A Survival Guide to Public Wi-Fi

Author:
Art Williams
Art WilliamsPrincipal / Chief Information Officer
Web Development, Security, Technology
A Survival Guide to Public Wi-Fi

Wi-Fi is everywhere so most of us don’t think twice about connecting to our local coffee shop and surfing the world wide web.  But the ubiquity of Wi-Fi has created a false sense of security. In reality, connecting to public Wi-Fi can open your device up to being hacked or expose data from sites you access as the packets of data fly around the air.  

To be prepared for public Wi-Fi it is important to have good situational awareness, understanding where the threats are coming from and what defense you have against each threat.

TL;DR Get a trustworthy, commercial VPN service and use it anytime you are on public Wi-Fi.

Threat 1: Open Wi-Fi

Recently, I spent the day at the Central Jury Room of the Bexar County Courthouse in San Antonio, Texas to perform my civic duty as a juror if called upon to do so.  While waiting for my name to be called, I was keeping tabs on work email, Slack, and reading on my laptop. Since the Central Jury Room is in the basement, the mobile data reception was spotty to non-existent, so I was forced to use public Wi-Fi. To make matters worse, the guest Wi-Fi network was OPEN, meaning no password and encryption protocol.

This is the MOST dangerous way to connect to the internet. Someone with the proper software who is within the range of an open Wi-Fi access point can capture the packets going through the air and analyze them for patterns. It is sometimes possible to use these packets to gain access to accounts you are logged into or at the least collect data about your browsing activity.

Defense 1 - Don’t use open Wi-Fi; but if you have to, don’t log in to anything

As a general rule, I will only connect to open Wi-Fi as a last resort, and then, only to access general information. I would never log in to any account on any site on open Wi-Fi including Gmail, Facebook, and especially not financial institutions! This may be harder than it seems because devices, especially phones, are accessing these accounts in the background all the time. Turning off background operations might help, but some services may continue to access accounts. It bears repeating, this defense is the last resort. 

Defense 2 - Use a VPN service

The best option is to use a VPN (Virtual Private Network) to encrypt your entire connection since the open Wi-Fi isn’t doing it. PCMag.com keeps an up-to-date list of the best VPN services and explains more about what a VPN is and why you need one. The short explanation is that a VPN creates a secure tunnel from your device to the internet so even if you are using open Wi-Fi no one can snoop your data because it just looks like a single, encrypted connection to your VPN service. The specific data is protected. A good VPN service allows multiple simultaneous connections and unlimited bandwidth. The only tradeoff is that there is a minor cost involved ($40-$60 per year) and it will be slightly slower than connecting straight to the Wi-Fi. These are both reasonable trade-offs in my estimation.

Threat 2: Public Wi-Fi, who is listening.

Even connecting to a “secure” public Wi-Fi hotspot is not without its risks. While your connection between your device and the access point (usually a router) is protected from someone who is capturing packets out of the air there are still opportunities for interception by anyone with access to the router. This threat can take the form of:

  • Rogue Wi-Fi, someone has created a public network that looks like it is legitimate,
  • A hacked router,
  • A person who can place software on the router or a hardware device between the router and its ISP (modem).

The take-away from this threat is that even “secure” public Wi-Fi could be rogue or compromised in some way, so understand that you are trusting your data to the people who set up and maintain the Wi-Fi infrastructure.

Defense 3 - Be certain that you trust the source

It is difficult to thoroughly describe the best criteria for what Wi-Fi is trustworthy or not. Here are some questions that might help: 

  • Is the Wi-Fi name posted publicly in an official manner? Then it’s unlikely to be rogue.  
  • Is the Wi-Fi set up by a large organization with full time IT? Then it may be more likely to be maintained.
  • Is it using WPA2 protocol, the most secure at this time? Anything less is vulnerable and may mean that the infrastructure is not well maintained.

Defense 4 - Use a VPN service

As with Defense 2 (see above), a VPN service will encrypt your connection all the way beyond the Wi-Fi thus eliminating the need to trust the Wi-Fi provider. To be fair, trust is still involved, but it’s the trust of the VPN provider, a paid commercial service. For this reason, do your research to make sure your VPN provider is reputable and well-vetted.

VPN FTW

So now that you see where the risk is with public Wi-Fi the easiest defense is a VPN service.  No matter what kind of Wi-Fi, open or secure, your data and credentials should remain hidden from anyone trying to intercept it while using a VPN service. Protect all of your devices, phones, tablets, and computers by enabling the VPN by using the VPN provider’s App before connecting to any public Wi-Fi.

My favorite VPN service: Private Internet Access

Other Quick Tips:

Good device hygiene still counts for something:

  • Update all of your software on your devices.
  • Use a Firewall or other security measures that are available on your device.
  • Use a good Password Manager to maintain unique passwords across all services. My favorite Password Manager: LastPass
  • Enable Two-Factor Authentication (2FA) whenever possible.