Wi-Fi Security: Tips to secure data across public Wi-Fi networks

Eric Turner

Sep 18, 2019

6 min read

Most of you folks might be reading this blog while connected to a public Wi-Fi. Well, I don’t blame you, with your local café, bookstore, restaurant, all offering it for free, it’s hard not to take advantage of this service. But, is public Wi-Fi safe?

Wi-Fi in itself has a number of security protocols to prevent hackers from snooping on your data. Wi-Fi security protocols are established by a non-profit organization called Wi-Fi Alliance. But, is this security capable enough to protect you from an attack.

Wi-Fi Security Protocols throughout the ages

WEP (Wired Equivalent Privacy) was the first security encryption protocol introduced in Wi-Fi by the Wi-Fi Alliance. Any hacker worth half his name could break into WEP, which led to the introduction of WPA (Wi-Fi Protected Access), which offered better encryption and better user authentication. WPA gave way to WPA2, with stronger encryption and authentication by virtue of AES (Advanced Encryption Standard) integration and a 4-Way Handshake. WPA2 was made available for both personal and enterprise use with a PSK (Pre-Shared Key) authentication for the personal version and an enterprise-grade authentication for the enterprise version. However, WPA2 did not provide individualized encryption in open networks. This leaves your traffic in a password-less WPA2 Wi-Fi network open to snooping. WPA3 is the latest in the line of Wi-Fi security protocols with Dragonfly Handshake (SAE) authentication protocol,192-bit AES encryption for enterprise version and an individualized data protection in open networks

These security protocols do make it hard for someone to hack into your network or traffic, but it doesn’t make it impossible.

Dangers of Public Wi-Fi

Well, it’s high time you learn about the various ways a hacker can access your data while connected to a public Wi-Fi.

  • KRACK (Key Reinstallation Attack) – WPA2 was thought to be a foolproof security protocol until Key Reinstallation Attack was found to break into its encryption. KRACK attacks the 4-way handshake to retrieve sensitive information such as passwords and cookies.
  • MitM (Man in the Middle Attack) – Here an attacker intercepts the messages between two communicating parties with both parties having no knowledge about it. The attacker plants himself between the victim and the server and manipulates or intercepts the data transferred between them.
  • Evil Twin – You could be sipping coffee and attempting to connect to your local coffee house Wi-Fi while oblivious to you a hacker could have set up a Wi-Fi with a similar SSID attempting to eavesdrop on your wireless communication.
  • Dragonblood – These techniques, just like their names are getting out of hand. WPA3, the latest Wi-Fi security protocol was found vulnerable to attacks. The vulnerabilities were found in the dragonfly handshake that is unique to WPA3. The attacker can use these vulnerabilities to retrieve credit card info, chat messages and emails.

Even the most secure Wi-Fi security protocols were found vulnerable to attacks.

Tips to stay safe while using a public Wi-Fi

Is public Wi-Fi security so bad that it is better to abstain from ever using it. Well, there are steps that you can take to prevent attacks or data breaches while being connected to a public Wi-Fi.

Use a VPN

A Virtual Private Network (VPN) provides you with ultimate protection in a public Wi-Fi. VPN creates a secure tunnel for your data, with your device at one end and the VPN server on the other. The tunnel on its own encapsulate the data packages. VPN adds a second layer of protection on the data with encryption. The degree of encapsulation and encryption depends upon the tunneling protocol used such as PPTP, L2TP/IPSec, SSTP, F5 SSL, OpenVPN, etc. OpenVPN is the most secure with an AES 256-bit encryption.VPNs also have geo-spoofing and IP-masking capabilities, thus also protecting your identity and location information. Using a VPN can surely keep hackers at bay while using public Wi-Fi.

Browse HTTPS Sites only

You might have noticed the padlock icon in your browser toolbar. This shows that the website you are browsing is using a secure HTTPS protocol instead of HTTP. While connected to a public Wi-Fi, it is always better to go with an HTTPS website. In an HTTP website, the browser communicates with the server in a plain hypertext format which can be easily read by an attacker. HTTP pages can also be used to inject malware to steal private information.

Websites with HTTPS extension have an extra layer of SLA (Secure Socket Layer) or TLS (Transport Layer Security) protection. The SLA/TLS encrypts the browser communications with the server which makes the information unreadable. This protects the clients from hackers snooping on their data. However, an HTTPS website can be downgraded to HTTP by an attacker as a part of man in the middle attack to steal private information.

Use an Antivirus

Antivirus can detect malware that enters through the shared network. Malware can gather personal information or corrupt crucial data. An antivirus takes the necessary steps to remove them. Make sure that the antivirus is up to date.

Enabling Firewall

A firewall is a barrier between the internet and your device which is exactly what you need when connected to a public Wi-Fi. It can block another computer in your network from controlling your device. Make sure your firewall is enabled as it can protect your device from incoming connections.

Updated OS

Updating your OS is an annoying affair, and an update always manages to sneak up on you when you’re just too busy. An OS update almost always include security patches and bug fixes for vulnerabilities that could be exploited. Dragonblood and KRACK are just a few in a long list of attacks and vulnerabilities that have been fixed with timely updates, making sure attackers don’t take advantage of them. Always make sure your device is up to date before connecting to a public Wi-Fi.

Wi-Fi Security in Android 10 and iOS 13

Along with a plethora of features, Android 10 has brought in a new disk and web encryption. The disk encryption, affectionately called Adiantum can encrypt any or all android devices. This can protect your data from a possible breach or attack. Android 10 supports the all-new TLS 1.3 web encryption that is faster and more secure. TLS 1.3 boasts a newly designed handshake that is cleaner, less prone to error and 40% faster. Apple’s latest iOS 13 and iPadOS 13 now support the more secure WPA3 Wi-Fi security protocol. Apple has also introduced an intelligent Wi-Fi monitor that notifies you when a Wi-Fi is available.

Hexnode’s Protection

For a device deployed in an organization, connecting to a public network could leave both personal and corporate data open to attacks. This is where Hexnode comes in for the rescue. With features such as:

  • Hexnode VPN for Android and iOS devices
  • VPN configuration for macOS, Android and iOS devices
  • firewall configuration in macOS
  • scheduled OS updates in macOS, supervised iOS devices and devices enrolled in the Android Enterprise program

Hexnode extends its top-notch security, protecting devices from the dangers of public Wi-Fi.


Eric Turner

Product Evangelist @ Hexnode. I have a life outside of the tech world. So you won't see a lot of me in here.

Share your thoughts