During a political convention in 2016, IT security company Avast set up various public networks to gauge the attendees’ attitudes toward public WiFi use. The names were a mix of pro-candidate messages, like “I VOTE TRUMP! FREE INTERNET” and vaguely official-seeming ones, like “ATTWifi at GOP.” Over 1,200 people connected to the networks and a staggering 68.33% exposed their identity in some ways.
More recently, Symantec, the developers of the Norton line of security software, conducted a global survey of people’s understanding and use of public WiFi. The results suggest little progress has been made. Highlights included:
- 55% would readily do something or share info to get a strong WiFi signal
- 53% can’t distinguish a secure network from one that isn’t
- 87% of consumers have potentially put their information at risk on public WiFi—but 60% think their information is secure
The widespread lack of internet security in public WiFi use is especially worrisome given that it’s become easier to acquire software for exploiting such networks. Even casual users can examine other users’ data with programs such as Wireshark—and such “WiFi sniffing” is one of the simpler threats to protect against. On top of that, users of public networks are might fall victim to man-in-the-middle (MitM) attacks, which intercept other users’ communication while preserving the illusion that contact remains private. They’re also susceptible to the spread of various kinds of malware.
While it’s never a bad idea to have security software, like those provided by Avast and Symantec, they’re not designed to mitigate most the threats present on public networks; they can’t stop hackers from snooping around or intercepting data. Users would get more protection out of practicing safe browsing habits: sticking to secure (https://) connections, refraining from banking, online shopping, or personal correspondences, and avoiding entering their passwords to any sites. One of the best method for safety against hacking, using virtual private network (VPN) from a trusted vendor, is massively underutilized— Symantec’s survey showed that only around 25% of respondents used one.
IT security companies and other concerned parties have been involved in efforts to improve public WiFi security. Some have focused on educating users, while others have focused on providing technological solutions to protect even users who are unfamiliar with IT security.
Kaspersky, for example, has launched an internet security awareness campaign for Asia and the Pacific. The campaign urges people to submit examples of habits or actions on the internet that have resulted in a loss of reputation, finances, property or personal information. By making people aware of specific actions and their repercussions, the campaign aims to educate the public through shared experience and wisdom.
Meanwhile, The Wi-Fi Alliance, the governing body for WiFi standards, unveiled the WPA3 security protocol earlier this year. Improvements include stronger safeguards against people trying to guess passwords and improved security for various smart devices in the Internet of Things. With stronger baseline security available for public networks, the Alliance hopes to make security simpler for providers and users of WiFi networks of all types, including public ones.
While stronger baseline security could improve the public WiFi experience, the extent of improvement remains to be seen. Hackers are nothing if not resourceful. It will most likely take greater public awareness to significantly reduce incidences of identity theft. Progress on that front may take some time, however, and in the meantime we may see considerable changes in internet availability and distribution models for public WiFi—which may in turn change the threats users face and what they’ll need to protect themselves.
About the Author
Chris San Filippo is a part of the marketing team at Hotspot Shield, one of the top ranked VPNs in the world. Hotspot Shield has over 500 million downloads and has helped users from over 200 countries fight for net neutrality and against censorship. Chris’s work has helped Hotspot Shield earn features in publications like Forbes, Bloomberg, and The Wall Street Journal. In addition to his job with Hotspot Shield, Chris also blogs about web security, cryptocurrencies, and social media trends.