Networking & Wireless forum

General discussion

Security concerns on public Wi-Fi access

by Lee Koo (ADMIN) CNET staff/forum admin / July 23, 2010 6:57 AM PDT

Security concerns on public Wi-Fi access

I have heard much about how Wi-Fi is not secure. Yet last
week a news report lead me to believe that the problem is
when people log into Wi-Fi networks where the
administrator/company is unknown and unscrupulous as they can
see what you are doing and then steal passwords, credit card
numbers, and so on. The report inferred that a Wi-Fi network
is OK if it is from a trusted source like your known hotel
chain, Borders, or Starbucks where the network manager
wouldn't do that--we assume anyway. Is this true that the
problem comes from is who is running the network or are all
Wi-Fi open networks easily open to hackers and theft? A
follow up question, would a Wi-Fi network from a trusted
source with a simple access password for all (even if given
to a hacker) stop all the problems? And are there actual ways
that one can securely use public Wi-Fi networks without
worries of hackers and possible theft of personal
information? Thank you.

--Submitted by Jon M.

Here are some featured member answers to get you started, but
please read all the advice and suggestions that our
members have contributed to this question.

Public access points are risky. Period.--Submitted by Hyort

Public Wi-Fi and security --Submitted by richj120952

Wi-Fi Hotspots aren't secure, you just have to surf smart. --Submitted by spdickey1

It all depends --Submitted by Alain Martel1

Thank you to all who contributed!

If you have any additional advice or suggestions for Jon, please click the reply link and submit away. If you are providing an answer please be as detailed as possible. Thanks!
Post a reply
Discussion is locked
You are posting a reply to: Security concerns on public Wi-Fi access
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Security concerns on public Wi-Fi access
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Keeping it private in public
by ElVolto / July 23, 2010 12:39 PM PDT

An easy fix for me has been a VPN. It's just one more connection you have to make using your "connect to."

By providing an extra secure tunnel through the web, I feel confident anything I send is secure from prying eyes or worse.

Collapse -
WiFi Hotspots aren't secure, you just have to surf smart.
by spdickey1 / July 23, 2010 12:40 PM PDT

To answer your questions one by one...

1) Non-secure open WiFi networks are vulnerable not only from an unscrupulous owner, but from anyone else who may be logged on to the network sitting next to you.

2) The access password just lets you use their public open network, either for a fee or for free. It doesn't protect what you are sending after you get past their log-in.

3) Browse encrypted sites, those with https:// in their URL. Look for the key or lock on your browser. For example, go to secure Gmail at Or use your companies VPN. Or a private VPN solution like

More by an expert at security, Steve Gibson, at GRC

Collapse -
Encrypted Doesn't Mean Secure
by cnetuser1997 / July 30, 2010 8:38 PM PDT

While many people might think that if the see "https://" in the url you are safe. This is not always true; another user can be logged on to the hotspot and act as dhcp, so you'd connect to them, then he'd fire up a password sniffer (such as ettercap)and then see all the password that are transimted to them, even the ones encrypted with SSL, along with other data such as what pages you have opened.

Collapse -
No such thing as safe and public
by Acaykath / July 23, 2010 12:50 PM PDT

Simply put, anything you send and receive can be seen by anyone else who has access to the network. The only way to put any level of safety on this is to make it so that what those people see is not anything they can use. In other words, if you are doing anything more secure than watching YouTube videos (anonymously) then you want your entire connection to be encrypted so that nothing they can take from the data you send is useful. In order to do this, you will need to use a VPN that will encrypt all your traffic - and even then it is better to just wait until you can get a trusted land line.

Collapse -
no such thing as safe and public/ i have a side question
by sunshinedeb24 / July 30, 2010 3:38 PM PDT

when you say "trusted land line", do you mean a wired connection?
I have a wired cable connection and then i also have a wired router so i can use it with multiple computers in my house. is that the most secure way to go? thanks!

Collapse -
Wired Connections are not safer
by tcruse / August 1, 2010 12:09 AM PDT

For example, if you have a cable internet connection and your neighbor has a cable internet connection, any unencryped informaiton that is sent on your subnet is visible to every one else on that subnet. So, it is safer only in the idea that the number of people that can view information is a more static group and other people can only view information via a physical connection of some type. The firewall and NAT operation of most routers will prevent direct access to resources on your local network, but it will not protect information sent without encryption (e.g. email). Internet email is should never be considered secure. If you need to share information put it in a document and encrypt (WinZip w/ AES256 ). The give the end user the password necessary to decrypt via a phone call or in person. Change passwords often.

Collapse -
Public WiFi and security
by richj120952 / July 23, 2010 1:58 PM PDT

You can do several things to help secure your computer and secure your passwords while on a public network. The first rule is have a good firewall on your computer. A free one is ZoneAlarm, but there are others. Make sure you are on the highest level of security in the settings when on a shared public network.

The next thing you can do is make sure your transactions on the network are encrypted. Using a Virtual Private Network connection to a known secure proxy server is one of the best ways. Nothing you transmit on the public network would be viewable.

Baring that use https sites that encrypt transmissions only. Most of your banking services use that encryption and secure transmission. I don't recommend this as there are ways around this.

The next level of security is for if you want to go to ebay, or other site that does not encrypt your transactions (A transaction is any click, or typed URL) is to not log in. If you want to monitor something, fine. Don't bid until you are on a secure private network. Read the news, get the weather, but don't log in.

Most people can't remember 100 or so passwords and the same amount of usernames. So, if you are one of those that can't and use say, 2 or 3 max. Most likely you will log on to a site that transmits the username and password in the open, that is when the hacker/sniffer/thief can steal your identity. (Not only on that site, but others where you have the same username and password.)

Remember the shared network can have people with sniffers, and if anything is in the open on that network, it can be viewed. Treat it as such.

Collapse -
Free VPN
by rhkern / July 30, 2010 10:16 PM PDT

I agree with you comments on public WiFi access. The only thing I would add is that Hotspot Shield provides a very functional Free VPN. Granted it serves up pop-up ads,which you can block - but - this is not a major inconvenience, given the security it provides. It can be downloaded at

Collapse -
VPN and secure proxy
by bucketonuts / August 2, 2010 1:23 AM PDT

I was reading up on how to secure transmissions at a public WIFI and it was suggested that I use a VPN on a secure proxy server. How is this done when I'm staying at a hotel on a business trip?


Collapse -
- Security concerns on public Wi-Fi access
by phlashadelic / July 23, 2010 2:17 PM PDT

Think of this: Any security system designed by a human being can always be figured out / undone by another sufficiently motivated / funded human being.

While using any public network connection, you should always assume the worst case scenario - even if it's not the reality.

Always have your software firewall shields up on your computer and don't perform any transactions that contain sensitive data (banking, purchases, etc.) when using a public network connection. Save the sensitive stuff for when you're connected to a private network that you know is secure. And if you don't know if your private network at home is secure, you can tell pretty easily by looking at your network connection's icon.

If you're not using any encryption and you don't have a password / key on your network, sure, it's convenient - but it's also ripe for your neighbor to use and who knows who else to connect.

Then, it's just a matter of a surfer out at your curbside, connecting up to your unsecured network looking for juicy tidbits like usernames and account numbers.

I hope this helps!

Collapse -
Security concerns
by gijs46 / July 23, 2010 4:15 PM PDT

Jon, if you want to know, free Wi-Fi networks can be hacked easily because they have access to it, but if it has a password, you are more secure. Now, unknown networks controlled by unknown people can take, using some special software, everything you input and do on the Web, but in legitimate networks such as Starbucks, or an airport, there should be no hackers around to steal your info! Cheers!

Collapse -
by arwkoppen / July 23, 2010 5:55 PM PDT

1: Regurlaly changing a good netwerk-key the same for both computer and router is normally enough log in to something like to be able to change those.
2: Having only your own mac-addresses of the wifi-card as accepted in the router allowed, is the latter action.
3. Logging in in a public network should not do without the two rules above.

Collapse -
Mac Address filtering is USELESS
by cnetuser1997 / July 30, 2010 8:44 PM PDT
In reply to: wpa-key

While mac address filtering can deter an occasional hacker from logging into your network, it can be very easily bypassed. The hacker would scan for nearby computers that are connected to the protected network, then he would record the mac address of your authorized PC, and change his own mac address to be the same as your PC. He could then connect to your network normally.

Collapse -
by tubturner / July 31, 2010 12:28 AM PDT

I'd sure like to know how a 'hacker' could get the MAC addresses of computers that are connected to a network when the 'hacker' doesn't have access to that network at all.

Collapse -
hacking of passwords from wi-fi
by ZeroyBB / July 23, 2010 7:47 PM PDT

On a parallel note, an employee at Starbucks in Bandung has just been arrested for stealing customers' credit card info and using it to buy stuff - so even at a 'name brand' place you are still theoretically at risk.

Maybe the secret is to avoid carrying sensitive info on the netbook you pony around with you. Or be like me and destroy your credit cards, ha.

Collapse -
wifi security not the problem.
by pja4 / July 31, 2010 10:36 PM PDT

This probably has nothing to do with wifi security. Employees can easily steal credit card info when someone makes a purchase at the counter, way easier than trying to hack into the wifi.

Collapse -
Yep, you sure can
by Rathion / July 23, 2010 9:22 PM PDT

First, put a password on every user's log in. Second, make sure you have a personal firewall on and updated. Third, a good, comprehensive Internet Security software is also important to ensure no malware is running to expose the system. Fourth, if you have any shared files, check the permissions to ensure that only authorized users can access it (in particular, do not have it set to "Everyone").

There are even more extreme steps to takes, but that should be all you need.

Collapse -
security in wireless networks in public places
by wdemedio / July 23, 2010 10:16 PM PDT

Unless there is evidence that the sites you are visiting are valid e.g. your personally created sign in seal shows up, you are at risk. There are also other ways to get security verification e.g. call the site up and ask on your phone and verify they can send you hidden verification information. 128 bit security is very secure, it is so secure that many valid sites themselves have no way to access your pin or account number when you type it in. Keyloggers only work on the computer you are using so make sure it is yours and make sure it has the latest spyware up to date. Do not type your pin or account number on any one elses' computer unless it belongs to the business you are dealing with (e.g internet bank cafe computers-they are guaranteed to be secure). Always check up on peripheral transactions the next day and read your statements (you should do this anyway). Although nothing is 100% foolproof you can minimize your risk. There is even risk in internet home wireless but it is low. There is also always the risk of physical robbery. We usually don't worry about this unless it happens. Just don't walk down any dark alley's in dangerous places. By the same token treat cybercrime in a similar sense, that is use common sense- if it does not look of feel right don't do it.

Collapse -
Wifi Security - Is there any way to be COMPLETELY secure?
by livesvdoog / July 31, 2010 4:02 AM PDT

Is there any way to have COMPLETE security when using a WiFi hotspot? I have an internet business and want to find a 100% secure way of using WiFi. I came across WiFi Security Guy ( and it appears to be a completely secure way of accessing wireless networks. I used the product for a while and it seems as if the program completely encrypts all data before it is sent out. The website shares the credentials of the person who designed the program and shows that he has years of IT security experience working with banks and classified military data so it seems to be a good solution. Does anybody know of a better COMPLETELY safe way for using wireless networks?

Collapse -
Public Wi-Fi Security
by Mr_Fixit89 / July 23, 2010 10:55 PM PDT

If you know how to workout and install a WEP Key in your modem, then there is no reason to worry about anyone getting access to any personal information. I may be wrong, so if anyone could correct me, I would be thankful


Collapse -
WEP is insecure
by Ronny MF Ho / July 30, 2010 2:50 PM PDT
In reply to: Public Wi-Fi Security

We are discussing public WiFi here, not your home WiFi. In addition, WEP is already considered insecure nowadays. It can be cracked by people with moderate computer knowledge. A Japanese even demonstrated cracking a WPA encryption. So use WPA2 whenever possible.

Collapse -
WiFi not secure
by LloydSchulz / July 24, 2010 12:32 AM PDT

While on a cruise, I paid extortion prices for internet in 30 min blocks. On arriving in the Bahamas, I looked for Wi-Fi and connected to a strong signal that was free and not password protected. Moments after I connected to my business computer, another user also connected to my office computer. I quickly called the office and had my password changed. I'm just glad it was my office network (where I could tell when someone else logged in with my ID) and not internet banking that I logged into from this rogue Wi-Fi. I then subscribed to one for 9.95 for unlimited use for 24 hours and had no problem. There is no doubt that unscrupulous persons can offer free Wi-Fi and harvest connection info from users, but as you note, it would not be in the best interest of a business like a hotel or restaurant to do so.

Collapse -
Security concerns on public Wi-Fi access
by techtype / July 24, 2010 2:17 AM PDT

WEP: Wire Equivalent Privacy; The earliest form of wireless encryption. I uses the same encryption key over and over again and hence was easier to break.

WAP: Wi-Fi Protected Access; Was brought into being in 2003 when it was realized that WEP was not the way to go. WAP's encryption techniques require an encryption on the order of 4x10-20 (4 decimal point followed by 20 zeroes or 4.00000000000000000000) to break and is 21 characters long for encryption. As can be seen this is a much better encryption method. This is a much better encryption Then WEP. But wait there's more. WAP uses TKIP; Temporal Key Integrity Protocol, it changes the encryption key for every data transmission between the computer and the wireless router. This method was a stop gap for the weaker WEP standard.

WAP2 or it might be seen as WAPII: Wi-Fi Protocol Access 2 or Wi-Fi Protocol Access II; Uses TKIP and AES; Advanced Encryption Standard. This is so that WAP2 is compatible with the old and new encryption standards for older wireless routers. WAP2 uses AES for encryption because it is a stronger encryption method. WAP was a stop gap method while the Wireless Alliance came up with WAP2 standards and was released in 2004. WAP2 uses AES method for encryption, it is a standard that is stronger then then RC4 method used by WEP and WAP.

My advice is; If you are just starting out to go wireless be sure the equipment uses the WAP2 standards. If you are going to use wireless public access, make sure the public access uses WAP2 standards.

The problem is people with older equipment (that is older laptops, cards and wireless routers), to take advantage of the WAP2 encryption they would have to update their present wireless equipment. If one has an older laptop (2005 or lower), they would need to get a new USB wireless dongle, on a desktop they would need to get the newer cards and wireless router. A bit of advice if one is going to update their wireless equipment, they should also update their modems. It is indicated that cable and DSL is moving to the DOCSIS 3.0 standard. This is because (especially Cable and DSL) services because for two reasons; upload and download speeds are faster and it is compatible with IPv6 (Internet Protocol version 6). Comcast is one cable internet provider that already uses DOCSIS 3.0 standard.

Collapse -
by grafix715 / July 31, 2010 2:40 AM PDT

Ok so everyone is saying check and make sure the public wi-fi is WAP2.
How do i check for this information?

Collapse -
Public Wi-Fi security
by delovejr / July 24, 2010 2:33 AM PDT

I use public Wi-Fi with appropriate security software on. Still, it is better to assume that everything is being looked at by hackers...

Collapse -
Sounds like panic overkill
by purpledog2000 / July 30, 2010 11:33 AM PDT
In reply to: Public Wi-Fi security

Passwords can't be stolen if they are done as they usually are, over SSL web. No info over an SSL or VPN can be stolen. So anything important should be done with some sort of encryption. The web is designed that way already using SSL for transactions, etc. A firewall is necessary on public nets, besides that relax.

Collapse -
It all depends
by Alain Martel1 / July 24, 2010 7:56 AM PDT

There are things to concider. Some on your part, some on the part of the Wi-Fi you are curently using, some on the part of any other network you may connect to.

On your end:
You positively need an active firewall on your computer. It must be configured to treat any incoming connection as unautorised or untrusted. This will prevent others from looking at/into your computer. A good wirewall will make you browse in stealth mode: All your ports will look as if they don't exist at all axept for expected trafic. You can't hack something that you can't detect nor access.
There are many good to excellent firewalls available, and the best are not always the more expencives: Some free ones are about as good as the most expencive comercial ones. An obscure free firewall can be very secure just because any hacker may not expect encountering it and not have the tools/knowlege needed to circumvent it.
Your browser must be configured to use encryption whenever possible, and the highest protocol available.
Always make sure that your operating system have the latest patches and security updates installed.

On the Wi-Fi administrator part:
Does the wi-fi connection support encryption, if yes, use it, even if it's a weak encryption. This will encrypt the data that you broadcast to the hotspot.

From the sites you use:
If you are entering confidential information on a secure page (https:\\), that information is encrypted/decrypted on your computer and on the remote, secure, server. The transmited data is thus unreadable anywhere in between and safe. The Wi-Fi host, and the Internet, will only see the encrypted data, and so will anybody atempting to intercept it. It can be broken, but, normaly, it would take to much efforts and time to do it compared to the potential benefit. There is a very high probability that any extracted information to have become obsolete before it's been cracked, not to mention that any snooper would have to sort through the mixed up datas from many connections. In that view, the more persons that are using that hotspot, the safer it becomes.

If you access a secure site on a secure hotspot, your data gets encrypted twice using two keys and possibly two algorythms.

Other networks you may use:
Do you ever connect to a network that use beackon suppressing as a "security" measure? That's realy bad!
Why, do you ask?
Simple: It only hides the server's beacon, and that's the less vulnerable part of the network. It forces your computer to broadcast it's information every few seconds. Those informations are NOT encrypted. ANYBODY can record them, and use that information you just given to fake the credentials of that network and pose as it. It can also get used to enter into YOUR network if you use that technique at home by posing as you.
Here, the keyword is to NEVER EVER use beackon suppression, ever.
DISABLE network discovery needed when you access a network that use beackon suppression.

If you do some general browsing that don't involve sending any confidential/sencitive data, you are safe.

The final word is:
For most users, if your computer is reasonably up to date, you are safe.
Don't forget the basic safe browsing precautions.

Collapse -
A little more about suppressing beacons?
by johnprtl / July 31, 2010 2:51 PM PDT
In reply to: It all depends

Alain, thanks for sharing so much information about wireless security. It shows that you know your stuff. My question is mainly about terminology.
When you write about supressing beacons, is that the same as choosing to not broadcast the SSID at home?
I don't broadcast SSID , and only use my own computers on my home net, and now wonder if I'm making my net less secure instead of more.
Thanks again for your sharing,

Collapse -
Hidden SSID's
by Randy Walter / August 12, 2010 9:11 AM PDT

Disabling of SSID broadcasting can help secure your network. Apparently, there are tools that can eventually spot your SSID. Since the SSID is contained in the 802.11 association request at the wireless client bootup time to gain access to the network from the wireless access point it can be seen by hackers at this time. Continue to WPA2 encryption for extra security.

Collapse -
Public Access Points are Risky. Period.
by Hyort / July 24, 2010 8:23 AM PDT

Simply put, the news report was wrong. You really aren't any safer using a "trusted" access point unless you're the only one using it.

Think of it this way. Sending messages over Wi-Fi is kind of like sending messages by smoke signal. If you're connected through an open access point, anybody who can see the smoke can read your message.

Adding encryption to the signal would be like using a special smoke that you can only see if you wear special glasses. The problem with a public access point in a coffee shop is that they hand the glasses out to every customer who asks for it. No matter how honest the manager and employees are, you don't know if somebody took the glasses out in the parking lot so they can read everybody's signal.

In other words, a public Wi-Fi access point might as well be an open access point since you have no idea who has the key. You should assume that somebody in or near the shop is reading everything you send out.

You can protect yourself by using encrypted sites, such as VPN or HTTPS, as has been suggested. Even then, it's not entirely foolproof, since there are ways to get around even that. It does take a lot of work, but it's possible.

If you use a public access point, encrypted or open, at a major chain or from an unknown source, assume that everything you send can be seen by somebody. Don't do something like banking from a hot spot. Just stick to checking the news and watching videos. It's just not worth the risk.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

Smart Home Help

Light bulbs you shouldn't buy

There are plenty of dimmable LED light bulbs, but make sure you don't buy the ones that flicker when you dial them down.