Sniffers and Snoopers and Hackers, Oh My! Protecting Yourself from the Risks of Public Wi-Fi

Sniffers and Snoopers and Hackers, Oh My! Protecting Yourself from the Risks of Public Wi-Fi

Public Wi-Fi hotspots are a popular, common modern day convenience, providing free internet access to anyone within range of the Wi-Fi signal. They can be found in all kinds of places, ranging from local coffee shops and restaurants to airports, planes, hotel lobbies, and public libraries. Businesses often advertise free Wi-FI as a way to get customers in the door and it’s easy to understand the appeal. Why burn through a cell phone data plan checking email or surfing the internet when you can access the internet for free while enjoying a cup of coffee? But one teacher showed her students how public their browsing histories can be on a public wi-fi. She posted a list of procrastination activities students engaged in during class. On a more serious note, hacker Steve Lord demonstrated how easily he could view the screens of three British politicians and spoof pop-up messages to change their passwords while he watched from his own screen in another room. With these passwords, he could access anything from personal banking to social media. Public Wi-Fi hotspots can put your personal data at risk, and in this post we’ll discuss some of these risks and how to protect yourself against them.

Because public Wi-Fi hotspots are open to anyone, they are attractive targets for criminals and hackers looking to steal your private information. Security on public Wi-Fi networks is often lax or non-existent, making you vulnerable. All data transmitted during a Wi-Fi session – including login credentials, email contents, and websites visited (including information entered while visiting a web page, such as credit card information) can be captured and exploited by criminals with minimal technical expertise.

Here are some of techniques the bad guys use to steal your private data over public Wi-Fi:

Wi-Fi Sniffing and Snooping.  Using software readily available online, criminals can hack into your Wi-Fi session and see your data. This can include everything from reading emails and attachments, capturing information entered into websites, and stealing account passwords to remotely monitoring your computer activity.

Malicious Hotspots. Using what are called rogue access points, criminals can trick you into connecting to their Wi-Fi network, allowing them monitor your online activities and even control what you see. Malicious hotspots might be named something like “Public Wi-Fi,” or “Starbucks Guest” to trick you into thinking are connecting to a legitimate network.

Malware Distribution. Software vulnerabilities are security holes or weaknesses found your computer’s operating system or software programs. Hackers can exploit these weaknesses by writing code to target specific vulnerabilities and then injecting malware onto your device. Public Wi-Fi hotspots make it easier for criminals to access and target your computer.

Creeped out by the dangers of public Wi-Fi? Good! The safest way to protect your data is to buy an unlimited data plan for your device and stop using public Wi-FI altogether. However, this can be expensive and not everyone has that luxury. Luckily, there are steps you can take to increase your safety when using public Wi-Fi networks.

    • Utilize a Virtual Private Network (VPN). A VPN is a secure network “tunnel” protected by encryption that protects user data while accessing websites or online services. They may sound complicated, but you don’t have to be a tech expert to use one!
    • Don’t allow your device to automatically connect to Wi-Fi networks.This makes it easy for you to connect to an insecure network without realizing it. Criminals set up malicious hotspots using common names like “xfinity,” “attwifi” or “linksys” and your device may connect to spoofed network anytime you are in range.
    • Turn off Wi-Fi or Bluetooth when not in use. In addition to helping keep your data safe, this will help conserve your battery life!
    • Don’t shop online or access websites that host sensitive information, like learning management systems, online gradebooks, banks, or healthcare services, from public Wi-Fi networks. It’s too risky. If you absolutely can’t resist the siren song of online shopping while you are out and about, be sure to utilize a VPN connection.
    • Log out of accounts when you are finished using them. It may be convenient to stay logged into your favorite websites, but makes it easier for bad actors to compromise your data.
    • Don’t log into any account via an app that contains sensitive information. If you need to check your bank account balance via mobile app on your phone, use a cellular data connection instead.
    • Only visit websites with https encryption, as opposed to the less secure http. Check the address of websites you visit. If it starts with http instead of https, hold off visiting until you are on a secured wireless network. Some browsers (like Chrome) will warn you when you visit an unencrypted website, but it’s always good to double check.

The next time you’re tempted to connect to a public Wi-Fi network, take a minute to consider the risks and help protect yourself. In our next post, we’ll discuss Virtual Private Networks (VPN)’s and how you can use them to protect your privacy, even on public Wi-Fi networks.

Susan M. Bearden is an education technology consultant for the Future of Privacy Forum and the Chief Innovation Officer for the Consortium for School Networking. She was previously the Senior Education Pioneers Fellow at the U.S. Department of Education’s Office of Educational Technology in 2015-2016, and the Director of Information Technology at Holy Trinity Episcopal Academy in Melbourne, Florida.

Header Image: “Internet Access Here Sign” by Steve Rhode  is licensed under CC BY-NC-ND 2.0.

Related Resources

  • Higher Ed Perspectives

    Higher Education Compliance with Updates to the GLBA Safeguards Rule

    Jul 6, 2023

    Higher education institutions participating in the US Department of Education’s federal student aid programs need to be aware of recent updates to requirements…

    Learn More
  • FPF Perspectives

    FTC announces a complaint and consent agreement against Chegg

    Nov 7, 2022Jamie Gorosh and Lauren Merk

    Since May 2022, education technology (edtech) companies have been on notice that the Federal Trade Commission (FTC) is closely monitoring the industry to ensur…

    Learn More
  • Advocate Perspectives, Educator Perspectives, FPF Perspectives

    Let Teachers Be: Concerns About the Online Harassment of Teachers and Practical Tips For Self-Protection

    Oct 31, 2022Nick Matera, Intern with FPF’s Youth and Education Team and Chloe Altieri, Policy Counsel

    The digital age has introduced powerful tools to harass K-12 teachers online. While there are many forms of harassment, this blog will focus on the doxing (or …

    Learn More