Free public WiFi is now available in many places. As an added benefit of using the service, airports, hotels and cafes are offering free internet access. For many people, being able to connect to free internet on the go seems ideal. Being able to access their work email or share documents online is useful for business people who are traveling.

However, the risks of using public WiFi hotspots are higher than many internet users may realize, and most of the risks are related to man-in-the-middle attacks.


man-in-the-middle attack

Man-in-the-middle (MitM) attacks occur when a malicious actor manages to intercept communications between two parties. There are various types of man-in-the-middle attacks, but the most common one involves intercepting a user's request to access a website and sending a legitimate-looking fraudulent web page in response. This can happen on almost any website, from online banking to file sharing and email providers.

For example, if a hacker is prepared to intercept communications between Alice's device and her email provider when she attempts to access her email, he can perform a man-in-the-middle attack that lures her to a fake website. If a hacker gets her login and password, he can use her email to perform more malicious actions, such as sending phishing emails to Alice's contact list.

Therefore, a man-in-the-middle is a third party that pretends to be legitimate and is able to intercept data sent between two points. Typically, man-in-the-middle attacks are conducted to try to trick users into entering their sensitive data into fake websites, but they can also be used to intercept private conversations.


WiFi eavesdropping

WiFi eavesdropping is a type of man-in-the-middle attack where hackers use public WiFi to monitor the activities of anyone connected to it. The information intercepted may vary depending on personal data, internet traffic and browsing patterns.

Generally, this is done by creating a fake WiFi network with a legitimate-looking name. Fake hotspots often have names that are very similar to nearby stores or businesses. This is also known as a double demon attack.

For example, a consumer entering a coffee shop may find that there are three WiFi networks with similar names: CoffeeShop, CoffeeShop1, and CoffeeShop2. It's likely that at least one of them is a fraudster's WiFi.

Hackers may use this technique to collect data from any device that establishes a connection, ultimately allowing them to steal login credentials, credit card information, and other sensitive data.

WiFi eavesdropping is just one risk that comes with using public networks, so it's best to avoid using them (public networks). If you do need to use public WiFi, be sure to check with staff to see if it is authentic.


Network packet capture tool

Sometimes criminals use specific computer programs to intercept data. These programs are known as network capture tools and are often used by legitimate IT professionals to record digital network traffic, making it easier for them to detect and analyze problems. These programs are also used to monitor Internet browsing patterns within private organizations.

However, many of these packet analyzers are used by cybercriminals to collect sensitive data and perform illegal activities. So even if nothing bad happens initially, victims may later discover that someone has committed identity fraud against them, or that their company's confidential information has been compromised in some way.


Basically, cookies are small packets of data that web browsers collect from websites as a way of retaining some browsing information. These packets are typically stored on the user's local computer (as a text file) to allow the website to recognize the user when they return.

Cookies are useful because they facilitate (maintain) communication between users and the websites they visit. For example, cookies allow users to stay logged in without having to enter their credentials each time they visit a specific web page. They may also be used by online stores to record items that customers have previously added to their shopping carts or to monitor their browsing activity.

Since cookies are simple text files, they cannot carry keyloggers or malware, so they cannot cause any harm to your computer. However, cookies can be dangerous when it comes to privacy, and they are often used in man-in-the-middle attacks.

If a malicious attacker is able to intercept and steal the cookies you use to communicate with websites, they can use that information to attack you. This is called cookie theft and is often associated with what we call session hijacking.

A successful session hijack would allow the attacker to impersonate the victim and communicate with the website on their behalf. This means they can use the victim's current session to access personal emails or other websites that may contain sensitive data. Session hijacking often occurs at public WiFi hotspots because they are easier to monitor and more susceptible to man-in-the-middle attacks.


How to protect yourself against man-in-the-middle attacks?

  • Turn off any settings that allow your device to automatically connect to available WiFi networks.

  • Turn off file sharing and log out of accounts you are not using.

  • Use password-protected WiFi networks whenever possible. If you have no choice but to use a public WiFi network, try not to send or access sensitive information.

  • Keep your operating system and antivirus software updated.

  • Avoid any financial activity, including cryptocurrency transactions, when using public networks.

  • Visit websites using the HTTPS protocol. But keep in mind that some hackers perform HTTPS spoofing, so this measure isn't completely foolproof.

  • Using a virtual private network (VPN) is always recommended, especially when you need to access sensitive or business-related data.

  • Be wary of fake WiFi networks. Don't trust the name of a WiFi just because it's the same as the name of a store or company. If in doubt, please ask staff to confirm the authenticity of the network. You can also ask them if they have a secure network you can borrow.

  • Please turn off WiFi and Bluetooth if you are not using them. Avoid connecting to public networks if you really don't need to.


Conclusion and thoughts

Cybercriminals are constantly looking for new ways to access people’s data, so it’s important to keep yourself aware and vigilant. Here, we discuss the many risks that public WiFi networks can present. While most risks can be mitigated by simply using a password-protected connection, it's important to understand how these attacks work and how to prevent yourself from becoming the next victim.