It’s no secret that most of us are glued to our smartphones, whether it’s to catch up on the news, browse social media or check our bank balance on the go.
Unfortunately, the need to stay connected at all times may backfire when we use public Wi-Fi without taking precautions.
Ashwani Talreja, cybersecurity manager at consultants Ernst & Young, used to dabble as an ethical hacker and started learning about hacking from the age of 15.
He started researching hacking to get free internet access after his father disconnected it due to his habit of spending up to 13 hours in front of a computer, instead of studying.
Talreja identifies the main ways opportunistic hackers will try and steal your details via free, public Wi-Fi.
The first method involves hacking into the Wi-Fi hotspot itself and then gaining access to anyone who connects to the access point in question.
But this method has fallen out of vogue over the years according to Talreja.
Wi-Fi networks are increasingly being controlled by bigger companies, who have made these networks more secure.
Watch out for fake Wi-Fi hotspots
A more widely used method is for a hacker to create a fake Wi-Fi hotspot in a bid to get unsuspecting victims to join the network and enter their credentials.
“They use a simple name change you won’t notice,” comments Talreja, noting the names are usually generic and similar to genuine hotspots in the same area.
Hackers may also use fake pages similar to popular sites, including Facebook, that they have created that will essentially grab any information you enter.
This information can then be used to gain access to other accounts if a similar password is used.
“Another common way is the hacker connects to free Wi-Fi and tricks them into believing it’s the server,” warns Talreja.
By using this method, hackers can access certain personal information.
Potential red flag
There is a red flag that may tip you off to a hacker trying to steal your details.
If a warning comes up claiming the connection is not secure, it’s possible someone malicious is on the Wi-Fi network.
In this situation, don’t proceed to the website and close the window – or you are at risk of getting your information stolen, advises Talreja.
He says if you choose to go on the page despite the warnings, your information could be vulnerable and your money may be at risk if specific details are compromised.
What tools do hackers use?
While hackers can use their laptop to set up fake hotspots, a ‘pineapple’ device can also be used, which are easy to get hold of online for under £200.
Ed Williams, director for EMEA at Trustwave, says these devices are easy to hide as they are usually the size of a cigarette packet.
The average range of these devices is between 30 and 40 meters, although an extender can be used to boost this range.
The popular Raspberry Pi device may also be used by hackers as these small computers can hold a lot of information, says Williams.
This is surprising as a Raspberry Pi is generally used by people to understand how to program in languages such as Python.
Should I avoid using public Wi-Fi?
When asked whether people should avoid using public Wi-Fi to access financial information, Talreja advises people to be aware of the risks and not to worry.
But not everyone agrees.
Luis Corrons, Security Evangelist at Avast Software says people should ideally not access any financial related information via public Wi-Fi.
“Cybercriminals perch themselves on public Wi-Fi networks because any unencrypted traffic that contains an individual’s data can be harvested as it passes through the network,” comments Corrons.
“These open connections allow attackers to “sniff” people’s credentials such as login details and credit or debit card data, which may lead to identity theft and financial loss.”
Corrons says people need to understand the risks of connecting to public Wi-Fi hotspots and take the appropriate steps to prevent the theft of personal data.
“Free is convenient but it isn’t always safe,” he warns.
Williams agrees as people should be careful if they use any free or public Wi-Fi for personal banking.
Any details manually entered may be captured by a hacker, including passwords stored by the browser.
Are banking apps vulnerable?
There’s a possibility that even your banking app is at risk of being compromised, according to David Emm, security researcher at anti-virus firm Kaspersky.
“In theory, the data should be encrypted by the banking app, so the data shouldn’t be readable,” comments Emm.
“However, if any element of the communication isn’t sent in an encrypted form, it could allow someone to intercept the communication and inject their own code.
“So, it’s safest to assume that any confidential data transmitted via Wi-Fi – including bank details – could be vulnerable.”
As for fingerprint data, this is generally held on the device with authentication completed on the device.
“Of course, it’s possible that an online provider might hold the data online, in which case it could possibly be captured in transit,” warns Emm.
How can I stay safe?
Thankfully, there are several (free!) ways you can stay safe when accessing public, free Wi-Fi.
You can use a Virtual Private Network (VPN) to create a secure encrypted connection to help protect your personal data.
It also prevents hackers from accessing or even altering communications over the internet.
One of the most commonly used free VPNs is ProtonVPN, which is suitable for mobile devices.
While it may sound odd, you should get anti-virus software for your mobile phone or device, as the software will help block attacks.
Avast’s free version is recommended by Talreja, although he flags advanced features can be used via paid-for apps from Kaspersky, McAfee and Avast.
You may already be familiar with multi-factor authentication, which can be used when you log-in to certain sites or make certain purchases.
For example, the site might ask you specific questions you should know the answers to or send you a text with a unique code.
Sometimes, hackers may try their luck and bypass your security via multi-factor authentication.
If you’re accessing public, free Wi-Fi and someone strikes up a friendly conversation with you, be cautious.
In the worst-case scenario and if you’re unlucky, it could be a hacker trying to get hold of your personal details.
While a hacker will not try and raise an alarm by asking for financial data, finding out your hometown or a beloved pet’s name may be all they need to access an account.
Top tips to keep safe
We have rounded up our top tips to stay safe when using public Wi-Fi:
- Use anti-virus software to help block attacks;
- Get multi-factor authentication for your important accounts;
- Use a VPN on your mobile to make it harder for hackers to access your personal data;
- If there’s no rush, hold off on online banking or shopping until you are connected to your personal Wi-Fi hotspot;
- Where possible, avoid using Wi-Fi or public computers as they may not have a VPN;
- Websites starting with HTTPS and featuring a padlock will generally keep your info safe – but don’t rely solely on this as it can be faked;
- Be careful not to divulge personal information to strangers, particularly when using public Wi-Fi.