Free public WiFi is now available in many places. Airports, hotels and cafes promote free internet connection as an added benefit for using their services. For many people, being able to connect to a free internet network when they are away from home is ideal. It is particularly useful for businessmen who are traveling, and who can access their work emails or share documents online.

However, there are more risks to using public WiFi hotspots than many internet users can imagine, and most of these risks are related to Man in the Middle attacks.


Middleman Attacks

A man-in-the-middle (MitM) attack occurs when a malicious actor manages to intercept communications between two parties. There are several types of MitM attacks, but one of the most common consists of intercepting a user's access request to a web page, returning a response with a fraudulent web page that appears to be legitimate. This can happen to virtually any website, from online banking to file-sharing services to email providers.

For example, if Alice tries to access her email and a hacker manages to intercept the communication between her device and the service provider, they can carry out a MitM attack that leads her to a fake website. If the hacker gains access to Alicia's login and password, he can use her email to carry out malicious acts such as sending phishing messages to her contact list.

Therefore, the intermediary is a third party capable of intercepting data sent between two points, and who poses as a legitimate actor. Generally, MitM attacks are carried out to trick users into entering their most sensitive data on fake websites, although they can also be used to simply intercept a private conversation.


WiFi eavesdropping

WiFi eavesdropping is a type of MitM attack, in which the hacker uses a public WiFi to monitor the activities of anyone who connects to it. The intercepted information can range from personal data to browsing patterns and internet traffic.

This is usually done by creating a fake WiFi network with a legitimate-looking name. The name of the fake access point is often similar to that of a nearby store or company. WiFi eavesdropping is also known as the “Evil Twin method”.

For example, a consumer may walk into a coffee shop and notice that there are three WiFi networks available, with similar names: Coffee Shop, Coffee Shop1, and Coffee Shop2. It is likely that at least one of them is a fraudulent network.

Hackers can use this technique to harvest data from any device that establishes a connection, eventually allowing them to steal login credentials, credit card information, and other sensitive data.

WiFi eavesdropping is just one of the many risks associated with public networks, so it is always preferable to avoid using them. If you must use public WiFi, be sure to check with an employee that it is authentic and secure.


Packet Analyzer

Sometimes criminals use specific computer programs to intercept data. These programs are known as packet sniffers, and are often used by legitimate IT professionals to log digital network traffic - as they make it easier to detect and analyze problems. These programs are also used to monitor Internet search patterns within private organizations.

However, many of these packet sniffers can be hijacked by cybercriminals to gather sensitive data and carry out illegal activities. Although it may seem innocuous at first, victims may later discover that someone has committed identity fraud against them, or that their company's confidential information has been leaked in some way.


Basically, cookies are small packets of data that browsers collect from websites to retain certain browsing information. These data packets are usually stored locally (as text files) on the computer, so that the website recognizes the user when they return.

Cookies are useful because they facilitate communication between users and the web pages they visit. For example, cookies allow users to stay logged in without having to enter their credentials each time they visit a particular web page. They can also be used by online stores to record the items that customers have previously added to their shopping carts or to monitor their browsing activity.

Because cookies are simple text files, they cannot carry keyloggers or malware, so they will not cause any damage to your computer. Still, cookies can be dangerous in terms of privacy, and will often be employed in MitM attacks.

If a malicious actor is able to intercept and steal the cookies you are using to communicate with websites, they can use that information against you. This is called Cookie Theft and is generally related to what we call Session Hijacking.

A successful session hijack allows the attacker to impersonate the victim and communicate with web pages on their behalf. This means that it can use the victim's currently open sessions to access personal emails or other web pages that may contain sensitive data. Session hijackings typically occur on public WiFi hotspots because they are easier to monitor and much more vulnerable to MitM attacks.


How to protect yourself from MitM attacks?

  • Disable any settings that allow your device to automatically connect to available WiFi networks.

  • Turn off file sharing and sign out of accounts you're not using.

  • Use password-protected WiFi networks whenever possible. When you have no choice but to use a public WiFi network, try not to send or access sensitive information.

  • Keep your operating system and antivirus updated.

  • Avoid any financial activity while using public networks, including cryptocurrency transactions.

  • Use web pages that use the HTTPS protocol. Keep in mind, however, that some hackers are capable of carrying out HTTPS spoofing, so this measure is not completely foolproof.

  • Using a virtual private network (VPN) is always recommended, especially if you need to access sensitive or business-related data.

  • Be careful with fake WiFi networks. Don't trust the name of a WiFi just because it is similar to that of a store or company. If you have doubts, ask a worker to confirm the authenticity of the network. You can also ask if they have another secure network they can give you access to.

  • Turn off your WiFi and Bluetooth if you are not using them. Avoid connecting to public networks if you don't really need to.


Final thoughts

Cybercriminals are always looking for new ways to access people's data, so it's essential to educate yourself and stay vigilant. Here we have addressed some of the many risks that public WiFi networks can present. Although many of these risks can be mitigated by using a password-protected connection, it is important to understand how these attacks work and how you can avoid becoming the next victim.