Free WiFi: When “Free” Isn’t Always Free


The Dangers of using Public WiFi Connections and how you can Stay Safe

Everywhere you go today there are available WiFi hotspots advertised as free for you to use.  You can find them at restaurants, airports, hotels, on trains, at the library, bookstores and even in many of the major city’s professional team’s ballparks and stadiums.  The freedom to have available and free WiFi almost anywhere you go is very enticing to anyone with a smartphone, tablet or laptop computer.  Using WiFi will save you from using up your data plan and in most cases, is much faster than your cell service.  This freedom, however, comes at a price as it is just as enticing to a hacker who is eagerly waiting for you to connect.  We will discuss what it means to connect to a free (open) WiFi network, what the associated risks are, and how you can protect yourself when you absolutely have no other choice but to connect. 

The Risk associated with an Open Network

An open WiFi network is one in which no authentication is required to obtain an IP address and begin surfing the internet.  In other words, you need no username and/or security code to connect.  You just find the SSID (name of the network) on your device and click connect.  This is the very reason a hacker is interested in these networks.  It’s not like you can visually identify a hacker and depending on the range of the network, they could be sitting at the table next to you or they may not even be in the same building where you are sitting.  The goal for the hacker is to set up a “Man-in-the-Middle” attack whereby they position themselves in between your computer and the WiFi router.  When you connect to the free network you are passing ALL of your information through the hacker’s computer before it ever gets to the website or file share you desire.  Once this setup is in place, the hacker has unfettered access to every piece of information you are sending including usernames you enter, associated passwords, emails, security credentials to your banking sites or business, and credit card information.  Once the “Man-in-the-Middle” attach has been set, the hacker can go back into all of your accounts as if he were you. 

Other attacks include automatically planting malware, spyware and viruses on your computer or even uploading them to the sites you visited, say for example your corporate share drives.  Once planted, some malware will grant the hacker access to everything on your computer anytime you connect to the internet regardless of the type of connection (secured office WiFi or even your home network).  Other attacks target the open router itself so the hacker gains access to the device and can see everyone’s data who has connected to the router. 

What can I do to protect myself?

First, be smart.  Understand the risks and realize that certain activity like banking or shopping over free WiFi will almost always result in identity theft and possibly a shopping spree for the hacker on your good credit rating.  Don’t be fooled by the convenience of FREE.  The security software on your compute will not thwart the “Man-in-the-Middle” attach discussed above no matter how good it is.  You are willingly passing information to the hacker.  He is not trying to break his way into your machine so all software security is bypassed.  If you are prompted to enter your username and password in a pop-up; DON’T.  Close the browser, shut down your computer, and find a legitimate hotspot that you have to provide a security code given to you by the hosting business to use.  There is at least some level of security in place at that point. 

Using a VPN (Virtual Private Network) is a very secure way to hide your information.  Think of the internet as a water pipe where the “water” is your digital information packets.  Packets flow through the pipe to their destination.  A VPN creates a pipe within the pipe that encapsulates your information with encryption and allows you work in a safe and secure environment denying hackers the ability to see your activity.  Your data gets its own pipe to flow through shielding it from the other data flowing outside the VPN pipe. 

Other security measures include shutting off all file and printer sharing in your computer’s Control Panel (settings under Windows 10), or let Windows turn it off for you by choosing the “Public” option when prompted from your operating system when telling the computer what type of network you are connecting to (Public, Work or Home). When the network is a new one the computer doesn’t already have saved so it wants you to tell it how to protect you.  Turning off the WiFi function on your computer will also protect your computer. When turned on, your computer is constantly searching for available WiFi which means it is sending out communications signals regardless if you are connected to the internet or not.  Have a strong antivirus.  Yes, we said it won’t help you with “Man-in-the-Middle” but it can and will stop files from being downloaded and installed without your knowledge depending on the security suite you chose to use.  One last word on protecting yourself is that we are creatures of habit.  If you have an email account, shopping site accounts, websites, or online banking of other financial transactions that require you to enter passwords, use unique usernames and passwords for everything.  Remember, hackers know that nobody likes to have 20 different sets of login credentials and they are banking on that.  If they get one username and password from you, they will try that same information on other sites they see you go to and hope you use the same login for everything. 

Consider enabling what is called “two-factor” authentication on every website that has it available.  It is a process that requires a “second login” whereby a one-time unique code is sent to you via email or text.  If you (or a hacker) then log into an account from another computer or IP Address that is not recognized, it will send you (not the hacker) a unique code that you must enter to gain access to the account or site.  An example of this is if you are a Gmail user, you can turn this feature on and it works just as advertised. 

Lastly is your password itself.  Nobody likes the complicated uppercase-lowercase-number-special character password structure you see in use more and more today but it is important to make your password as difficult as you can by length of password and complexity of the combinations mentioned.  This is important as hackers can use a “dictionary attack” done by using programs or computers capable of generating billions of password combinations a second until they get a hit.  If yours is too easy, you can bank on a hacker cracking it.