Are public Wi-Fi networks safe? A security expert weighs in on why you might want to think twice about banking in the coffee shop.
As a freelance writer, I have a number of offices. One is in the library. Another is in our local coffee shop. Sometimes, my office is even in the doctor’s waiting room.
Yes, thanks to my laptop and the power of public Wi-Fi networks, virtually anywhere I go can be transformed into a temporary office. But is that really smart?
The Federal Trade Commission recently issued a consumer warning about compromised Wi-Fi systems at hotels. In some situations, visitors were getting a pop-up for a software update when logging on for the first time. They assume it’s part of the hotel’s Wi-Fi system, click OK and inadvertently load software from hackers, not the hotel.
But what about those of us who aren’t clicking boxes and downloading files? What about those of us who are simply checking our email while our kids play at McDonald’s? Are we at risk, too?
To find out, I contacted a security expert. He told me public Wi-Fi may put your information at risk, but there are ways to minimize threats while working on the go.
Convenience comes at a cost
Andrew Gavin is an executive consultant with Global Consulting and Integration Services at Verizon Enterprise Solutions. He says that what makes public Wi-Fi networks so convenient to customers also makes them attractive for attackers.
“Since most public Wi-Fi networks are not encrypted… attackers can passively monitor [consumer] communications from several hundred feet away if no additional encryption, such as HTTPS, is used,” he explains.
In other words, websites with addresses starting with the standard HTTP are simply sending your data through cyberspace unprotected. It’s like sending a postcard rather than a letter. Anyone who sees your postcard can easily read the information on it.
Now, if the website address says HTTPS, you get the added security of encryption, but even that is no guarantee. Going back to our mail analogy, if you send a letter, what you write is more protected, but people can still get to it if they are motivated. Plus, some sites use a combination of HTTPS and HTTP pages, which could be problematic.
“Even if consumers use public Wi-Fi to access a sensitive site secured by HTTPS, that site could be misconfigured,” Gavin says, “and, as a result, leak sensitive information over any insecure HTTP page download that attackers could capture.”
No way to know where attackers are lurking
If you think there are telltale signs that will give away when an attacker is lurking nearby, think again.
“There is no way for an average user to determine if a public Wi-Fi network has been compromised or is being monitored by attackers,” says Gavin. “Most attacks are passive, meaning that attackers can simply lurk in the background and listen to or capture any insecure communications done over the public Wi-Fi network.”
And don’t count on being able to spot a shady character in the corner either. Gavin notes attackers can be several hundred feet away and may not even be in the same building as you.
“When I use public Wi-Fi hotspots, I always assume somebody else is watching what I am doing,” he says.
As a result, your best bet is to avoid doing anything beyond basic browsing and window shopping when logged into a public system. And that’s a bit of a bummer to hear, especially if you rely on public networks, as I do, to work on the go.
Fortunately, Gavin has some advice on that, too.