If the recent cyberattack on the UK’s rail Wi-Fi network showcased anything it’s that disrupted public transport systems can cause widespread concern. It is also a stark reminder of the vulnerabilities that public Wi-Fi can pose to our security, on both a societal and individual level. While many view free internet access as a convenience – whether on the train, in cafés, or at airports – these growing attacks highlights how easily unprotected Wi-Fi can be exploited by cybercriminals and malicious actors.
To ensure data privacy, and limit the risks of personal information falling into the wrong hands, there is an urgent need for everyone to rethink their use of public Wi-Fi, especially through unsecured networks such as public transport.
Senior Product Manager at Surfshark.
The increasing use of public Wi-Fi
Public Wi-Fi is a convenient tool for people to use social media, watch movies or work during long commutes, helping to explain its significant rise in popularity in recent years. Nowadays it’s rare to see a business that doesn’t offer public hotspots with companies embracing the benefits in customer satisfaction, but also the commercial potential for social media posts and geotagging.
Generally, users need to authorize the network or sign up by sharing their emails to use these free Wi-Fi services, however devices can also connect to one of these open and accessible networks automatically. In doing so, users are vulnerable to online threats, data leaks and cyberattacks from malicious actors monitoring the same networks.
Dangers of public Wi-Fi
While organizations think they’re offering a helpful service, they often forget or are generally unaware that there is a need always implement robust security measures – endangering end users.
The most common risk is Man-in-the-Middle Attacks (MITM), where hackers intercept communication between advice and the Wi-Fi network, gaining access to sensitive information like passwords, emails, and financial details. Typically, the user has no idea that this is even happening, let alone implementing the measures necessary to stop an attack. Data relating to an individual’s online activities, alongside passwords and personally identifiable information, can be collected and sold to third parties and advertisers or be used to set up elaborate phishing attacks.
The second threat is through the ‘Evil Twin’ attack, where the bad actors can hijack the connection between the node and the Wi-Fi hotspot. Evil twins are fake Wi-Fi hotspots that imitate actual public Wi-Fi networks in the area. For example, if you’re in a Starbucks and see two Wi-Fi networks, one named ‘Starbucks’ and the other ‘Starbucks-for-customers,’ you might believe they are both legitimate. In reality, one of them could be set up by a hacker looking to steal your data.
Additionally, bad actors also tend to target your cookies just as much as your traffic. These cookies can be used to get sensitive information, such as your login details, home address, and name. Sometimes hackers can also implant computer worms into your device even if you don’t download them or install malicious software. Clearly, one wrong click of joining a fake Wi-Fi network can be enough to compromise your data.
Stay safe when using public Wi-Fi
Using WIFI on the move is a necessity for many, particularly on long journeys, or to facilitate remote working. However, with data theft incidents and WIFI related attacks becoming more frequent and more sophisticated, protecting yourself when public Wi-Fi is the only win-win option for users.
One of the most effective solutions is using a VPN to encrypts your data. This means that anybody snooping on a public Wi-Fi connection will only see a collection of jumbled, unusable information.
Additionally, every device that accesses the internet has a unique digital badge, called an IP address. This IP address carries identifying information whether you’re making an online order, browsing X, or creating a presentation for work. When you connect to a VPN server, your IP address is replaced by the server’s IP address. This way, your actual IP address remains private.
VPNs offer robust protection and can be used across multiple devices, ideal for frequent travelers or remote workers who rely on public Wi-Fi. It is important that while connecting on a VPN cross check that you are pairing with trustworthy open-source VPN protocols like OpenVPN or WireGuard.
When accessing or using public WIFI without a VPN, avoid logging into your online accounts and inputting passwords when on a public network. This includes using passwords for online banking, email accounts, social media, and more. Similarly, make sure to disable auto-connect on your device, as it will save you from automatically connecting to any fake networks.
Cybersecurity is everyone’s responsibility
The attack on the UK’s rail Wi-Fi network is a sobering reminder of how interconnected our communications have become, and how reliant we are on digital infrastructure to facilitate our day-to-day activities. Users need to stay vigilant or else one can end up providing a lot of your personally identifiable and sensitive information through the Wi-Fi network you’re connected to. As a reminder, using Incognito/Private mode doesn’t help. It only limits your device from tracking browsing history. Your ISP (Internet Service Provider) or the owner of the Wi-Fi hotspot can still see the traffic.
In a world of remote work and frequent business travelers, data security must be top of mind. With sensitive company or personal data potentially being accessed over public networks, using tools like VPNs and adopting strict practices isn’t just recommended – it’s highly important. The question we all need to ask ourselves is, if the free Wi-Fi network worth the potential loss of privacy and security? Protect yourself now – before convenience becomes a costly mistake.
We’ve featured the best business VPN.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro