Public Hotspots: Are They Safe?
Dave Carlson - February 12, 2013
A public hotspot is part of a Wi-Fi network (technical name is 802.11) open to the public. Many times there is no charge to use the hotspot to access the Internet. The hotspot is provided by an organization as a service to the public. You will find hotspots at coffee shops, airports, cafes, book stores, grocery stores, hotels, sports stadiums, libraries, and many other public places.
Reuters (November 9, 2011) estimated that the number of public Internet hotspots will explode to more than 5.8 million locations by 2015. This more than four-fold increase between 2012 and 2015 will be driven by increased consumer demand for connections to smart phones and tablet devices. If your favorite location does not have a hotspot yet, it probably will in the next few years.
You access hotspots with a Wi-Fi device, such as a laptop computer, tablet, smartphone, or gaming console. There are both good and bad considerations when accessing a public hotspot. Enjoy the good stuff and take steps to protect yourself from the bad stuff.
If you need to enter a user ID and password to access a hotspot, the access may be defined as secure. However, secure does not always mean safe. You may not be protected even if you are required to enter a password before you can access. If you just connect without any kind of security procedure, the hotspot access must be assumed unsecure. These unsecure connections are the ones about which you need to be most concerned.
Most people who discover public hotspots find them extremely useful. How awesome is it that you can walk into a crowded coffee shop, fire up the e-mail on your notebook computer, and read the latest from your inbox? Here are some great things you can enjoy when you access a free public hotspot:
- Send and reply to personal and business e-mail.
- Check for updates on social networking sites.
- Watch online movies to which you have a legitimate subscription.
- Use video chat to keep in touch with loved ones and business acquaintances.
- Catch up on the day’s news and events while enjoying you favorite drink.
- Maintain a current record of your events during a family vacation.
- Check your credit card balance to ensure you have enough balance for that can’t resist treasure.
Unless you take special precautions, anyone with the appropriate equipment can observe or hijack your wireless session without fear of being detected. Here are some examples of what a larcenous person can do with your public hotspot connection:
- Create an evil twin hotspot. This is a fake Wi-Fi hotspot a bad guy creates to masquerade as a legitimate hotspot. The purpose is to fool you into connecting to the evil twin and pass all your connection traffic through the bad guy’s computer. Most of the time, the miscreant will just save all the data you sent through the connection (e.g. bank passwords) and use the data later at his or her convenience.
- Steal data from your device. Without some kind of security on your device, it will join the wireless network in open mode. This will allow anyone else connected to the hotspot to see your device. The bad guy who knows how to investigate devices on a network will leisurely view the data on your device (e.g. names, e-mail addresses, passwords, etc.) and copy what he wants.
- Thieves can use using packet sniffers. This is specialized software designed to capture banking details and personal information like, address, phone number, passwords, and date of birth. Personal details may be harmless on their own, but once combined, they create information that can put you at a higher risk for fraud.
There are many things you can do to help keep your connections to public hotspots safe. Here are some suggestions to help you enjoy the good stuff related to public hotspots:
- Keep your electronic device in your possession or under personal observation at all times. Losing an unprotected laptop could be more serious than the electronic dangers of an unsecured public hotspot.
- Turn off Bluetooth when not in use to keep unauthorized systems from connecting to your device.
- Password-protect computer files containing financial or any personal information.
- Consider if you really need use a public hotspot to enter banking details, credit card information, send confidential e-mails, or share any sensitive information. If you decide you need to enter sensitive information, at the very least, ensure your browser window shows a lock symbol and the site address begins with “https://” (the “s” stands for secure).
- When using public hotspots do not visit sites that require you to enter a password. If absolutely necessary to do so, make sure you look for the browser lock and https://.
- Activate enhanced browser security before accessing personal email or social networking sites. Search the program help information for the term “enhanced security” to see how to adjust security settings.
- Turn off computer file sharing, media sharing, and printer sharing.
- Use a Virtual Private Network (VPN) to secure the connection between your device and the remote site.
- Keep your device operating system current. Turn on automatic updates, when available.
- Install and use up-to-date anti-virus or anti-malware software on your computer. Ensure you update virus signatures frequently. Use automatic update features, when available.
- Check to ensure you have turned on your computer's internal firewall to control traffic going to and from your computer.
- Turn off the ability for your browser to accept cookies. Or, at least set your browser to require your approval before accepting a cookie.
- Turn on pop-up blocker in your browser. Do not take a chance that an undesirable site or service takes control of your browser or electronic device.
- Set your browser to block dangerous sites, or at least warn you if a site is considered a high risk.
- When you log into a site from a public hotspot, make sure the name is correct to avoid getting tricked into visiting a fake evil twin site set up to steal your information.
- After logging in, change your password as soon as you connect to a secure Internet connection. Look for the browser lock and https://.
- Change your passwords on a regular basis.
- Use different passwords for different applications, such as e-mail, online banking, shopping, and social networking sites.
- When using a public or shared computer, erase the browser history and temporary Internet files before you leave.
- Disable all ad hoc capabilities to prevent an unauthorized system from connecting to your device directly.
- Remain aware of your surroundings. You may use all of these tips to secure your electronic connection, yet leave yourself open to the same dangers if someone is looking over your shoulder and observing what you enter into your computer or device.
Public hotspots offer many benefits, yet expose you to many dangers. Follow the suggestions listed here and remain vigilant. With the right preparations and observations, you should feel confident as you navigate safely through the myriad of unknowns at public hotspots.
Web sites that report more than 250,000 locations of public hotspots:
Places with information about how to report fraud or identity theft:
Books with information about safe wireless network computing and identity protection:
- Beaver, K., Davis, P. T., and Akin, D. K. (2005). Hacking Wireless Networks For Dummies. Hoboken, NJ: Wiley.
- Cache, J., Wright, J., and Liu, V. (2010). Hacking Exposed Wireless: Wireless Security & Solutions, 2nd Ed. New York: McGraw-Hill.
- Campagna, R., Iyer, S., Krishnan, A., and Bauhaus, M. (2011). Mobile Device Security For Dummies. Hoboken, NJ: Wiley.
- Collier, M. (2010). Facebook and Twitter For Seniors For Dummies. Hoboken, NJ: Wiley.
- Donahue, G. A. (2011). Network Warrior. Sebastopol, CA: O'Reilly.
- Gralla, P. (2006). How Personal & Internet Security Works. Indianapolis, IN: Que.
- Hadnagy, C. and Wilson, P. (2010). Social Engineering: The Art of Human Hacking. Hoboken, NJ: Wiley.
- Jacobson, D. and Idziorek, J. (2012). Computer Security Literacy: Staying Safe in a Digital World. Boca Baton, FL: Chapman and Hall.
- Kelly, D. G. (2012). The Official Identity Theft Prevention Handbook, Professional Edition. New York: IAC Media.
- Lancer, V. (2012). 11 Ways to Protect from Identity Theft and Fraud - Online and Offline. Dunkirk, MD: Network Performance Corporation.
- Leanage, H. (2012). A Personal Internet Security Handbook. Kindle Edition: Hans Leanage.
- McNab, J. (2012). Delete Personal Information From The Internet. Cleveland, OH: Ariza Research.
- Penn, D. (2011). Identity Theft Secrets: Exposing the Tricks of the Trade!. Bloomington, IN: iUniverse.
- Vacca, J., Vacca, M. E., and Rogers, M. (2012). Identity Theft (Cybersafety). New York: Chelsea House.