Public WiFi networks. Are they safe?

Airports, hotels… On vacation we also spend the whole day connected to the Internet. WhatsApp has in many countries become an essential tool for personal communication. We all want to be able to check Facebook, post photos on Instagram, tweet something we’ve seen, and answer work emails from wherever we  are… and it’s possible. We mostly do all these things from a smartphone, or perhaps from tablets or (increasingly less) from laptops.

It is quite common to scan for and connect to public WiFi networks which aren’t password-protected and let you connect to the Internet cheaply and simply. In fact, a typical selling-point of many restaurant chains nowadays is that they offer free WiFi connections to customers, and in many places there are public WiFi hotspots provided by local councils.

Even though the price of mobile data connections has dropped considerably (largely thanks to competition and technological advances), and connection speeds continue to increase (GPRS, 3G, HDSPA, 4G…), most users, if they can, still try to avoid using mobile data. The reason is simple: many of the mobile data rates on offer include a limit on data download volume, and once this threshold is exceeded, either the connection speed drops or the charges increase. Moreover, not everywhere has good mobile data coverage, and that directly affects the connection speed. And that’s not to mention the question of data roaming when traveling to other countries, where prices are very often completely prohibitive.

It’s obvious that most of us at one time or another will try to connect to a public WiFi network. Is it safe? What are the risks? Can anyone spy on data sent from my device? Can I get infected if the network is malicious? These are some of the questions that we’ll answer below.

When you connect to the Internet from home or from your office, you know who is responsible for the network and which people can connect to it.  However, on a public network, anyone can be connected, and you have no idea of their intentions. One of the first questions that arises concerns the level of security on any Web page that requires you to enter your login credentials.

How to connect safely to a public WiFi network

Could someone connect to the same network and spy on data communications?

Yes, anyone connected to the network could capture the data traffic sent from your device, and there are simple, free apps available for this purpose.

Does this mean that someone could steal my Facebook username and password?

No. Fortunately, Facebook, along with many other social networks, webmail services, online stores, etc. have secure Web pages. You connect to them via SSL, which you can see on your browser (depending on which one you use) when the padlock icon is displayed next to the page address. This means that all the data sent to this page is encrypted, so even if it is captured by a third-party, it cannot be read.

What about other websites? Could someone see which pages I’m visiting, or access the data I enter on unencrypted site?

Yes. It’s very simple to capture this information, and anyone could see what pages you connect to, what you write on a forum or any other type of unencrypted page.

So as long as the Web page is secure, I’m alright, aren’t I?

Yes, but it must really be secure. Capturing network traffic is just one type of possible attack. If the hotspot has been deliberately set up by an attacker, they could, for example, alter the settings of the WiFi router to take you to the page they want. Imagine you enter www.facebook.com in your browser, yet the page you see is not really Facebook but a copy, so when you enter your username and password you are giving it directly to the attacker. Or, worse still, the page you are taken to contains an exploit which infects your device without you realizing. In any event, the fake page won’t be secure, which should help you detect that it is not the real site.

But is this still the case if I know that the WiFi hotspot is reliable, such as in a shop or restaurant?

Yes. although it is obviously safer, no one can guarantee that the router hasn’t been compromised, or that the DNS configuration hasn’t been changed, which would enable an attack like the one described above where you’re directed to a fake page. In fact in 2014, security holes have been discovered in popular routers which allow them to be hacked so an attacker could easily change the configuration.

This is chaos! Is there any way of protecting myself against these attacks?

Yes. One good way is to use a VPN (Virtual Private Network) service. This ensures all data traffic from your device is encrypted. It doesn’t matter whether the site is secure or not, everything is encrypted. When you are connected to the VPN, the router’s DNS settings are not used in any event, so you’re protected from the types of attack described above.

And what about password-protected WiFi networks? Is there the same risk?

This in effect ensures that only people who know the password can connect to the same WiFi access point, nothing else. In a way, you could say that this reduces risks by reducing the number of people who can connect, although the same kind of attacks can still occur in the same way as on an open network without password protection.

Does this apply to all types of devices or just to computers?

To all kinds: computers, tablets, smartphones or any other device with which you can connect to a network.

And so what about WhatsApp? Can anyone see my chats or the photos and videos that I send?

No. Fortunately that information is now encrypted. Previously it wasn’t, and in fact, an app was developed that allowed you to see people’s chats if you were connected to the same network. This is no longer possible, although there is a way someone could find out your phone number if you are connected to WhatsApp on the same network as them, but that’s the most they can do.

Benefits and Risks of a Wireless Network

Many consumers and small businesses use wireless (Wi-Fi) networks to enable their laptops and other wireless devices to access the Internet. Wi-Fi networks generally include a wireless “router” connected to a broadband Internet service via a modem that is attached to the cable or telephone network. Sometimes the wireless router and the modem are integrated into one device.

While Wi-Fi networks provide many benefits, an unprotected network can result in unauthorized use and potential harm unless certain steps are taken. In some cases, unauthorized users may be able to access your private information, view the content of transmissions, download unlawful content using your network or infect computers with viruses or spyware. Unauthorized users may also cause harm beyond your computer or network, such as sending spam, spyware or viruses to others, and the activity can be traced back to your network.

How to Secure a Wireless Network

The following tips can help secure a Wi-Fi network against unauthorized access. Consult the owner’s manual that came with your wireless router for specific instructions on performing the following steps. Manuals are often available on the manufacturer’s website. At the bottom of this page you will find links to product manuals from some of the most popular manufacturers, and links to how-to videos produced by the Federal Trade Commission.

1. Turn Encryption On

Turning on your wireless router’s encryption setting can go a long way toward securing your network. Wireless routers often come out of the box with the encryption feature disabled, so be sure to check that encryption is turned on shortly after you or your broadband provider installs the router. Note that there are different types of encryption. “WPA2” currently is the most effective standard. Another common standard, “WEP”, is less secure, and therefore is not recommended. To turn on encryption, you will need to pick a wireless network password. Longer passwords that utilize a combination of letters, numbers and symbols are more secure.

2. Turn the Firewall On

A “firewall” is designed to protect computers from harmful intrusions and can be hardware-based or software-based. Wireless routers generally contain built-in firewalls, but are sometimes shipped with the firewall turned off. Be sure to check that the wireless router’s firewall is turned on.

3. Change Default Passwords

Most wireless routers come with preset passwords for administering the devices settings (this is different from the password used to access the wireless network itself). Unauthorized users may be familiar with the default passwords, so it is important to change the router device’s password as soon as it is installed. Again, longer passwords made up of a combination of letters, numbers and symbols are more secure.

4. Change the Default Name of the Network

A network’s name is known as its “SSID” (service set identifier). When a computer with a wireless connection searches for and displays the wireless networks nearby, it lists each network that publicly broadcasts its SSID. Manufacturers usually give all of their wireless routers a default SSID, which is often the company’s name. It is a good practice to change your network’s SSID, but to protect your privacy do not use personal information such as the names of family members.

5. Turn Network Name Broadcasting Off

Wireless routers may broadcast the name of the network (the “SSID”) to the general public. This feature is often useful for businesses, libraries, hotels and restaurants that want to offer wireless Internet access to customers, but it is usually unnecessary for a private wireless network. It is recommended that owners of home Wi-Fi networks turn this feature off.

6. Use the MAC Address Filter

Every device that can connect to a Wi-Fi network has a unique ID called the “physical address” or “MAC” (Media Access Control) address. Wireless routers can screen the MAC addresses of all devices that connect to them, and users can set their wireless network to accept connections only from devices with MAC addresses that the router is set to recognize. In order to create another obstacle to unauthorized access, change your router’s settings to activate its MAC address filter to include only your devices.

Additional Wi-Fi Safety Tips

Turn off your Wi-Fi network when it will not be in use for extended periods of time

Use anti-virus and anti-spyware software on the computers that access your wireless network

Don’t assume that public wireless networks are secure