How to Stay Safe on Public Wi-Fi Networks?

IMage of wi fi signal with lock and question: How to stay safe on public wi fi networks?

Whether you’re on the street, at an airport, or sipping a hot beverage in a coffee shop, your device will likely detect multiple public Wi-Fi networks. These can be a great way to get online free of charge, but they can also be unsafe.

In this guide, we’ll discuss some of the security risks involved as well as some ways to protect your privacy.

Are public Wi-Fi networks safe?

Using a network you can’t control puts your data at risk. Routers can log each website you visit, meaning anyone with access to its records can view your entire browsing history and other personal information. Other devices connected to the network may also try to access your device and tamper with your traffic.

What are public Wi-Fi security risks?

Each time you connect directly to a Public Wi-Fi network, even if it seems to be owned by a legitimate organization, there are a number of privacy risks.

ARP Spoofing

Cybercriminals who have connected their own devices to the public Wi-Fi network can carry out this type of attack. They can then use their device to send forged ARP (Address Resolution Protocols), causing traffic intended for your device to be sent to the hacker’s device instead. They can then use their device to impersonate the legitimate server and communicate with your device.

This is a type of ‘man in the middle’ attack in which the hacker sits between your device and the router/server. They can monitor your data to steal your credentials or even modify it to redirect you to harmful websites.

DNS Poisoning

Assuming a hacker can either compromise your device or the server/router used by the Public Wi-Fi network, they can modify your DNS records. DNS servers act as a virtual phone book for the internet, turning human-readable website addresses into numeric IP addresses.

If a bad actor tampers with those DNS settings, you could enter the website address of a legitimate site like your bank, only to be redirected to another site like a phishing domain, which will steal your login details.

SSL Stripping

Assuming an attacker can manipulate your network traffic, they can try to force your device to use less secure websites. In other words, they can force your device to send information to domains that aren’t encrypted via TLS, the protocol most commonly used to encrypt traffic between devices and websites.

This attack is becoming much less common these days, as fewer websites offer insecure versions of their domains. This attack also won’t work on websites that use HSTS (HTTP Strict Transport Security).

Honeypots

All of the above attacks assume that a hacker is connecting to a public Wi-Fi network to compromise your device. The risks of these attacks can be reduced through measures like using HSTS and better router/server security.

In the case of a honeypot, though, the hacker sets up a Wi-Fi hotspot masquerading as a legitimate network, e.g., LIBRARY FREE WI-FI. If any devices connect to it, the hacker can then monitor and control traffic.

This is a popular way for cybercriminals to deliver malware, as given they control the Wi-Fi portal, they can require connected users to install software before allowing internet access.

How do you know Public Wi-Fi is safe?

If you’re in a public place, you can prevent connecting to honeypots by asking a member of staff to tell you the correct name of their Public Wi-Fi network. However, this in itself won’t stop the network owners from trying to monitor or manipulate your traffic if they wish to.

What should you turn off with public Wi-Fi?

If you connect to a Public Wi-Fi network using a Windows 11 device, the network is set to ‘Public’ by default. This means others can’t automatically discover your device on the network. However, it also means file sharing and printing won’t work. If you do need to change the network type to ‘private’ to share files or to print documents, make sure to deactivate this by setting it to ‘Public’ once again when you’re done.

What will not protect you when using public Wi-Fi?

There’s a lot of disinformation on the internet about listing various ‘silver bullets’ for using Public Wi-Fi safely, so we thought we’d list some measures that won’t necessarily protect you.

Wi-Fi network encryption

Some Wi-Fi networks are ‘open’, meaning users don’t need a password to connect. This makes it very easy for hackers to monitor and intercept traffic.

If a Public WIFi hotspot uses encryption, e.g. WPA2, then traffic sent between your device and the network’s router/server should be encrypted.

Still, this only offers protection against someone who doesn’t have the password. If a bad actor connects their device to the same network using the password, they can still read any unencrypted data packets your device sends to the router/server.

If a hacker has set up a ‘honeypot’ Wi-Fi network, the fact that it’s encrypted can’t stop them from monitoring and manipulating your traffic either.

SSL/TLS

As we’ve learned, when you connect to a website with a properly configured SSL certificate, traffic between your device and the domain is encrypted. In theory, this means that if someone were monitoring the data packets leaving your device, they would only see encrypted HTTPS data, which would be useless without the decryption key.

In practice, certain sites are still vulnerable to ‘SSL Stripping’ as outlined above. A hacker monitoring your Wi-Fi connection would also know the domain you visited, e.g. your bank’s website, even if they can’t read data going to and from it.

Firewalls

While we strongly recommend enabling the default firewall in operating systems like macOS and Windows 11, firewalls are mainly designed to protect your device from intruders who try to gain access to it. It can’t protect against attacks like ARP Spoofing, where a hacker’s device impersonates a legitimate one like the network server.

Being quick

No matter how fast you use Public Wi-Fi to sign on to a sensitive site like online banking if a cyber criminal is already connected to the network or the network itself is a honeypot, your traffic can be recorded and exploited by hackers, even if you disconnect after a few minutes.

Tips for safely using public Wi-Fi

If you have to go online via Public Wi-Fi, you can follow some best practices to stay safe.

Don’t Install Any Software

When you first connect to public Wi-Fi, you’ll usually see a web page called a ‘portal’ where you need to agree to the T&C to access the network. If you’re asked to install any software, disconnect immediately. It’s not worth the risk.

Use E2EE

Secure messaging apps that support E2EE (end-to-end encryption), like WhatsApp and Signal, keep the decryption keys for reading messages stored on your device. This means even if someone is snooping on the network, they can’t read your messages.

Use a VPN

When you use a reputable VPN service like hide.me, your device will establish a secure, encrypted connection to the VPN server. Bad actors on the network will see the encrypted data packets but won’t know which sites you’re visiting or which applications you’re using.

VPN services like ours also channel all DNS requests through the servers, so you’re less likely to be a victim of DNS poisoning.

Will a VPN protect against all public Wi-Fi exploits?

As we’ve learned, attackers who run a ‘honeypot’ could trick you into installing malware on your device, such as ransomware. In this case, a VPN wouldn’t be able to protect your device, as the malware may interfere with the ‘client’ software.

What are the alternatives to public Wi-Fi?

While you should always use a VPN to stay safe online, you can hugely boost your security by avoiding public Wi-Fi. If you’re using a mobile device, ask your provider what data packages they offer to allow you to go online via 4G/5G. Most cell phones also support setting up WiFI hotspots so that you can share this connection with other devices.


We love bringing you this content and hope it helps keep you safe and secure online. Feel free to share it with your friends, too.

Here at hide.me we are all about internet freedom, and we are happy to be in a position to bring that to everyone. That is why we give you a 30-day money-back guarantee on our Premium plan. No questions asked and no logs recorded.

Get hide.me VPN!

If you have any questions, please feel to contact our 24/7 support team either at support@hide.me or via live chat.

Related articles

Christmas Sale

Includes 3 months extra

Days

Hrs

Min

Sec

Get the offer