Is Public Wi-Fi Still a Danger to Your Privacy?

Posted by Rob Schnetzer on Fri, Mar, 06, 2020 @ 12:03 PM

Can you still be burned using public Wi-Fi?

Recently several articles have surfaced questioning the security risks of public Wi-Fi including one from Consumer Reports with the title “Is Using Public Wi-Fi Still a Bad Idea”

In the article they ask if public Wi-Fi is safe to use. For a long time, we’ve talked about not using public Wi-Fi for many good reasons, but the heart of the matter is: You don’t know what you’re connecting to. Since the advent of public Wi-Fi security on the internet and more specifically on websites had not been up to par when it comes to protecting users from MTM or man in the middle attacks while using public Wi-Fi. If you aren’t familiar with this type of hack think of it like this. You’re on a land line phone in your house speaking with someone, and unbeknownst to you someone else (possibly an annoying sibling) in your house picks up the other line and listens in to your conversation covertly. This is essentially what a MTM attack is, but instead of gossip being overheard and relayed to your parents, it’s your credit card, browsing habits, transaction records and personal info that gets distributed to the internet.  For years public Wi-Fi has been problematic for not just this kind of attack but for the ease at which hackers can manipulate those hotspots or create rogue hotspots, similar enough to legitimate hotspots and trick users into logging onto them. Instead of the hacker being a “go between” and peeping on your browsing habits they use these hotspots to inject malware directly onto your connected device or steal data as you browse.

So, what’s changed?  

Is Public Wi-Fi still dangerous?

The argument in articles such as Consumer Reports is that modern websites have better encryption to stop hackers from intercepting this information. They by design are better hardened against attacks like these so from that respect they have a point. But what they fail to consider is that some websites that don’t use the appropriate encryption are just as open to man-in-the-middle attacks as they were several years ago. The statistics say that only about 10 percent of them are left out there, but they are still out there. And unfortunately, it’s not as simple as just avoiding websites that come across as un-secure--yes, you can do that by paying attention to the address--but if you run into one and you’re not paying close attention you can still get caught up in a bad situation. On top of that, you still must be concerned about those suspect hotspots that have been set up specifically to steal data or drop malware onto your device without you ever knowing.

Ideally it would be wonderful if public Wi-Fi was wholly secure end to end. But due to its very nature it isn’t, nor will it be for the foreseeable future. If you need a connection use a mobile hotspot from your phone or from someone you’re familiar with. If you have to use public Wi-Fi you first need to make sure whatever device your using is updated, and you are using a reputable VPN to hide your traffic. Only ever use public Wi-Fi that you absolutely know the source of, and even then, don’t use it to send or receive sensitive data.  While encryption on websites has over all gotten much better, it won’t save you 100% of the time, and snooping on what you’re doing is still a possibility.  Despite articles to the contrary, we still say: “Don’t use public Wi-Fi.”

Topics: Cybersecurity