Written by Alayna Okerlund | Last Updated February 24th, 2020Alayna Okerlund is a finance-focused Senior Content Strategist at BestCompany.com. Over the past three years, Alayna's finance-related research has helped readers feel more financially confident. She has worked with several reputable experts and has provided content for a variety of well-known publications like Forbes, Reader’s Digest, Lifehacker, and more.
Public, free Wi-Fi is a convenience that most of us appreciate, but you shouldn't be blinded by their too-good-to-be-true appeal. Using public Wi-Fi networks might just be one of the riskiest, tech-related mistakes you make on a regular basis.
Scott N. Schober, the President and CEO of Berkley Varitronics Systems (BVS), author, and well-informed cyber security expert, believes that public Wi-Fi networks are, in fact, dangerous to access.
Schober explains, "when you access most public Wi-Fi, you enter into a temporary relationship with that provider whereby you trade your privacy for convenience. Open Wi-Fi access points are sometimes subsidized by collecting and selling metadata relating to all consumer activity including purchasing habits, dwell time in the store and even the specific devices used to connect to that open Wi-Fi. You might not care about sharing this metadata but advertisers certainly do."
According to Schober, the shared metadata can be used to a criminal's advantage. He explains that "this data is extremely valuable because it provides vital information that acts as pieces in a larger puzzle profile that targets you. When properly sorted, this profile can reveal daily patterns including our daily routines, habits, contacts, social posts, and of course, our purchases. Now imagine that when you approach each store, someone is shadowing you and taking notes on everything you did with your smartphone while near that store. It is enough to freak out most consumers, but that is essentially what we are doing. By allowing one Wi-Fi to collect and sell this metadata, we are unwittingly opting into targeting and tracking programs similar to Google or Facebook’s advertising programs. Citizens have the right to protect their own privacy, but cannot truly protect themselves if they are not even aware they are being targeted."
Frequency of theft
Many people may think that public Wi-Fi network risks are rare, most likely because they haven't noticed any negative consequences from connecting to public Wi-Fi. To Schober, the risks are "like fishing in a barrel" as in "high traffic areas are prime targets for hackers and very likely to include fake hotspots that can compromise our devices. These are called Man-in-the-Middle attacks because the hacker’s access point pretends to be a known public hotspot. And there is nothing to stop hackers from naming these deceptive hotspots by the same or similar names to trusted ones such as ‘Free Wi-Fi Starbucks’. So when customers scan the list of possible Wi-Fi connections, they might simply just choose the first one they recognize in a long list. That means they have now just connected to the hacker’s hotspot revealing commonly used login credentials, their email and perhaps all the data on their phone."
Schober adds that the one connection made to the hotspot may not be your last. He says, "to make matters worse, as a convenience feature, most phones automatically reconnect to known hotspots by default every time you are back in the area so hackers can get repeat business from their victims."
The bigger problem
Regarding the degree of theft that can come from using public Wi-Fi networks, Schober shares that "public Wi-Fi is a stepping stone to much greater data theft." Adding that "while only a few items such as frequently used passwords and emails can be easily gleaned from a casual public Wi-Fi connection, the real payoff usually results from the introduction of malware onto the device. Once a hacker has a direct connection to your mobile device via malware, they have access to most anything on that device. But their reach can extend far beyond that device as well. Depending on how they compromise your phone, a hacker can then gain entry into your PC at home and eventually all data including financial, personal, healthcare, and even friends’ and family’s data too." All of which makes public Wi-Fi a worrisome threat.
What to do if you are a victim
If you have reasonable evidence to believe that you have been victimized because of your public Wi-Fi network connections, Schober instructs that "you should first delete all Wi-Fi networks listed on your mobile device so you do not automatically re-connect to them when you are nearby. If you know the name of suspicious hotspot, alert the nearest retailer also offering public Wi-Fi since most of their customers would potentially be affected by this same hotspot as well. If any legitimate retailer believes their customers could be in jeopardy, they will take action."
He recommends that you "use your own 4G LTE hot spot or host one from your secure 4G smartphone. If you suspect your devices has already been compromised, be sure to erase and re-install your phone OS completely and do not use a recent backup that might contain cookies, browser history or any code that might contain the malware such as key loggers. Effective anti-keyloggers such as StrikeForces’ MobileTrust can be purchased from Amazon or directly from their website https://www.strikeforcecpg.com. I use these products and have found them to be simple and effective defenses against keyloggers."
How to avoid becoming a victim
Although there are many legitimate Wi-FI networks, avoiding connection to a public Wi-Fi network is a good way to protect yourself and your data. Schober recommends "that people consider a 4G LTE hotspot to avoid the privacy pitfalls associated with open Wi-Fi. A modulated LTE signal is unlikely to be hacked or spoofed and much safer then using any open Wi-Fi. Modern smartphone OS include integrated Wi-Fi tethering plans so you can host your own Wi-Fi hotspot. Just make sure you use a long and strong password so you can connect any of your devices securely to your smartphone."
If protecting your privacy is important to you, prevention is the key. Although avoiding public Wi-Fi networks altogether is a solid preventative step, there are many other ways a thief could steal your private information and even your identity. Hiring a professional identity theft protection service might also prove to be a good move on your end. After all, your data, information, and identity are worth protecting, especially as cyber crimes are becoming more frequent.