On My Way
WiFi is omnipresent. Though today’s 5G cellular networks are growing in numbers off of smartphones, and public networks are losing former popularity… they’re still very common and handy. Especially when you need to top up the usage of the first. Jokes aside, cafes, airports, libraries, and even streets, are boiling with public WiFi users. It’s convenient, as in a never-stopping society the need to be always “available at the moment” is paramount.
But as ubiquitous as it is, as questionable public WiFi safety becomes. Security lacking is part of its inherent nature. Old routers with basic passwords are easy to crack, and networks are usually unencrypted and aren’t properly secured by operators. Making it an easy target for hackers. But let’s pay a tribute to municipal ones, they’re trying a bit harder.
Myth or reality?
In the past, encryption was primarily employed by websites handling sensitive information, such as e-commerce platforms or banks. However, in today’s digital realm, major websites like Amazon, Google, and Wikipedia have embraced encryption as a standard security measure, among the many other online platforms that utilize it to protect user data.
The widespread adoption of encryption revolutionized WiFi security field, making it significantly more difficult for attackers. One crucial form of encryption is Transport Layer Security (TLS), which safeguards data transmitted between your browser and the servers you’re connecting to. “HTTPS” in the web address or a padlock icon are it’s witnesses.
TLS scrambles the data so that someone who might intercept it will get a kick in the teeth. It plays a role in decreasing hackers’ attacks by using the same insecure WiFi network as their victim.
But despite encryption expansion, it’s not an endgame for attackers. It’s just a sweet delusion. They continuously adapt and evolve to exploit any vulnerabilities and weaknesses that are inevitably showing here and there with every second update. Because criminals have time to update too.
Law of the Jungle
Being on your own in a seemingly routine activity like joining public WiFi is pretty much the same as driving in any low-visibility area, where compromised public WiFi security measures and lack of knowledge make you vulnerable. The importance of taking precautions is conditioned by the high risks of not only sensitive information being seen by unwanted pair of eyes, but having it lost.
Know your predator’s face before diving into how to use public WiFi safely.
MITM (Man-in-the-middle attacks)
The name originated from hackers positioning between your device and desired server to intercept data on its way. Several of them can be performed by using public WiFi.
Wi-Fi eavesdropping
Classic one! Public networks without any form of encryption make it easy for hackers to squeeze through data transmission. The attacker captures data packets being sent and received by users. Including usernames, passwords, credit card numbers, and sensitive data. Since the data is not encrypted, the attacker can easily read and potentially use this information for malicious purposes.
Primarily it involves passive interception rather than active manipulation or injection of data into the communication stream.
Rogue access points
A rogue access point is an unauthorized WiFi access point connected to a legitimate network. Administrator’s knowledge or consent usually are not invited. These access points can be set up by attackers who gain physical access to the network infrastructure. Though some are set up for convenience or without realizing the security risks they pose to employees or guests.
Rogue access points can create vulnerabilities in a network, allowing attackers to eavesdrop on the communication, bypass security measures, or gain unauthorized access to sensitive information.
Evil Twin or Wi-Fi Honeypot
Pretty similar to the previous one. An evil twin is a malicious access point that is intentionally set up to mimic a legitimate WiFi network. The attacker creates an access point with the same network name (SSID) and sometimes even the same MAC address. Users unsuspectingly connect to the evil twin instead of the real network, allowing the attacker to do his job.
This may include injecting malicious code into the web pages visited by the user or redirecting them to fake websites designed to distribute malware.
KRACK (Key Reinstallation Attack)
In a KRACK attack, the attacker exploits vulnerabilities in the WPA2 protocol to force the victim into reinstalling an already-in-use encryption key. This allows decrypting data, potentially giving access to sensitive information being transmitted over the network.
Packet sniffing
Enough of MitM attacks. Packet sniffing refers to the process of capturing and analyzing data packets that are transmitted over a network. A big wet nose monitoring. By that, malicious manipulations such as eavesdropping on unencrypted data to gather sensitive information can be performed. No good boys detected.
Shoulder surfing
Oh yes, that’s in spite of stereotypes is still a thing! Curios attackers at arm’s length (not exactly) are watching you entering logins, and passwords following fingers tapping the keyboard. Connection to public Wi-Fi networks still requires your presence in its diapason, where random and not-so-random people occur. Taking this advantage maybe is out of style, but not off the market.
Malware distribution
This one can happen as a non-MitM attack, thanks to file-sharing networks. WiFi may allow users to share files with others connected to the same network. Hackers abuse this feature by uploading malware-infected files to the shared folder, hoping that unsuspecting users will download and execute them.
Aftermath
Is public WiFI safe for average people? No. In the bestiary above it’s easy to overlook how frequently these attacks happen and that not only pockets full of money are targeted. While there is no specific statistic for attacks using public Wi-Fi networks in a nutshell, it is widely accepted that public Wi-Fi networks pose a higher security risk than private or secured networks. The frequency can be difficult to quantify, as many incidents go unreported or are difficult to trace back to the source. But 2022 research conducted by NordVPN shows that every fourth traveler was hacked while being abroad via public networks. Is it safe to connect to public WiFi?
And what is there to lose? Data? Duh, it’s pretty vague. To be more specific we’ll list some examples.
- Identity and Reputation: stolen personal data can be used to impersonate you, which can cause reputational, financial damage and emotional damage. Even family loss.
- Finance: boring but true, criminals can gain unauthorized access to bank accounts or conduct fraudulent transactions using stolen credentials.
- Device: different malicious software can be installed on your device, not only compromising its performance but safety and privacy. Also can lead to a magical transformation into a brick.
- Security overall: confidential or proprietary information for corporate or state-level espionage purposes refers not only to high-classified files. Big data shows it to us, we’re all particles in this enormous soup.
Totally Spice: how to protect yourself on public WiFi
It’s time to do what we are all gathered here for. Arm you not only with knowledge but specific gadgets and tricks to safely use public WiFi (and a little bit more). Fear not of their abundance, there are tools that will be your all-in-one solution.
No sensitive information
We are talking about Personal Identifiable Information (PII). Your children’s birth certificates, driver’s licenses, bank account usernames, trade secrets, and so on. If it can wait — better wait. Don’t let this “I have nothing to hide” thing fool you, in this matter, good intentions tend to zero. It is after all the most primal rule to use public WiFi securely.
VPN
Virtual Private Network (VPN) is a great measure against MitM attacks. While using public WiFi you’re staying private. VPN encrypts all the data that you exchange and creates a shield protecting it from intermission.
But choose the operator wisely. A free VPN can be even more sinister than some hackers. To prevent tracking of your online habits or risking your data being unencrypted, opt for something well-known and secure. Sure, it will cost some money, but in exchange, you won’t have to worry if everything works according to plan.
HTTPS
Stick to encrypted connections. Though many websites connect you with an SSL certificate by default, it’s a good but not mandatory practice. So be cautious while on public WiFi to check your connection by simply looking for an “https://” in the link line. If it’s missing “s” you are at risk of compromising your privacy, so that everyone on the network can see your data unencrypted.
Luckily there are even extensions helping to maintain a secure connection on every webpage.
But to fool you not, it’s important to add that “https://” part of an address marks it as safe by default. Criminals are not ignoring their update popups, that’s why the spreading of phishing websites using SSL certificates is active and lively. You can double-check for using public WiFi safely by clicking on the padlock to see if a connection is secure and if the certificate is issued to the right company name.
Update
How long are you snoozing your update? Doesn’t matter, it’s time.
Before using public networks it’s crucial to have everything up-to-date because you never know which particular version of your OS can have that vulnerability the criminal is specializing in taking advantage of. Not to mention it’s making you overall vulnerable to other attacks.
So take a moment to let all these patches and bug fixes help your devices keep you safe.
Device encryption
The problem is not only your online files are in danger while surfing on public networks. Device encryption ensures that all data stored on your device is scrambled and unreadable without the correct decryption key. This means that even if attackers were to gain access or intercept data transmitted, they would not be able to read it without the decryption key. Consequently, the risk of unauthorized access to your sensitive data, such as personal documents, passwords, and financial information, is significantly reduced. It’s not all about how to safely connect to public WiFi, but your basic security.
File sharing off
Is it safe to use public WiFi already? Not so fast. As we learned earlier, some attacks exploit file-sharing features to distribute malware, ransomware, or other malicious software across devices connected to the same network.
Turning off file sharing is preventing unauthorized access to your files. While this feature can be useful in private and trusted environments, it poses significant risks when using public WiFi networks. Public networks are often less secure, and keeping file sharing enabled may expose your files to hackers or other malicious users.
2FA or other multi-factor authentification
2FA adds an extra layer of security by requiring a second form of verification, such as a text message, authentication app, or physical security key, in addition to your password. This makes it significantly more difficult for attackers to gain unauthorized access to your accounts. Even intercepted password will unlikely be any help without an unreachable second step.
Almost all popular services have the option to activate 2FA in their privacy settings, where you can choose what kind of additional authentification is more convenient.
Password manager
This little helper is critically underrated. Password manager is able not only to store your passwords, keeping your biological operative memory less pressured, but generate highly secure ones with a large number of symbols. What does it mean?
You are almost untouchable for any shoulder surfer and twice protected from savages that will somehow crack 2FA, if you store backup keys in the password manager.
Privacy screen
Old school problems are crying for new school solutions. Such as privacy screens. Privacy filter or screen protector. A thin layer of a flexible material, usually a type of plastic or polymer film, with light-filtering properties applied to the display. Its primary purpose is to restrict the viewing angle. So curious persona won’t be able to read your information from a side angle. Also, they can be of service reducing glare on your screen or protecting it from scratches and fingerprints.
Log out
Before approaching public networks you can leave all the current logins you won’t need and after the browsing session on public WiFi, it’s better to log out of every service you were using while surfing. As attackers can potentially hijack your session by intercepting cookies or tokens, it may enable them to impersonate you and access your accounts. Logging out effectively reduces the risks of being hijacked.
Connection settings
The “Connect automatically” feature is so done. When it’s enabled, your device may unknowingly connect to fake or compromised networks set up by attackers.
So if not already, turn it off. Taking this precaution prevents your device from broadcasting its connection attempts to known WiFi networks, which criminals can exploit by creating fake ones with the same name. Yes, it will make you responsible for manually connecting every time and ticking the box “forget the network”, but more in control.
Because who doesn’t know how to connect to public WiFi? On the contrary, how to leave knows only plenty of them.
You don’t want to disco like this*
In the end, all that matters is what you really want to keep to yourself. Memories, money, identity, or sensitive documents, you don’t need to be everything everywhere all at once to protect them while using public networks. Beware unencrypted networks and connections, use challenging passwords, find a trustworthy VPN, and don’t rush the tasks involving personal information that can wait. Personal cybersecurity won’t take all of your free time, especially with today’s tools that combine essentials. One day secure public WiFi will be mandatory.
That’s why Sidekick is always on your side to enhance the overall browsing experience and privacy of its users.
*Quotation from the role-playing computer game “Disco Elysium” (2019)
FAQ
There are many features in our browser that are primarily protecting users’ privacy, such as encrypted browsing, built-in adblocker, fingerprinting protection, and regular updates. Each of them comes in handy and plays its own part in every session when enabled. Let’s not forget our VPN (paid) and a list of adjustable settings. As we already told you — your privacy is our priority.
Well, Sidekick already is making a huge difference in browsing, but you always can take additional steps. Like clearing browsing history, cookies, and cache to minimize the amount of data to be accessed if security is somehow compromised. Be aware of phishing attacks and limit the minimum usage of sensitive information while being on public WiFi.
While we don’t provide special tools to identify unsafe networks, we definitely do anything to protect you and ensure to maintain a secure public WiFi connection. What else can you do? Before entering any personal information or logging into a website, check that the site’s URL begins with “https://” and has a padlock icon, indicating a secure connection. To double-check — click the padlock and look for essential information like connection status and certificate. Enable all the built-in security features. Look if all VPN, ad-blocker, tracker blocker, and fingerprinting protection, are turned on. Once again, avoid sensitive activities to a certain extent. Transactions, online banking, or entering other personal information.
Aside from enabling built-in features like a well-known VPN, adblocker, and fingerprinting protection, you can disable WebRTC. It is a browser technology that can reveal your local and public IP addresses, even when using a VPN. You can disable WebRTC in Sidekick’s with “WebRTC control” or similar to it extensions to further enhance your privacy while using public Wi-Fi.