Earlier this week we told you about a public Wi-Fi threat called Evil Twin Hotspots. Even if you do not encounter these, using insecure public Wi-Fi is risky. Here’s how to stay safe.
You might be surprised at all of the wicked things that hackers can do to someone connected on an insecure Wi-Fi connection. There are three general ways in which an attacker can exploit public Wi-Fi:
- Man-in-the-middle Attack – As we have previously discussed, a man-in-the-middle (MitM) attack is where a hacker positions their self in the middle, between you and the Wi-Fi hotspot you are using. The attacker uses their position to intercept your online communications.
- Malware – A hacker can inject a piece of malware if you are not careful. Using malicious programs, they can steal/corrupt your files, secretly spy on your through your camera and/or microphone, or use a keylogger to record everything you type.
- Wi-Fi Sniffing – Cybercriminals can use Wi-Fi sniffing to monitor network traffic. By connecting to insecure Wi-Fi and using software like Wireshark or TCPDump, a person can quickly record gigabytes of data traveling across the network. Sniffing is fine for troubleshooting private networks. Doing it on a public Wi-Fi hotspot to fish for private data is a hostile act.
How to Secure Your Data on Public Wi-Fi Networks
Step One: Use LiquidVPN
Using LiquidVPN is the best thing you can do to protect yourself on a public Wi-Fi network. You should use it on public and private networks you do not own. Virtual private networks like LiquidVPN create an encrypted connection between your computer and the rest of the internet. Your data tunnels through the public Wi-Fi network. Although a hacker can still intercept the data, they cannot do anything with it without cracking it first. The encryption standards we use are the best in the business. For instance, OpenVPN uses 4096 bit RSA, SHA2, and AES-256-CBC. Some might ask why we do not use Twofish, Serpent or ECC, and our answer is simple. OpenVPN currently does not support it without modifying the source code. Modifying the OpenVPN source code means possibly introducing new bugs. We are not willing to risk that for a bit of PR.
Step Two: Turn Wi-Fi Autoconnect Off
Even if you are using LiquidVPN, it will not do you any good if it is not connected to our network when your device is connecting to public Wi-Fi hotspots it thinks is safe. Always make sure to turn off your Wi-Fi antenna when you are not using it.
Step Three: Turn Off File Sharing
When using a public network, it is a good idea to turn off file sharing. This includes using iTunes to share your home library over Wi-Fi. On macOS you can go into Settings > Sharing and turn it off.
To turn off file sharing in Windows 10, go to Control Panel > View network status and tasks > Change advanced sharing settings. Choose Turn off file and printer sharing, and click Save Changes.
Step Four: Verify Your Firewall is Enabled
Make sure your firewall is turned on and ready. A firewall protects your computer against unwanted network connections. A good firewall for Windows users is Windows Firewall! Alternatively, if you are looking for more control, Comodo is the only way to go. It’s a free download and it’s easy to install and start using.
Mac users also have a built-in firewall they can use. Turn on Stealth Mode in advanced options to prevent people from pinging you over the network. Your MacBook simply won’t respond to these kinds of fingerprinting requests. Go to Settings > Security & Privacy > Firewall.
Step Five: Use Two-Factor Authentication
2FA is another great thing to use on both private and public networks. It’s a way to secure your online accounts. When you log into an account with 2FA, you’ll need to use a special one-time code sent via text, or displayed on an app like Yubico Authenticator. Dozens of prominent websites are hacked every day, and this is a way to prevent other people from logging into your accounts.
LiquidVPN has a great guide to setting up two-factor authentication here.
Step Six: Use Anti-Virus Software
Every week or so you should scan your computer using antivirus software. Regular scans of your system is usually your alert if something is weird on your device. If any known viruses appear on your computer, the software sends you an alert and helps you quickly remove the offending bugs. Please do not think these will find everything. To be honest Antivirus software is more of a 90s and pre 2010 thing. Many of the threats you will face today wont be detected by antivirus software until it is too late. Also keep in mind that you may need to whitelist your VPN adapter in order to keep your connection from slowing down.
Some great Antivirus programs that play nice with VPN connections:
Step Seven: Turn Off Wi-Fi
Turn off Wi-Fi when you’re not using it. The best guarantee to stay safe on public Wi-Fi is to not use it at all, or at least use it sparingly. If you’re using an iPhone, there is a setting to toggle to prevent your phone from automatically connecting to insecure Wi-Fi.
Turn Ask to Join Networks off.
Step Eight: Use A Password Manager
Using a password manager that creates and stores secure passwords is extremely important. I can not stress this enough. You can visit the website HaveIBeenPwned to see a list of all of the websites that have gotten hacked. Type in your email into the website to find out if you number among the victims of these attacks.
But don’t wait until a hacker steals your info to start using a password manager. We have a great guide to getting started here.
Step Nine: Share This Guide
With these tips, tricks and tools you should be well on your way to becoming a responsible Wi-Fi user. Use this guide for yourself, then share it with your friends and family. Many people can benefit from using this guide and the others we’ve written.
I bet a lot of you have great tips for keeping safe on public Wi-Fi networks. Please share them in the comments and when it comes time to revisit WiFi security we can include your thoughts in the article.