Cities and retailers across the country are adopting programs to offer free public WiFi, but consumers should utilize them at their own risk.
These initiatives are an effort to roll out massive networks to give individuals greater access, but many of the networks are not secure and are prime targets for hackers to steal identities, infect users with malware or grab passwords.
While many of these networks offer some protection from cyber criminals waiting to attack, consumers need to be aware that the one they are choosing is the accurate one, said Joram Borenstein, a vice president of marketing of NICE Actimize, a New York-based financial crimes software solutions provider. Hackers have learned to create networks with names that sound similar to a city or government network, in an attempt to snare consumers in a rush to check social media.
"It is reasonable to assume that these urban Wifi networks will be adequately protected and constructed," he said. "The key threat in using such networks is around social engineering in situations that a consumer is tricked into joining what the consumer believes is a genuine city Wifi network. A user might accidentally join a Wifi network with a seemingly similar name that is designed to trick him or her."
While public WiFi has implemented basic security, consumers should be wary of shopping or transferring money because personal financial details could be exposed to cyber criminals, said Joseph Carson, head of global strategic alliances at Thycotic, a Washington D.C.- based provider of privileged account management (PAM) solutions.
"Most providers of public WiFi have simply only added an acceptable use or terms of service leaving the consumer using the WiFi at their own risk," he said.
Nearly all WiFi is public, because if it is easily discoverable, then anyone near it can access it, said Jeremiah Talamantes, managing partner of RedTeam Security, a St. Paul, Minn.-based cybersecurity firm.
"The truth is that it is often easy to intercept data in transit or to impersonate the network or to attack the router itself from a remote location," he said.
Wireless routers are "notoriously" insecure, said Mark Wuergler, a senior security researcher at Immunity, a Miami Beach-based offensive security firm.
"You can be sure that the wireless devices that are used by the network will be under a very powerful and capable microscope belonging to the bad guys," he said. "Once a entry point is found to break into the wireless routers the bad guys will feel like they hit the jackpot of private data."
How to Use Public WiFi
While having access to public WiFi is beneficial for both businesses and consumers, the risk remains high and more individuals should be aware of them, said Carson. When consumers must use public WiFi instead of their cellular network, they should use a virtual private network or VPN or encryption service to minimize the risks.
Adopting the best practices will help secure your personal financial data. Users who are at a restaurant or retailer should ask the business for the correct name of the WiFi access point and whether it is secure.
When people are faced only with using public WiFi, selecting one that is secure and is password protected is the next best choice. By using the latest web browsers, consumers lower their risk since the security has improved "significantly to detect when a website is untrusted or not the real website," he said.
"This prevents someone from hosting their own websites, such as Facebook and waiting for you to enter your credentials," Carson said.
Always disable the function of auto connect to WiFi on your smartphone or laptop because it is common that hackers will use Wifi access points with "common names like airport or cafe so your device will auto connect without your knowledge, he said. Users should not select to remember the WiFi network, because it will trigger the same result.
Social media is fraught with potential malicious malware and suspicious links. Hackers often target people through social chats like videos which have your photo and also beware of ads which could direct you to compromised websites, Carson said.
The bottom line is that consumers should always assume a cyber criminal is monitoring your data over public WiFi even if you are just comparing prices at retailers or using an app for a map.
"Never access your sensitive data, such as financial information over public WiFi," he said. "Do not change your passwords and beware of entering credentials while using public WiFi."
Consumers using their smartphones should avoid public Wifi and instead use their network or their personal hotspot function to connect to their laptop or tablet.
The networks hosted by cell phone providers are more secure and "can be trusted," said Borenstein.
"The average consumer does not have the technical know how or the inclination for that matter to analyze a Wi-Fi signal's vulnerability, password strength, encryption protocol such as WEP, WPA or WPA2 or anything else that would give them a strong sense of security," he said.
When consumers are using free, unsecured public WiFi at the airport or a restaurant, it is tempting to change passwords or check your bank account balance, but doing so can prove to be disastrous.
"When using public WiFi, you should assume it is untrusted and that everything being transmitted across the public WiFi is potentially being watched, collected or that the sites you are attempting to access may not actually be authentic," said Carson.
Hacking into a cell phone provider's network is more difficult, because it requires special equipment and decrypting the data while gaining access to a WiFi connection only needs a computer with WiFi access. WiFi access spots such as public ones at a cafe or airport and your hot spot are wide open.
Cyber criminals can easily redirect users from legitimate websites to ones which are malicious, creating more victims and also infecting their smartphone, tablet or laptop on WiFi.
"They can hijack their accounts to perform financial fraud," he said. "When it is possible, it is safer to use your cell phone as a hotspot instead of public Wi-Fi since it is generally more secure and less likely that an attacker is collecting or stealing your information."