The Prime Minister Wi-Fi Access Network Interface (PM-WANI) scheme, launched by the government earlier this year, aims to provide free Wi-Fi in public places nationwide, enabling citizens to access the internet while traveling. But is connecting to public Wi-Fi truly safe?
Public Wi-Fi is everywhere, from coffee shops to railway stations to airports, but did you know connecting to these can put your data at risk? Many people find public Wi-Fi networks convenient since they offer free-of-cost service and usually put their devices on auto-connect. But these networks harbour security and privacy risks, especially open networks.
In August this year, a report claimed that people of Bengaluru lost Rs 845 crore to cyber criminals in the first six months of 2024. Among the reported incidents, cases of debit and credit card fraud were the most rampant, accounting for 1,485 of the total 9,260 cases. Most victims reported accessing Wi-Fi at hotels, lounges, and other public spaces before making online transactions.
Clinical dietitian Malvvika Fulwwani, a frequent user of public Wi-Fi said, “I have experienced strange things on my phone a couple of times while using public Wi-Fi.” Fulwwani said that while on a public network, she spotted a spike in pop-up advertisements, and sometimes her phone slowed down considerably.
What is public Wi-Fi?
Public Wi-Fi, or open Wi-Fi, is a wireless network in public places that allows people to access the internet for free. Users often do not need any verification before accessing it. If the Wi-Fi connection is password-enabled, the establishment or individual makes the password publicly available for all. This makes it easier for users to log in to the network and access Wi-Fi on their devices. In simple terms, any open network apart from your home network falls under the ambit of public Wi-Fi.
Public Wi-Fi, or open Wi-Fi, is a wireless network in public places that allows people to access the internet for free. (Image: FreePik)
Public Wi-Fi is often a saviour for those who are stuck in areas with poor mobile connectivity. Today, public Wi-Fis are a mainstay in public spaces like cafes, malls, etc.
Is public Wi-Fi not secure?
Since it is easy for anyone to access the internet using public Wi-Fi, especially without any verification, it comes with numerous risks. Along with genuine users, public Wi-Fi can be the playground for hackers as they can access it without any authentication. This means hackers on the network can get access to your device, meaning they can collect critical information and use it to their advantage. They can obtain login IDs, passwords, bank account info, and even login credentials to several websites including social media platforms. This put users at the risk of identity theft, where the hacker could use their credentials to access websites. In some instances, hackers can also unleash malware (a software designed to harm the device) onto your smartphone.
Can VPN save you?
Even though public Wi-Fi can expose you to scammers and different kinds of threats, users have also found ways to stay secure on public networks. “I have never faced any problems while using public Wi-Fi owing to a few reasons. Firstly, I use an iPhone, and issues with iOS devices are comparatively fewer, although Android phones may face some malfunction and see more pop-up ads. Secondly, I use my own VPN (virtual private network) for secure connections,” Prathmesh Palve, a project manager at WPMU DEV told indianexpress.com.
Palve believes using VPNs is one of the best ways to minimise public Wi-Fi risks. VPNs establish a private and encrypted tunnel through which data is sent and received on the device.
According to cyber expert Shubham Singh, “Using a VPN or HTTPS on public Wi-Fi can enhance security, but neither is completely foolproof.” Hypertext transfer protocol secure (HTTPS) is the secure version of HTTP – the primary protocol used to send data between a web browser and a website. HTTPS is used to enhance the security of data transfer. This term can be seen while using any website on your device.
Can iOS save you?
When it comes to smartphone safety, iOS clearly wins the race against Android. Apple has more robust security controls. However, using an iPhone or any other iOS device does not guarantee safety from attackers. Cybercriminals can still exploit vulnerabilities if users are not cautious.
Infographic: Angshuman Maity/The Indian Express
How do attackers exploit public Wi-Fi?
According to Singh, there are several ways in which attackers typically exploit public Wi-Fi networks to gain access to users’ sensitive data.
Man-in-the-Middle (MITM) Attacks: This type of attack happens when a hacker ‘secretly’ gets in between two systems interacting with each other, like a user and a website, without the user knowing. The hacker intercepts conversations and steals sensitive information. By doing this, the hacker can pretend to be the user, steal important information like passwords or credit card numbers, and use it to their benefit. It is like someone sneaking into your conversation and stealing your secrets without you realising it.
Fake hotspots (evil twin attacks): A hacker sets up a rogue Wi-Fi network that looks legitimate and uses this to trick users to connect and share sensitive information. Once the victims connect the hacker can see everything they do online. Setting fake hotspots is easy and several off-the shelf products allow anyone to become a hacker, including people who don’t know anything about technology.
Packet sniffing: Sniffing is like eavesdropping on a network, where data moving between computers (like messages or information) is captured and watched. Network managers who have good intentions use sniffers as tools to identify and fix issues, ensuring everything runs smoothly. However, hackers, whose intentions are bad, can misuse these tools to steal sensitive information, such as passwords or account details. Sniffers can be either small devices or software programs installed on a computer. If hackers configure a sniffer to ‘listen to everything,’ they can access all the data being shared on the network.
Packet sniffing is a method of detecting and assessing packet data sent over a network. Packet sniffing tools can be used by hackers to spy or steal confidential data. These tools can be used to monitor and capture unencrypted data transmitted over the network.
As public Wi-Fi has become a staple in most common spaces, staying informed about its risks can help you save time and money. (Image: FreePik)
DNS Spoofing: DNS (Domain Name Server) spoofing, or DNS cache poisoning is a hacking method where people are redirected to fake websites instead of the ones they intended to visit. These fake sites are often designed to look exactly like the real ones. When users enter their login details on these fraudulent sites, hackers can steal sensitive information like usernames, passwords, and other private data. In some cases, these sites may also secretly install harmful software, such as viruses, on the user’s computer, allowing hackers to continue accessing their device and data without their knowledge.
How to identify unsecured public Wi-Fi networks?
Shubham Singh lists a few points to identify unsecured networks:
📌 No password is required to connect
📌 No HTTPS encryption seen
📌 Lack of WPA2 or WPA3 encryption*
📌 No ‘terms of use’ or ‘login page’
📌 Seeing several networks with similar names could signal a rogue hotspot
* WPA3 (Wi-Fi Protected Access 3) and WPA2 (Wi-Fi Protected Access 2) are two different generations of wireless security protocols used to secure Wi-Fi networks.
Tips when using public Wi-Fi:
Prathamesh Palve has some tips for people who need to use public Wi-Fi:
Do not use public Wi-Fi unless there is an emergency: This emergency could be work-related; however, one should avoid making online transactions.
If you use public Wi-Fi, check the provider: For example, as suggested, TATA Telecommunications is the best public Wi-Fi provider; similarly, Airtel and Vodafone are good too and can be considered credible network providers.
Do not make any transactions while using public Wi-Fi: This includes all kinds of transactions, even UPI payments at a shop or online shopping. Switch to your network provider before making any payments.
Do not click on any pop-up advertisements. Pop-up ads usually direct users to a different website that can ask for personal details or bank credentials. If you click on the pop-up advertisements, do not enter personal information anywhere.
Always use VPN: They establish a private tunnel through which the data is sent and received on the device; this is still not fully safe.
