Let’s face it, we desire to stay connected to the internet at all times. So when we see a sign for free public Wi-Fi, our pulse quickens. While the convenience is great, there are some dangers to joining these public networks that should make us think twice.
When you join a network – any network, from any device – you become a ‘node’ on that network. On a public network, in an airport or hotel for example, hundreds of nodes may be connected. Each device, including yours, may have services, shares or other information available for anyone else on that network to consume. For example, if you share a pictures folder (from your laptop) so someone at home can see it, that folder is viewable by anyone on that public network. So always think about what you’re about to share. If you don’t intend or desire to share anything from your device while on Wi-Fi, you can assure this upon log in. When you join, you’ll be prompted to answer if it is a home, work or public network. Always answer “public,” as that limits what other nodes on the network can see on your device.
So now you are connected to a public network. What do you do to make sure you are secure? Be paranoid. If you are on a public network, assume someone is monitoring and capturing your traffic. Period. Is this really true? Probably not, but eventually, careless use of public Wi-Fi could come back to bite you. So it’s important to make sure that either all of your traffic is encrypted, using a VPN tunnel, or, at least, ensure that you’re always connected to an SSL-encrypted website. Use of encryption defeats the most common tactic used by cyber-crooks, the Man in the Middle (MITM) attack. This attack is run by tricking your device into thinking that another device (the attacker’s) is your gateway to the internet. All of your traffic now passes through the hacker’s device and can be inspected for passwords, credit card numbers, etc. The attacker can also redirect you to a different website or do what is called “SSL stripping” – removing ‘https’ from your URL requests and replacing it with ‘http’. This sends you to an unsecured site, allowing the attacker to view your data in plain text.