Public WiFi is not safe, but a good VPN can keep you out of harm’s way
The dangers associated with public WiFi have been typed and written to death. You’ve heard them before, they start in a café or a coffee shop, maybe at the airport. And they end with your personal information in the hands of a cybercriminal.
The threat is well known, but the fix is not. After all, the internet has become an integral part of daily life. And as long as there are data plans that cap people’s bandwidth, using WiFi will be preferable to paying by the bit.
But as we’ve already established, those hot spots aren’t safe. But just writing it probably isn’t enough to let’s look at how someone actually sets up a WiFi watering hole (or some other, similar exploit) and then talk about how to defend against it.
Compromising WiFi
Most of us, when using the internet, fail to add the requested protocol to the beginning to URLs they type. You don’t go to https://amazon.com, you just type amazon.com. This is entirely a function of convenience, but it also belies a lack of understanding on the part of internet users. Those protocols are important, HTTPS provides a secure connection that blocks third parties from being able to read the data being exchanged. HTTP does not.
For the sake of interoperability, browsers regard URLs without the protocol stated as standard HTTP requests.
This provides a unique attack vector for criminals that can compromise a public wifi hotspot. So, how does one do that? It’s actually pretty easy, you can either use a device like a WiFi pineapple (which would run you maybe $100 USD) that can launch its own network, which you’ve named to resemble a legitimate one, or just eavesdrop on the connections at the network level.
While that may not make much sense to you, it does to any half-decent cybercriminal and it’s trivial to pull off.
And once they have, everything you do on the network that isn’t encrypted will be visible to attacker.
So, how do you get around this problem?
A good VPN.
VPN to the Rescue
Your VPN may have its own client on your device, or it may require you to request a specific URL through your browser. Either way, either via the client or HSTS, your device will send a secure HTTPS request to initiate the connection. From there you just log in as usual.
The beauty of a VPN is that your device is logging into a third party virtual server that obscures your IP address and provides some degree of anonymity (depending on the VPN you select). What that effectively means is that anyone attempting to eavesdrop on your connection – to read the data being exchanged – will only see random streams of encrypted text, which is useless to them. Even if you’re on a spoofed network, a good VPN can keep the attacker from compromising your communication.
Now, I know you might be asking, ‘wouldn’t an encrypted HTTPS connection also keep the data being transmitted safe?’ Yes and no. While it’s true that HTTPS would obscure the data being transmitted once a connection is underway, there are still parts of the handshake that are unencrypted and oftentime the initial request is via HTTP, too. (Really anytime HSTS isn’t supported). Additionally, the attacker can still see all the sites you visit, even if it can’t tell how you’re interacting with them.
With a VPN, you’ll still be able to visit all the sites you normally would, you can use the internet in the same way, but instead of seeing all your activity, the network will just see your encrypted connection to the VPN. That’s far more anonymous and far more safe.
