You walk into a café, airport, or shopping mall, and your smartphone automatically connects to free Wi-Fi. Convenient, fast, and economical—but how safe is it? Public Wi-Fi networks They've become an integral part of our lives, but behind this convenience lurk serious risks. Fraudsters, hackers, and even ordinary curious users can access your data with little effort.
The problem is not in the networks themselves, but in how are they organizedMost public hotspots don't use encryption, and those that do often configure it poorly. As a result, your traffic—from instant messaging to bank card passwords—can become easy prey for attackers. And this isn't paranoia: according to KasperskyIn 2023, every third data theft incident was related to vulnerabilities in public networks.
In this article we will look at Real-life cases of attacks via public Wi-FiWe'll explain why even "secure" networks can be dangerous and provide specific recommendations on how to minimize the risks. Don't panic, but don't have any illusions either: if you connect to someone else's network, you automatically become a potential target.
1. Traffic Interception: How Your Data Becomes Public
The main threat of public networks is lack of traffic encryptionWhen you connect to Wi-Fi at a cafe, your smartphone or laptop exchanges data with the router in clear text. This means that anyone on the same network, using simple tools (like Wireshark or Fiddler) can see:
- 🔍 Logins and passwords from sites that don't have HTTPS (yes, they still exist!)
- 📧 Email content if the email client does not use TLS
- 💬 Messages in messengers that are not end-to-end encrypted (for example, some versions Viber)
- 📊 Browsing history and cookies (including session cookies)
Case study: in 2022 at a Moscow airport Sheremetyevo Hackers intercepted data from passengers connected to free Wi-Fi. They used ARP-spoofing (a "man-in-the-middle" attack) to redirect victims' traffic through their server. As a result, the bank card details of those paying for services online were stolen.
Even if the site uses HTTPS, not all data is protected. For example, the domain name (e.g., vk.com or sberbank.ru) is transmitted in cleartext when a connection is established. This allows attackers to understand which resources you visit and prepare a targeted attack.
2. Phishing access points: how scammers disguise themselves as legitimate networks
One of the most insidious threats is fake access points, which imitate legitimate networks. For example, a shopping center might have an official Wi-Fi network called Mall_Free_WiFi, and next to it is a fraudulent one Free_Mall_WiFi or Mall_GuestUsers often connect to them without noticing the catch.
How does this work:
- The attacker creates an access point with an attractive name (for example,
Starbucks_WiFi(next to the coffee shop). - When you connect, you are redirected to a fake authorization page (e.g. "Enter your phone number to access").
- The entered data (number, password, code from SMS) ends up in the hands of scammers.
In 2023 in St. Petersburg A wave of such attacks was recorded in the metro. Passengers connected to the network Metro_Free_Internet, after which they were redirected to a website simulating a government services portal. There, they were asked to "update their passport and SNILS information"—naturally, all the information entered was transferred to the scammers.
⚠️ Attention: If, after connecting to Wi-Fi, you are immediately redirected to a page asking you to enter personal information, this is a sure sign of phishing. Legitimate public networks (for example, in McDonald’s or Aeroflot) require only acceptance of the terms of use, but not passwords or phone numbers.
How to check the legitimacy of a network?
Official networks usually have:
- Name with the establishment’s logo (for example, KFC_FreeWiFi instead of Free_KFC)
- Authorization page with corporate design (colors, fonts)
- Information about the network can be found on the establishment's website or from the staff
3. Protocol Vulnerabilities: Why Even "Secure" Wi-Fi Isn't Always Safe
Many people think that if a network requires a password, it's secure. This is a dangerous misconception. Even encrypted networks WPA2 (the most common standard) have vulnerabilities:
- 🔓 KRACK attack (Key Reinstallation Attack) - allows you to decrypt traffic by exploiting errors in the protocol
WPA2. - 🤝 Weak passwords: many establishments set simple passwords like
qwerty123orpassword, which are easy to pick up. - 📡 Outdated standards: some networks still use
WEPorWPA, which can be hacked in minutes.
In 2021, researchers from ESET demonstrated how to use the tool Airgeddon you can hack the network with WPA2 In 10-15 minutes if the password is weak. Users won't even notice the attacker's connection.
| Protocol | Level of protection | Time to crack (with a weak password) | Can vulnerabilities be exploited? |
|---|---|---|---|
WEP |
Very low | < 1 minute | Yes (obsolete, not used in new devices) |
WPA |
Short | 5–30 minutes | Yes (vulnerable to dictionary attacks) |
WPA2 |
Average | From hours to days | Yes (KRACK, Dragonblood) |
WPA3 |
High | Years (with a strong password) | There are no known mass attacks yet. |
Unfortunately, the user cannot influence the settings of someone else's router. But it is possible check the encryption type before connecting:
- On Android: go to
Settings → Wi-Fi, click on the network → look at the "Security" line. - On iOS: A lock symbol next to a network name indicates encryption, but does not indicate the type.
- On Windows: after connecting, run the following in the command line:
netsh wlan show interfacesLook for the line "Security Type".
⚠️ Attention: If the network usesWEPorWPA— connecting to it is strictly not recommended. Even to check email.
4. Man-in-the-Middle (MITM) Attacks: How Attackers Spoof Your Traffic
Attack Man-in-the-Middle (MITM) — one of the most dangerous on public networks. An attacker intercepts traffic between your device and the router, and then:
- 🔄 Replaces data: for example, changes the payment details on the website.
- 📤 Injects malicious code in downloaded files (for example, in a program update).
- 🕵️ Collects cookies to access your accounts without a password.
A classic example: you visit a bank's website, enter your username and password, but instead of the real portal, you're redirected to a copy. All your data ends up in the hands of the scammers, and you're unaware. Such attacks are often carried out in hotels, where guests connect to Wi-Fi without verifying their certificates.
How to protect yourself:
Use a VPN with traffic encryption|Check HTTPS and website certificates|Don't ignore browser security warnings|Disable automatic connections to known networks-->
One of the most reliable ways is using a VPNIt encrypts all traffic, making it impossible to intercept. However, it is important to choose a trusted service (for example, ProtonVPN, NordVPN), as some "free" VPNs themselves collect user data.
5. Malware via Wi-Fi: How Viruses Get onto Your Device
Public networks are a breeding ground not only for data interception but also for the spread of viruses. Attackers can:
- 🦠 Exploit vulnerabilities in the operating system (for example, through a protocol
SMBin Windows). - 📎 Replace legitimate updates for infected (for example, for Adobe Flash Player).
- 📂 Spread viruses through shared folders (if local network access is enabled).
A vulnerability was discovered in 2020 BlueBorne, which allows devices to be infected via Bluetooth and Wi-Fi without user interaction. The virus NotPetya, which attacked companies around the world, also spread through local networks.
To minimize risks:
- Turn it off
File and Printer Sharingin the network settings (Control Panel → Network and Internet → Network and Sharing Center). - Update your operating system and antivirus to the latest versions.
- Do not connect to networks named
Free Public WiFi- This is a common bait for the spread of viruses.
⚠️ Attention: If your device starts to slow down, display strange ads, or open websites on its own after connecting to public Wi-Fi, this is a sign of infection. Disconnect from the network immediately and run an antivirus scan.
6. Location tracking and metadata collection
Even if you haven't been hacked, public networks can collect data about youMany access points record:
- 📍 MAC address your device (unique identifier).
- ⏱️ Connection time and the duration of the session.
- 🌐 List of visited sites (even if they don't intercept the contents).
This data is used to:
- Targeted advertising (for example, if you often visit a shopping center, you will be shown promotions from stores).
- Tracking movements (based on the history of connections to different points).
- Sales to third parties (some public Wi-Fi providers monetize such data).
IN Europe it is regulated GDPR, but in Russia and many other countries, the collection of metadata on public networks is practically unregulated. For example, in 2023, it was revealed that the network MTS Wi-Fi In the Moscow metro, she collected passengers' MAC addresses and transmitted them to advertising partners.
How to protect yourself:
- 🔄 Disable automatic connection to known networks in the device settings.
- 📱 Use random MAC addresses (on iOS And Android 10+ This can be enabled in the Wi-Fi settings).
- 🛡️ Set up your firewallto block unauthorized requests.
7. Social engineering: how scammers manipulate users
Not all attacks require technical skills. Often, attackers use social engineering — manipulation to force you to disclose information yourself. Examples:
- 📢 "Technical support": In chat or by phone you are asked to "confirm your password" to restore access.
- 🎁 Gifts and Promotions: an offer to enter card details to receive a bonus.
- 🚨 Urgent Warning: a message about "your account being hacked" asking you to follow a link.
In 2023 in Kazan Scammers sent messages to public Wi-Fi users, purportedly from the network administration: "Your session has expired. To continue, enter your social network login and password." Those who entered the information lost access to their accounts.
The rule is simple: Never enter personal information when asked to do so on a public network.Legitimate services (banks, social networks) do not request passwords over Wi-Fi.
FAQ: Frequently Asked Questions about Public Wi-Fi Security
Can I use banking apps over public Wi-Fi?
Technically it is possible, but highly not recommendedEven if the app uses encryption, there is a risk of MITM attacks or certificate substitution. It is better to use mobile internet (3G/4G/5G) or a VPN with verified encryption (OpenVPN or WireGuard).
How can I check if a VPN is really securing my connection?
Go to the website ipleak.net or dnsleaktest.com to And after VPN connection. If your real IP address and location aren't displayed, the VPN is working. Also, check for DNS leaks (this should be indicated in the test results).
What should I do if I have already connected to dangerous networks?
Don't panic, but take action:
- Change passwords for important accounts (email, bank, social networks).
- Check your device with an antivirus (Kaspersky Internet Security, Dr.Web CureIt!).
- Revoke sessions in your account settings (for example, in VKontakte:
Settings → Security → Active Sessions). - Set up two-factor authentication (2FA) wherever possible.
Which networks are the most dangerous?
The risk depends not on the type of establishment, but on the network settings. However, statistically, attacks most often occur in:
- ✈️ Airports (scammers prey on tourists with money).
- ☕ Cafes and restaurants (many users, low vigilance).
- 🏨 Hotels (guests often enter card details to pay for services).
- 🚇 Public transport (networks are often not encrypted).
Is there any way to completely protect yourself on public Wi-Fi?
100% certainty, no. But you can minimize the risks:
- 🔒 Use a VPN before connection to the network.
- 📵 Turn off
Wi-Fiwhen you're not using it. - 🛡️ Install a firewall (e.g. GlassWire for Windows).
- 🔄 Update your devices' software and firmware regularly.
- 🚫 Do not log into accounts if you are unsure about the security of the network.