When WiFi first appeared, many businesses and public institutions rushed to offer it to patrons. It was a way to get traffic for their business, and make life more convenient for the increasingly connected populace. These days, public WiFi is ubiquitous. It’s touted as a way to keep your cell phone’s data plan from going over its limit. How safe is the free public WiFi at your local coffee shop or airport lounge?
In WiFi’s early days, security was an afterthought. Home wireless routers shipped with encryption turned off, and many public networks allowed connections from pretty much anywhere. In the last seven years, though, this has changed for the better. In the public arena, many free WiFi hotspots now require a password, meaning that your work is encrypted. Does that mean you can use public WiFi without worrying about your data or credentials being stolen? Not completely.
First off, you can check fairly easily if the WiFi is truly “open,” as in not encrypted. Does it require you to enter a password? If not, it’s not encrypted and you should be wary. Many current smartphones also warn you if a connection is not secure. If that’s the case, you can do a few things to protect yourself and your information. Most simply, in a public setting, don’t use any service (email or web browsing or an app) that requires logging in. That way, your data isn’t transmitted and can’t be swiped. A better remedy is to use a VPN (Virtual Private Network). See my Cybersecurity column in the September 2022 edition of the Gazette for details.
So, if you are required to enter a password, is that better? Yes, for the most part. Of course, the password is probably on a sticky note on the cash register so you and several dozen people may be sharing the connection. Still the encryption that this provides means no one can just spy on the data from your laptop or phone as it transverses the Internet. If they did, they would only see random gibberish. However, because the algorithm used to encrypt your data is available for anyone to use, there’s a chance a dedicated hacker could “reverse-engineer” the encryption. If they do that, they could then decrypt the data you’re sending and receiving. The likelihood of that in a coffee shop? Very low. However, large-scale public WiFi installations—airports, hotels, downtown malls – are generally not encrypted, so you should use the precautions I outlined above.
There’s another security issue with public WiFi. The bad guys can make a hotspot available with a name that sounds a lot like a legitimate one, but isn’t. (Starbuckx, for example). If they can get people to connect to that (by accident or failure to check), the evildoers can then grab all your transmitted data.
If you keep your operating system and applications up-to-date, that will go a long way towards making your public WiFi usage secure. As security vulnerabilities are discovered in WiFi, hardware and software vendors issue upgrades to patch holes. Staying abreast of these is always good advice.