Private Network (VPN).

Here’s what a VPN does:

It creates a private network that encrypts the data you send and receive. This makes the transmitted data unreadable to prying eyes like hackers, government surveillance, or even Internet service providers who want to track your online activity.

Choosing a premium plan on a VPN service can make a difference.

You don’t want to be one of the 25 million users whose records were exposed in 2022 after connecting to a free VPN service.

They may only cost about a few bucks monthly – around $10 or less, but choosing a premium VPN is a more reliable option than the free service. 

Private Internet Access (PIA) VPN, Proton VPN, and ExpressVPN are some of the most reliable services. Compare prices.

2. Use Reliable Antivirus Software

Antivirus software can protect you from many malware-based attacks when using public Wi-Fi. 

It will alert you when known viruses, trojans, or worms are loaded on your device or if there’s suspicious activity. This allows you to stop the threat immediately before it infects your files.

Some of the best antivirus software you can subscribe to include Malwarebytes and Bitdefender Plus.

3. Enable a Firewall to Protect Your Connection

A firewall serves as a barrier between your device and data-based malware threats. 

It actively monitors network data packets and determines whether they are safe or not. 

As a result, the firewall blocks any malicious data packets it detects.

Windows users can typically enable a firewall from the Windows Defender Firewall option in the Control Panel.

On most Mac devices, you can turn on the firewall functionality in the Network section of “System Settings.” However, it’s best you check the Apple Support for instructions on the specific iOS device you’re using.

You may also need to install a special firewall app on your phone, especially for Android users. 

Here’s a pro tip: Choose antivirus services that also have firewalls.

4. Your Bluetooth and File-Sharing Don’t Have to Be Switched On

Turn off Bluetooth discoverability to prevent others from forcing your device to connect theirs.

Don’t forget to disable file sharing before connecting to a public Wi-Fi

If you continue to use file sharing, your folders and files may be accessible to anyone connected to that public network, allowing a hacker to access your private information without your knowledge.

5. Stay Away From Financial Services

Keep this in mind at all times; stay away from sensitive information while using public Wi-Fi. 

Ask yourself this question: will you have any problems if this information you’re checking is leaked?

If the answer is yes, then you shouldn’t be using public Wi-Fi for that information. 

You can do this when you’re connected via mobile data or your home network.

Limit the use of free Wi-Fi to things like checking maps for directions or to get general information on Google. 

This is certainly not the best time to pay bills, check your account balance, or work remotely. 

Sometimes, these applications may have security weaknesses that a hacker could exploit.

6. Go to Secure Websites Only

When you’re on public Wi-Fi, only access websites that are secure.

How do you know if a website is secure?

Look for “HTTPS” connections rather than just “HTTP.” HTTP means Hypertext Transfer Protocol, while HTTPS is Hypertext Transfer Protocol Secure.

What’s the difference?

It’s simple. HTTP has no “s,” meaning it’s not secure, while HTTPS is designed to be secure.

When you visit a website using HTTP, your data is sent over the internet in plain text, meaning it can be intercepted and read by anyone with access to your connection.

However, HTTPS encrypts your data using SSL or TLS encryption, so it’s unreadable to anyone who intercepts it.

A website using HTTPS typically has a padlock icon in the address bar.

Once you click on the padlock, confirm if the right company issues the certificate. 

For example, a Microsoft-owned site, such as https://www.microsoft.com, should have a certificate issued by Microsoft.

7. Disable Automatic Connections to Public Hotspots

If your Wi-Fi automatically connects to any public Wi-Fi it finds within range, it could be a security risk.

Ensure you adjust your wireless connection settings to disable automatic connection to available public hotspots.

You should be able to do this in your phone or computer’s Wi-Fi settings by turning off “connect automatically.” 

Alternatively, you can set “Auto-Join Hotspot” to “Never.”

8. Use Secure Passwords and Enable Two-Factor Authentication (2FA)

Whether or not you connect to a public Wi-Fi, it’s always a good idea to have strong passwords. It is key to protecting yourself online.

A strong password can protect you from hackers’ brute-force attacks and other password-cracking techniques. 

This is the password policy I use, and it may also help you:

  • Password length is between 8 and 15 characters. It could be longer, but never shorter.
  • Have a mix of upper and lower-case letters, special characters, and numbers.
  • No personal information in passwords. Cancel out birthdays, ages, or names. They’re easy to guess.
  • Change your password every three months.
  • Don’t use the same passwords for multiple online accounts. If a hacker gets one, they automatically can access the rest.

You should also enable two-factor authentication. This provides additional security should a hacker crack your passwords.

Consider using authenticator apps, like Google Authenticator and Microsoft Authenticator, over SMS authentication. This is because hackers can still intercept SMS codes through SIM swap techniques.

9. Update Your Operating System

Whether or not you use public Wi-Fi, updating your device’s operating system regularly is important.

New software updates often have security patches and features that fix existing security flaws. Or they can also protect against emerging security threats.

10. Always Log Out and Forget the Network

Once you’re done browsing, log out of all the services you were using. Then, go to your device’s Wi-Fi settings and “forget” the network.

This stops your device from automatically reconnecting to that network without your permission, especially when you’re in range.

11. Consider Using a Privacy Screen

If you’re on public Wi-Fi, then you’re in public. Consider using a privacy screen.

A privacy screen blackens your device display for everyone except you. This can protect you from fraudsters looking over your shoulder to copy or photograph sensitive information.

How to Protect Your Business From Public Wi-Fi Risks

Pot with cactus and a wifi signal

Remote jobs are expected to reach an 87 percent increase from pre-pandemic levels by 2025. 

As more companies adopt work-from-home (WFH) models, ensuring employees maintain safety precautions is important.

In an attempt to get work done, your staff might inadvertently expose confidential company data. 

You don’t want that.

Here’s how to implement a strong cybersecurity strategy that protects your business from the dangers of employee negligence:

  • Create a robust organization-wide cybersecurity policy. This should prohibit employees from connecting to unsecured networks when working from home. Staff should use the mobile hotspot from their mobile carrier.
  • Require that all employees create strong and unique passwords.
  • Ensure all remote workers enable firewalls and turn on VPNs.
  • If an employee wants to connect to a free Wi-Fi, they’ve got to log out from all company accounts first.
  • Make sure your company website is secure (use the HTTPs guideline) with an SSL certificate that’s up to date. 
  • Do company devices have reliable antivirus and anti-malware? If not, install them now.
  • Always check for vulnerabilities that hackers may exploit. A consultant Vulnerability Assessment professional can help with this.

Cyberattacks have increased so much recently and businesses are usually the target. It doesn’t matter whether you’re a small, medium, or large business.

Unfortunately, 95 percent of all cyberattacks can be traced to human error, like negligence. You really do not want to lose your business due to an employee’s carelessness. 

The effects of a data breach can destroy your financial health, cause reputational damage, and alter business continuity.

Conclusion

Whenever you connect to an unsecured Wi-Fi network, you gamble with your sensitive information – and the odds are not in your favor.

There are many risks in using public Wi-Fi, and the consequences can be crippling for you and your loved ones. It’s essential to avoid exposing yourself, especially now that cybercrimes have increased.

In my opinion, the best protection against the risks that public Wi-Fi poses is to avoid using it in the first place. 

However, this may sometimes be impossible, depending on where you live and what you do. 

So, if you must use public Wi-Fi, use a good, paid VPN service and antivirus software, don’t go to your financial accounts, have strong passwords, turn off Bluetooth and file sharing, and always update your operating system.

Last Updated on