A Look at Public WiFi Hotspots

People are in love with, no, they are ADDICTED to free WiFi and will connect to any available public WiFi hotspot to get online, according to a Symantec 2017 WiFi Risk Report. The report polled thousands of adults who used public WiFi hotspots in 15 countries to get the data. As cybersecurity professionals, that feedback is just mind-blowing.

Results from that report show roughly 50% of respondents believe one of the most important reasons to access public WiFi is to get some sort of GPS information. Around 40% admitted to accessing adult content at their workplace or through public WiFi hotspots in hotels, airports, and transportation modes such as buses, trains, taxis, and ride share. If you think that’s interesting, 60% believe their data is safe when using public WiFi hotspots even though 53% of that 60% can’t tell the difference between a secure and insecure WiFi hotspot.

With this in mind, here is a simple primer about secure browsing best practices when accessing the internet using public WiFi hotspots.

  1. Ensure the network you select is actually the correct network.
    Attackers often change a single letter of a legitimate network, and people often select that network by mistake. This is known as a “man-in-the-middle” attack. Every keystroke while on the attacker’s network is recorded for use later, and the unsuspecting target is pushed over to the correct network, never knowing they went somewhere else first. Before just quickly selecting a network, verify the name by either asking someone who works there what the name of their public network is, or checking the spelling.
  2. Always select a secure network, if at all possible.
    Look for a network with a padlock in parentheses next to the network name. This indicates you are locked out. That’s not necessarily a bad thing if you can get a valid password/passphrase. Some networks use a “walled garden”, which simply means it looks open until you select it, then a login page appears. This is very common at hotels where you will receive the credentials when you check in.
  3. Set devices to “Ask Before Connecting” to a network.
    This can be a headache initially, but will be worthwhile the first time it saves your device from auto-connecting to a previous network with the same name. Attackers know the network names for popular establishments like hotels, coffee shops, etc. They will turn up a public WiFi hotspot from the parking lot of a Starbucks close to a Hilton property. Everyone who stayed at the Hilton property the night before who gets a Starbucks in the morning will auto-connect to the attacker’s network because it uses the same name as the hotel network they just left. In the WiFi settings for most devices, there should be an option that asks you to confirm connection to any network. Don’t let hackers get to you before you’ve had your morning coffee.
  4. Avoid using personal data while connected to a public WiFi hotspot.
    There is nothing technical about this one. It’s a behavioral change that can be as challenging as quitting an addictive vice. Anything you wouldn’t stand up and proclaim publicly wherever you are should not be shared on a public network if you can avoid it. Save bill paying, banking, taxes, insurance, medical, etc. for the security of your home network. Use public WiFi hotspots for simple things like browsing through social media.
  5. Only use HTTPS and SSL sites while on a public WiFi hotspot.
    Websites use HTTPS (hypertext transfer protocol secure) to support SSL (secure sockets layer) and make connections more secure. All you have to do is look to HTTPS in the URL or look for a padlock icon and the word “Secure” at the beginning of the address bar in your web browser.

Hopefully these tips help the next time you find yourself bleary-eyed at the coffee shop in a hurry to transfer money and submit insurance claims all while wondering why the coffee shop network is the same name as the hotel you checked out of 15 minutes earlier. Remember: think twice, type once. If in doubt, call a cybersecurity expert.