Airports, cafes, community spaces, etc., don’t require a password to connect to their Wi-Fi. It is a great community service to offer free Wi-Fi, but users should know the guidelines and best practices when connecting to an unsecured Wi-Fi.
There are several ways an unsecured Wi-Fi connection can be a threat, but let’s look at two basic scenarios:
- An unsecured Wi-Fi set up as a legitimate public service.
- An unsecured Wi-Fi set up to look like a legitimate public service.
Scenario 1 are your libraries, cafes, airports, etc. Everyone in that café is also using the same unsecure network. This means that with the right tools, which are easily accessible and don’t require a great deal of skill, adversaries can “sniff” for credentials being typed in or retrieve sensitive data. Zero-trust networks are the latest and greatest protections in this space, but a VPN is an extra layer of protection. Try connecting to a hot spot on your phone, connect to your VPN service, and then connect to the free community Wi-Fi.
Scenario 2 are your Wi-Fi networks that are set up to trick users. These are especially devious because it takes less effort by adversaries to obtain the information your device is sending across the network. Even if you’re not doing anything on your device, by design, your applications send information the moment they are connected.
In either scenario above, you’ll want to avoid typing and entering credentials, especially for business or financial accounts, and especially if you’re not connected to a VPN. There are tools that can capture your keystrokes so be careful what you’re typing!