The Dangers Of Unsecured Wifi Hotspots

Published by Adrian in Web Security

illustration of unsecured wi fi hotspot concept

Free Wi-Fi is something we take for granted. Stuck in an airport or on a train? We take out the smartphone or the laptop. We disconnect from the world around us while connecting to the first public Wi-Fi network. Happy to have found a way into a world that keeps us entertained. Completely unaware of the perils we are willingly expose ourselves to.

Still, mobile hotspot security vulnerabilities are more real than ever. To the millions of people who chose to connect to it, why is public Wi-Fi dangerous is not a common question. We’re here to show you that it should be.

Sure, it’s convenient to use a free, unsecured Wi-Fi connection. At the same time, the security costs that come with it may be unthinkable. While you mind your own business surfing the web, others might mind your business, too.

For personal devices, the risks may be arguably smaller. Whereas for business devices, the effects can be devastating. Network intrusion and data interception are two loose concepts that can mean so many things, depending on who’s affected.

Long story short, public Wi-Fi is everywhere. And so are the cyber-thieves looking to exploit them to their advantage. If we have gotten your attention, first, let’s settle on what is a secure network and what does unsecured Wi-Fi mean.

Secured or unsecured, that’s the question

Before anything else, an unsecured Wi-Fi is a network you can connect to without having to type any passcode. In other words, it’s a network that anyone can use. By anyone, we also mean the hackers lurking to steal your data in the process.

But make no mistake! Just because a certain network requires a passcode or/and a username to allow the connection… It doesn’t mean it serves as a secure connection. The complexity of the password is as important as having a password in the first place.

If it’s the 654321 kind of password, you can expect hackers to easily get it. Which makes the whole “security” worthless. So, a secure connection is one that requires authentication with a strong password.

With a poor security layer or without any security encryption whatsoever, the connection is vulnerable. Vulnerable to what, you wonder?

The top 3 reasons against connecting to unsecured Wi-Fi

The public Wi-Fi risks boil down to becoming the victim of a cyber-attack, without even knowing it. And the three reasons we mentioned? There are three types of attacks that hackers prefer to run on this channel:

  1. Wi-Fi sniffing – when a hacker sniffs a particular unsecured network, he simply monitors its entire traffic. By recording all the data that travels across the network, it has the chance to analyze it later, looking for all kinds of details that he can exploit to make money from.
  2. Man-in-the-middle – when a hacker relies on MITM attacks, he puts together an entire network of devices sitting between yours and the one you’re trying to connect to. And so, all the information you’re sending or receiving (even with an HTTPS website involved), is routed through their devices. And it is completely accessible to them.
  3. Malware – when a hacker wants to spread malware, using open wireless networks is piece of cake. As he gains access to your device, he can steal personal information silently. Or spy on you by turning on the camera or the microphone of the device. Or many other nasty things.

Why are public Wi-Fi hotspots not secure for smartphones?

Using an unprotected Wi-Fi network is pretty much like smoking. Everybody knows it’s dangerous. Everybody knows that the effects won’t necessarily be seen right away. Yet somehow, the temptation of using it is too big, despite the perils we mentioned above.

Smokers like to think cancer won’t happen to them. Just like that, many public Wi-Fi users think hackers won’t get to them. But here’s one less known reason that changes the entire equation.

Hackers need neither special programming ability nor expensive specialist equipment to monitor a public Wi-Fi network!

You’d actually be surprised to find out how easy it is for anyone willing to do a little research to start sniffing on an unsecured Wi-Fi network. From the Pineapple Wi-Fi device that many would use to generate spoofed websites to simply turning on Wi-Fi sniffing to log into a public Wi-Fi and monitor all of its traffic… It’s mind-blowingly easy.

What’s worse? If you ignore the Wi-Fi not secure notification and keep using a network that hackers are monitoring… You won’t even be able to tell that your data is hijacked. So, the next time you’ll see your device notifying you that “This Wi-Fi is unsecured”, you’d better think twice.

Think of whether you really need to connect to that open wireless network. And think even better what you’re going to do while at it.

unsecured wi fi network

What’s the worst that can happen when connecting to unsecured Wi-Fi?

Truth to be told, “worst” can have many different meanings, from one person to another. Coming up next, we’re going to focus on the main risks, and let you decide which one is the worst that can happen to you. After all, it’s about what kind of data you store on your device…

  1. Interception of login information – whether it’s your Netflix or your email account, typing in usernames and passwords while connecting to unprotected Wi-Fi will expose it all to any interested third-party.
  2. Interception of sensitive information – kind of like the next level of interception of login information, interception of sensitive information can mean your online banking credentials. Or your work documents. Or any data that would allow hackers to steal your identity.
  3. Network data theft – this one would cover both of the categories from above and can be summed up to any kind of data exchanged within the network or stored on the devices connected to that network.
  4. Bandwidth theft – if the purpose of the attacker is to simply make use of that network’s resources, many of the good-faith users will most likely suffer at least from some kind of lag while surfing the web.
  5. Illegal use – mainly because hackers seek to hide their identity while doing crimes, they can use public networks to perform illicit activities and make it appear as if other devices were behind it. Being in the wrong place at the wrong time is something you just cannot control, hence another reason to spare yourself from all these mobile hotspot security vulnerabilities.

The phone won’t let me use internet because Wi-Fi not secure

Good for it! That’s quite a smart smartphone you have in there. You’d better listen to it… But if you insist on connecting to unsecured Wi-Fi, consider the following.

First of all, it is quite common for smartphones to block your internet access at some point. Many international travelers who used to connect to Wi-Fi in malls, coffee shops, or airports, claim that they were able to connect to public Wi-Fis and then they weren’t.

You might be redirected to a website where you’re supposed to agree to some common sense, standard rules (regarding the use of that Wi-Fi service). But that’s just about all that happens once you give your consent. You get the Wi-Fi not secure message and you can’t pass any further.

If you have the chance to notice this happening particularly with Android devices, there’s a clear reason for that. Usually, it’s because of the Google Chrome browser. The workaround is to use a different browser, but many people don’t think about it.

Alternatively, it could be something related to the authorization page that gives you access to that free Wi-Fi. It goes by the Captive Portal name and, more often than not, redirecting to it happens flawlessly.

But if you try to use a website without security protocols in place, the browser will block you. The workaround for this problem is to force the redirect. And you have websites such as Never SSL that you can use on such occasions.

Open a new browser tab, type in neverssl.com, and you should be automatically redirected to the captive portal. After you accept the terms listed in there, you can navigate without problems.

When you get itchy fingers to use public Wi-Fi, protect yourself

Maybe you can’t help yourself. Or maybe you don’t have a choice. Regardless of the situation, if you’re going to use public Wi-Fi, remember these two things: you can’t tell when your personal information is exposed. And less is always better in everything you do on that network!

  • Above anything else, don’t access your bank account. Or any other sensitive detail.
  • Best if you can also avoid accessing your email account – you might have some personal information stored on it, that you don’t recall of right now.
  • Using Facebook or any other social network is just as sensitive as the amount of personal data you share on that account.
  • Stick to web browsing or just Netflix, as much as you can.
  • Never allow your device to automatically connect to public networks.
  • Always ask the personnel from the location about the network that they suggest you use – don’t assume you’ve found the right network for that particular coffee shop, hackers can set up their own hotspots in the nearby, trying to lure you into using theirs.
  • Use a VPN service if you have this option.
  • Always wipe your phone’s browsing history, before and after navigating on that unsecured Wi-Fi.

The last piece of advice makes it somewhat obvious. An antivirus for your device is essential, but you shouldn’t expect it to do all the hard work. It’s still your responsibility to stay away from the most obvious dangers like the ones that come with public Wi-Fi hotspots.

After all, no matter how expensive your cellular data plan is, connecting to free public Wi-Fi can be way more expensive!