What Is Public WiFi?
A public WiFi connection is any publicly available connection that allows you to connect to the Internet. These connections are typically free to users and are commonly found in public areas such as airports, malls, restaurants, hotels, and coffee shops. Most of us have come to expect these WiFi connections as a courtesy, enabling us to remain connected wherever we are.
Despite the convenience factor, it’s important to understand the inherent risks that connecting to public WiFi can introduce to your device or network.
This work is not only important for one’s own safety, but also for that of populations that may be particularly vulnerable online – for example, K-12 students learning remotely, senior citizens unaccustomed to dealing with online risks, and telehealth patients whose sensitive data may be at risk of exposure.
Fortunately, there are also many relatively straightforward fixes that can mitigate or eliminate these risks. Let’s explore some of the most common dangers, as well as measures that can keep users safe online.
For more in-depth information about the dangers of public WiFi as well as guidance on safety measures to put into place, download our free whitepaper.
It’s estimated that every 39 seconds, there is a new attack somewhere on the web. While it’s impossible to know exactly how many of those are caused by connections on insecure public WiFi networks, it’s safe to assume that a generous amount are, given the lax or nonexistent security of most public WiFi networks.
Here are some of the most common risks:
This is a form of eavesdropping in which a “man” (or device) in the middle of a connection between your device and the router, service, or website you connect to via free public WiFi intercepts the data transmitted to and from your device. Man-in-the-middle attacks usually involve snooping or sniffing, and there are cheap, widely available, and easy-to-use devices and software that malicious actors can utilize to perpetrate a man-in-the-middle attack, making it a low-cost and highly common type of attack.
Since public WiFi is usually offered as a free service, the routers used in these networks often have their factory defaults and lack basic encryption. Without encryption, any data you send or receive over the connection can be read by anyone who can intercept or eavesdrop on that data.
Malware is malicious software that gives an unauthorized user access to a system, device, or network. If your device or system has a software vulnerability, a hacker may be able to slip malware or viruses to you over an unsecured connection.
A malicious hotspot is a rogue connection that tricks victims into thinking that it is a legitimate network – for example, a free WiFi connection at an airport called “Airport_Lounge” may in actuality be run by a hacker.
This is a type of exploit that involves driving around neighborhoods to gather unsecured or unencrypted data from wireless networks that are in use in the target area. The information gathered can then be shared online or may be used to target individuals living in the area.
Distributed Denial of Service
A Distributed Denial of Service (DDoS) attack over WiFi occurs when an attacker overwhelms the network you are on, causing your system to crash. It’s estimated that 23,000 DDoS attacks occur on the Internet each day.
KARMA attacks exploit WiFi weaknesses and a lack of access point authentication to access, control, or deliver malware to target devices connected to the network.
Staying Safe on Public WiFi
As a rule of thumb, the best way to avoid public WiFi safety issues is to avoid using public WiFi altogether. Protecting your students, patients, staff, and patrons with a highly secure and manageable connectivity solution, like those offered by Kajeet, is the best way to keep users safe in an increasingly digital world.
However, if you must connect to a network, make sure to:
- Update your Preferred Network List. Hackers can create rogue access points with the same name or network IDs that your device trusts, so you should delete (have your device “forget”) WiFi networks you do not regularly access or need to access.
- Never use hidden networks. Normal WiFi access points send beacons containing the information that nearby devices need to discover and connect to the network, such as the network SSID and the type of encryption it supports. Hidden networks do not do this, instead requiring the user to have prior knowledge about the network. If you have devices that are configured to connect to a trusted hidden network of your own, those devices will constantly call out the name of the network you hid, making the network an open target for anyone who can capture those beacon transmissions.
- Isolate users to their own subnets. Many businesses who offer WiFi to their customers may make the potentially costly mistake of failing to restrict guests to their own subnet. With proper subnet isolation, each user should only be able to communicate with the router, and will not be able to scan other devices on the network or connect to any open ports.
- Disable file sharing. Files may be automatically sent and received if you have file sharing on, and a hacker could try to upload malicious data or code to your system via a file or application that your system would accept via open file sharing.
- Only visit sites that use HTTPS and only use SSL connections. Sites that use HTTP can be unsafe, so making it a rule to only visit HTTPS or SSL sites reduces your chances of being attacked.
- Make sure to log out of your accounts when you are done using them.
- Use a VPN so that your WiFi connection, even if it is unsecured, is private.
- Do not allow your system or device to automatically connect to any networks.
- Avoid using sites that require the input of sensitive information, such as your banking webpage, while on public or unsecured WiFi networks.
- Purchase or enable a firewall and turn on network encryption in your network settings.
- Prevent your device announce its presence. By switching off your service set identified (SSID), your wireless device will not announce that it is online and will be less likely to be found on a network. You should also change your device’s name from the manufacturer’s default.
- Invest in a PLTE network. If you lead a school or business, it may be worthwhile to invest in a PLTE (Private LTE) network in which you own and/or control or enjoy some level of preferential treatment with respect to bandwidth from your carrier. This can permanently eradicate the need for public WiFi, allowing your students and employees to enjoy fast, secure, and cost-effective connectivity wherever they may be.
In summary, it’s wise to exercise caution in everything you do online – especially when connecting to a public WiFi network. Making these exercises a habit, as well as looking at ways to invest in secure and reliable wireless connectivity for your students, staff, and community are the best ways to combat these attacks and keep everyone safe.
Kajeet is an industry-leading provider of managed wireless connectivity for education and IoT applications. If you’d like to speak with a Solutions Engineer about what our robust, secure connectivity solutions may be able to accomplish for your school district or business, contact us today.