Are Hotspots A Secure Form Of Wi-Fi? Here's What To Know Before You Connect
The Wi-Fi you have in your home or office is fundamentally different from a public hotspot. Residential or professional Wi-Fi is usually more secure, with controlled access and direct connection to an ISP through a router. On the other hand, hotspots can use public Wi-Fi networks or cellular data to provide internet access.
While administrative access to hotspots can pose security risks, it doesn't automatically allow viewing of all user information. This depends on the network's security setup and the attacker's capabilities. Regardless, always use caution when signing onto any public network.
When someone says the word "hotspot," they generally refer to a physical location where you can connect to a network. You should imagine it as a bubble of signal originating from a router or mobile hotspot device that you can join to access the internet when you're within range. So, even though the words Wi-Fi and hotspot are sometimes used interchangeably, they don't necessarily mean the same thing.
Because of how hotspots are tied to physical locations, they're also used to refer to the Wi-Fi connection you can get while in public locations like airports, hotels, and cafes. Everyone with some internet security experience will know how risky it can be to use public unknown Wi-Fi. You should take certain security steps before using these readily available hotspots.
Where does your phone's hotspot fit into all this?
There are generally two types of hotspots: public and personal (or private hotspots). When you turn on the hotspot on your iPhone, for instance, you've created a personal (and mobile) hotspot you can carry around. These types of hotspots are great for sharing an internet connection with other devices that can't access the internet on their own when there's no Wi-Fi available, like your laptop. Most "personal hotspots" are rechargeable mobile devices or pocket Wi-Fi (Mi-Fi) that have the ability to broadcast Wi-Fi signals in a limited range to limited devices. These are generally secure if they are encrypted and have good passwords.
However, public hotspots are different. They could be directly from a public place like an airport or someone else's free personal hotspot that they left unprotected (which can also be done maliciously).
Connecting to your personal hotspot or a trusted friend's is fine for the most part. You should be safe as long as it's password-protected and you keep tabs on what devices are connected to it. If there are more devices connected to the hotspot than you can account for, go and check if someone else is connected to the hotspot, change the hotspot password immediately, and create a complex password that isn't easy to crack. For those who prefer to connect to their hotspot via Bluetooth tethering, remember not to leave your device discoverable and ensure that you run the latest OS or firmware updates.
What are the risks of connecting to unknown hotspots?
For the sake of security, there's no difference between a public hotspot and public Wi-Fi. Whether the hotspot you're connected to is the official one from the location you're at or it's a random person's hotspot, it doesn't matter. The risk remains the same. Here are all the things that could happen to you:
-
Man-in-the-middle attacks (MITM): Hackers can lurk on poorly protected public hotspots and intercept the data passing between your device and the router. They have tools that can fetch the data and decrypt it, allowing them to steal your information.
-
Malware: Skilled hackers can exploit vulnerabilities and download malware on your device. When this malware gains a foothold in your software, it can cause all kinds of problems or steal your information, depending on what the malware was designed to do. Some really powerful malware can even remote control your device.
-
Session hijacking: Session hijacking is like a hacker sneaking into your ongoing conversation with a website and pretending to be you. They can do things like buying stuff with your saved credit card. To avoid this, don't save card details online and use a protection plan that safeguards your device and personal info.
-
Phishing attacks: Phishing is a trick where hackers send fake messages to steal your private information. They can sneak these tricks into Wi-Fi traffic. To stay safe, especially on public Wi-Fi, use good security tools, keep your software updated, and use multi-factor authentication, which double-checks it's really you logging in.
-
Activate your device's firewall and turn off file-sharing: Leaving file-sharing on can allow unauthorized users to access your files.
What should you do before connecting to a public hotspot?
Ideally, your best bet for safety is to ignore public hotspots completely, but if you need to use one, here's a list of steps you should take before you connect:
-
Get antivirus and VPN. Install both of these things or get an app that can do both. A VPN adds an extra layer of security to your connection by creating an encrypted link between your device and the Wi-Fi (also known as a VPN tunnel). An antivirus will deal with any malware that you may acquire while connected to public Wi-Fi.
-
Update your browser and device to the latest version with trustworthy security patches. Microsoft, Apple, and Google constantly battle to ensure their software doesn't have vulnerabilities that can be exploited. You should keep your device up to date because older software can leave you open to tried and tested hacking attempts.
-
Confirm you're connecting to the correct SSID. Some sneaky cybercriminals may broadcast malicious Wi-Fi that seems similar to the proper one. For example, you might find "StarBuck" instead of "StarBucks" while at the coffee shop. These have been set up, so you might connect to one where they have a proper domain. Find a staff or authority figure to confirm what the right SSID is.
-
Enable multi-factor authentication like Face ID, Touch ID, SMS confirmation, and other methods before connecting.
What do you do after connecting to a public hotspot?
While connected to public hotspots, you should stay away from filling in sensitive forms on websites, like logging into your bank or online stores with your payment information. If you really need to do that, it's best to use a password manager to autofill all of those sensitive passwords. In the same vein, close or log out of applications and websites you no longer need, as that can give bad actors an opportunity to access them.
You should also avoid non-HTTPS websites. HTTPS sites have an SSL certification, meaning that the traffic from those sites is encrypted. HTTP and other addresses don't have the same level of security, and your activities on those sites could be open to other users on the network. To be safe, you can use a browser extension (like HTTPS Everywhere) to ensure that your connections are parsed through HTTPS.
As soon as you're done browsing, log out from everything, close all apps, and restart your device. That might shake off any cybercriminals that may have been lurking in your phone while you were online. Also, don't forget to disable automatically connecting to free Wi-Fi networks; it's one of the things you should never do while connected to public Wi-Fi.