Why browsing on Starbucks Wi-Fi is dangerous and how you can best play it safe
You’ve probably heard that using public Wi-Fi puts you at risk of being hacked, but what specifically opens you up for attack? Could my email be accessed? My banking information? The naughty videos I’ve favorited on Tumblr? The short answer is yes. Here are some common ways a malicious attacker may try to gain access to your information and some tips on how to best avoid it.
An attacker can watch all the websites you visit
When you are on a public Wi-Fi network, like those in Starbucks, everyone connected to that Wi-Fi network has access to all internet traffic of everyone else on the network… Did you hear that? EVERYONE! Even if that network requires you to accept some terms of service, even if that network is password protected! That means, right now, you could follow some simple steps that would allow you to see all the sites that everyone on that Wi-Fi network is visiting and for any of those sites that are not 🔒 Secure, you would be able to see a person’s username and passwords too.
Realistically, in 2018, this isn’t directly such a big issue because most major websites like Facebook, Gmail or Chase.com are 🔒 Secure which means even if an attacker was looking at your traffic, they wouldn’t be able to extract a password because all of the traffic would be encrypted (more on encryption in a later article). HOWEVER, what an attacker could do is wait for you to enter your password on a website that isn’t secure, then try using that same password on Chase.com to gain access to your bank account. This is one of the reasons why it’s important to have a different password for every account that you use (password managers like 1Password make doing this much easier) so that an attacker gaining access to one account doesn’t mean they get access to all of your accounts.
This is probably the most common and obvious way you can get hacked on a public Wi-Fi network, but there are other ways too.
An attacker could trick you into joining the wrong network
When you finally sit down after receiving your Triple, Venti, Half Sweet, Non-Fat, Caramel Macchiato, you open up your laptop and click the Wi-Fi icon which usually reveals a long list of available networks to join.
“Starbucks WiFi” looks correct, right? Or is it “Google Starbucks”? Or maybe “Totally Legit Starbucks WiFi, I Swear”?
In reality, anyone can set up their own Wi-Fi network and name it whatever they want. Think about if you’ve ever set up your own Wi-Fi network at home, you can literally name it anything. Mine is named “My Nuclear Button is Bigger Than Yours”. Just kidding.
If you were to join the Wi-Fi network of an attacker, you are essentially giving them full control over everything you do on the internet. They could, for example, create a fake version of Amazon.com and trick you into signing in to it. Then they could take the password you entered, log into your real Amazon account and do something truly inhuman like order 17 packages of sugar-free Haribo Gummi Bears. As a web developer myself, I can confirm that it would incredibly easy to make my own webpage that looks exactly like Amazon.com. Worst yet, all of this can be done without you knowing.
A skilled attacker doesn’t need to trick you at all
Despite what I’ve said up until this point, the fact is that a skilled attacker can even hijack a legitimate Wi-Fi network and reroute traffic through their own computer intercepting everything you do online, however, this would likely be uncommon, as an attacker willing to take it that far may have more valuable victims than whoever they can find in Starbucks.
So, what’s the solution? I NEED A SOLUTION
Like hearing Taylor Swift music everywhere I go, there is no 100% solution to this problem, there’s only “safer” and “less safe”. The honest truth is that the safest way to browse the internet is not to browse the internet at all. Maybe instead of entertaining yourself with Snapchat filters, you can find a calculator from the 90’s and type in 55378008 and then turn it upside down. Hilarious.
Of course, that’s not realistic though. Plenty of us have used public Wi-Fi countless times without getting attacked (I think..?). That’s because most of the time, there is no malicious person waiting to prey on us. But it’s important to realize that we are vulnerable and modify our behavior as much as is reasonable. Here are some quick tips to help keep you safe on public Wi-Fi.
Be cautious when logging into important accounts on public Wi-Fi
Always make sure the URL in your browser is correct and shows the “🔒 Secure” badge at the top. If you notice anything fishy about the way the site looks, best off avoiding it until you’re on a trusted internet connection. If you can avoid it entirely, don’t log into those account on the public Wi-Fi to begin with.
Create a personal hotspot using your phone
If you need to use your computer and access sensitive data, a good security measure might be to instead connect to your own personal mobile hotspot using your phone. Be careful here though, because unless you have an unlimited data plan, it will be very easy to hit your data limit while browsing on a computer instead of your phone.
Enable 2-factor authentication on whatever accounts you can
Enabling 2-factor authentication (2FA) on, say, your bank account login means that every time an attempt to log into your account is made, you also get a text sent to your phone with a verification code that you need to type in. This is an extra layer of security because an attacker needs to do more than just get your login credentials to get into your account, they would also need your phone.
⭐ Use a VPN when browsing on public Wi-Fi ⭐
Ultimately, this is the safest option. Using a Virtual Private Network (VPN) will encrypt all of your traffic over the internet. That means that even if all of your traffic is being intercepted by an attacker, they won’t be able to make sense of or interfere with any of it.
Here is a list of PCMag’s top-rated VPNs of 2018 with NordVPN being rated the highest — that’s what I use. It’s super simple to set up and works on both your computer and phone.
If you’re interested in learning more about how VPNs work, leave a note in the comments below and I can dedicate a future article to talking about it.
Public Wi-Fi is a dirty place
Ultimately, we need to change the way we view public Wi-Fi. Whenever connecting to a public network, we should always be on guard and use our best judgment and assume that someone is watching what we’re doing online. You wouldn’t walk into a Starbucks and start shouting your bank account login to everyone, so you also shouldn’t input it on your computer while on public Wi-Fi.
Dog tax:
Mike Maffattone is the founder of Gigareef, a web and app development company. Check out our work: gigareef.com
Do you need a website or app built? Get in touch: info@gigareef.com
Have future article topic suggestions? Leave a note in the comments below. Here are some potential articles:
- Why do certain sites show “🔒 Secure” in my browser while others do not?
- We’ve been using the word “hacker” incorrectly
- You really should be using a password manager
- How a VPN works and why you should be using one
- How cryptocurrency cold storage works and why it’s the safest (for now)
Sources and additional reading/watching:
How safe is WiFi at Starbucks? Is SafeWeb good?
https://www.quora.com/How-safe-is-WiFi-at-Starbucks-Is-SafeWeb-good
Starbucks cafe’s wi-fi made computers mine crypto-currency
http://www.bbc.com/news/technology-42338754
Encryption: Last Week Tonight with John Oliver (HBO)
https://www.youtube.com/watch?v=zsjZ2r9Ygzw
