5 ways hackers can steal your data on public Wi-Fi

Fibre optic cables glowing like hundreds of stars
(Image credit: Unsplash / JJ Ying)

If you’re away from home and don’t use mobile broadband, Public Wi-Fi is one of your only options. 

It’s almost certain that at some point in time you will need to connect to Public Wi-Fi. Luckily, most providers of Public Wi-Fi hotspots make them “open”, which means anyone can join the network without a password. However, this comes at a price. When you’re on the network, bad actors like hackers and identity thieves can target your data.

In this guide you’ll learn 5 of the main ways in which hackers will try to target your personal information and how to protect yourself. Also, don’t forget to take some time to read our guide on why you need a VPN when accessing public Wi-Fi

1. ARP spoofing

When you connect to a Public Wi-Fi network to access the Internet, you never know who else is connected to it as well.

If a hacker connects their device to the same network as you, they can use Address Resolution Protocol (ARP) poisoning to try to gain access to your data.

The hacker can use specialist tools to scan the public Wi-Fi network for your device’s unique IP address as well as that of the main Wi-Fi router. By sending out fake ARP messages, they can then discover the MAC (Media Access Control) address of both your device and the router. This allows the hacker to impersonate your device and secretly receive all the data that is transferred between you and the websites you visit.

These types of attacks are known as “Man in the Middle” attacks and leave you vulnerable only if the websites or services you’re connected to are not using encryption. 

You can protect yourself when you have to use Public Wi-Fi by making sure you only access pages secured by SSL/TLS encryption. Better yet, sign up with any of the best VPN services and all your internet data will be encrypted before it leaves your device, making it much more difficult for hackers to access. 

2. DNS poisoning

DNS poisoning or ‘DNS spoofing’ can be an extremely dangerous type of attack, as most people are unaware it’s happening.

DNS servers act as a sort of virtual phone book for the internet. They take the human readable website names you type into an address bar e.g. www.techradar.com and translate them into machine readable IP addresses. 

At home, your ISP usually provides you with DNS servers to help direct your connection requests but if an attacker is able to access your device e.g. through ARP Spoofing, or tamper with the public Wi-Fi router, you could easily type in the address of a legitimate website such as www.amazon.com, only to be redirected to a phishing site set up by the hacker. 

The address bar still shows the correct web address for the website you want to visit, so you’re none-the-wiser when you enter your passwords or other sensitive information. 

You can configure your own Wi-Fi network to use a more secure form of DNS such as DNSSEC, or use a public DNS server, such as those offered by Google. However, If you’re using public Wi-Fi though, you can’t do these things. 

The simplest way to stay safe is to use a reliable VPN provider such as ExpressVPN who route all connection requests through their own servers, wherever you’re connecting from.  

3. SSL stripping

When an attacker is connected to the same Wi-Fi network as you, they can use SSL stripping to lay bare your sensitive personal data.

SSL/TLS is a suite of security protocols which encrypt the connection between your device and a web server. So, if your data is intercepted it’ll be almost impossible for a hacker to read. You can find out more in our guide What is TLS and how does it work?

If a hacker is able to manipulate your connection though e.g. through ARP Poisoning, they may try to force your device to use the unencrypted versions of secure websites, rather than those protected with an SSL certificate.

If you’re using Public Wi-Fi, stay safe by checking each website you use begins with “https://” in the address bar, not “http://”. Most browsers also display a padlock next to the address bar to show the site is secure. 

Almost all the best browsers can now be configured to use only secure HTTPS connections where available. 

The world web is slowly coming round to providing secure websites but in the meantime, by using a VPN, all your traffic is encrypted, both HTTP and HTTPS. 

4. Malware

Hackers can inject malware onto your device through an unsecure network and by other means. For example, if you click a link from a suspicious email. They may also try to actively hack your device but they’re more likely to use techniques like ARP Spoofing and DNS Poisoning to redirect you to malicious links, which will download malware to your device.

This is very dangerous, as not only could an attacker access all the data on your device, once your machine’s infected, they may well be able to access it even when you disconnect from a public Wi-Fi hotspot and connect to another, say in your home. Thankfully, the best malware removal should be able to handle most forms of malicious software on your machine. 

For additional security, we recommend choosing any of the best adblockers to prevent most harmful malware links from loading. And make sure to install and update the best antivirus software for your device (yes, even if you use an Apple Mac). 

5. The Honeypot

Given how popular public Wi-Fi is, some hackers and identity thieves take things a step further by setting up their own “honeypot” or “evil twin” hotspot. These days this is very easy to do by using equipment freely available on the web and has very scary implications.

In an airport, a hacker can set up an unsecured wireless network called “FREE AIRPORT Wi-Fi”. Then, anyone who connects to this network will have their data harvested by the person that set up the network.

The first way to stay safe is to check with the management of the premises that you have the right Wi-Fi network name. 

Once again, if you use a secure VPN to connect to the Internet, all your traffic is encrypted, including DNS requests to visit websites no matter what network you’re on. This would make it extremely difficult for an attacker to gather any useful information about you, even if you did connect to a honeypot by accident. 

Nate Drake is a tech journalist specializing in cybersecurity and retro tech. He broke out from his cubicle at Apple 6 years ago and now spends his days sipping Earl Grey tea & writing elegant copy.