How Safe is Free WiFi at Starbucks and Buffalo Wild Wings?

[kyphysics]

Would you ever use their free WiFi on your cell phone? Wondering how safe it is and whether any precautions should be taken if I were to use it.

Anyone ever been hacked/compromised in some way using free WiFi at a place like that?

 

[phinds]

Technically, it's not safe at all. It's totally open and can be readily intercepted. How likely that is to happen is a whole 'nother question and I have no idea but anecdotally, I've not heard of anyone having a problem. If you interpret my second sentence as meaning you would likely be safe and then you get hacked, then you have it coming

 

[rootone]

While a free wi fi is open, I think it pretty much always requires at it's core, a server/router with a high bandwidth internet connection, usually a physical connection
Somebody intending to hack the system would need a similar router, you can't just use you own phone to hack other people's phones.

 

[Borg]

There are many tools out there being used by unscrupulous people to catch anything in the open. I might use it sparingly to surf the internet. I absolutely would not go to a site where I had to log in. And I wouldn't dream of logging into my bank account.

If you want to see what others can see, download a program like Wireshark and you'll be able to see the network traffic. With a little digging around, you can usually find some passwords that aren't encrypted. Since many people reuse passwords, they just have to see a password for the one site that wasn't built well. And, since the usernames aren't encrypted, they just have to apply that password to all of the sites that you visited using the usernames for those sites. Next thing you know, your bank account is being charged for iTunes gift cards in Russia.

 

[rkolter]

I can confirm first-hand that it is not particularly difficult to snoop on unsecured wireless traffic. The chances someone will snoop on you are probably close to zero, but if there IS someone snooping, the chance your data will be in an immediately usable format is extremely high.

You can avoid this issue by not connecting to unsecured wireless networks. Unsecured means unsecured. While it's true that any network could be compromised, that is not the same as saying encryption doesn't matter. With an unsecured network there's nothing to compromise - it's the equivalent of standing on a chair and shouting whatever you are doing at the wireless access point you're connecting to.

If you must use an unsecured wireless network, then only use it to do things that you would feel comfortable doing in direct view of strangers who are actively recording you while you do whatever you are doing. If that makes you feel uncomfortable, it should. Also take note that many devices will helpfully remember any network you've connected to so they can immediately identify the network and connect again without asking you later. If you do have to connect to an unsecured network, remove the settings afterwards.

Finally - an unsecured network is generally a network that not only uses unencrypted traffic, but also tends to use the default router admin password, the default SSID, default security (or lack thereof), old and outdated or buggy firmware, etcetera. This can make it easy for devices that should not be able to communicate across the network to talk. And while I am sure your device is secured, a maintained, secure network is another layer between your data and someone who may not have your best interests in mind.

 

[StevieTNZ]

Great time for the use of a VPN. Even when you check in at some hotels, although you are given a code to use when you connect to their wi-fi (if this is their set-up) - i.e. connect to the open wi-fi, get presented with a log-in web page and insert your code. People can still snoop on the data.

 

[rbelli1]

you can usually find some passwords that aren't encrypted.

If your bank does not use encryption get another bank.

BoB

 

[Borg]

If your bank does not use encryption get another bank.

BoB

Agreed. However, that is out of context with what I stated.

 

[peevemagpie]

i only use it to surf, but would never use it to access important files and such

 

[FactChecker]

Anyone who works with networks probably has the Wireshark program that @Borg mentioned. So assume that some stranger there can see everything you do.

I'm no expert, but they might even be able to imitate a website that you connect to and send a dangerous HTML your computer. (Maybe that's just paranoia on my part.)

 

[rbelli1]

I'm no expert, but they might even be able to imitate a website that you connect to and send a dangerous HTML your computer. (Maybe that's just paranoia on my part.)

It take a bit more than Wireshark for that but it certainly is possible to do that with a regular laptop and some software.

http://cecs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm

Add to this DNS spoofing and various MITM attacks and you can fake the internet for anyone connected to a wireless network. The trusted site information is much more complicated to spoof so if you are vigilant you may still be safe. It's probably best to just live in a cave in the woods.

BoB

 

[Jamison Lahman]

Would you ever use their free WiFi on your cell phone? Wondering how safe it is and whether any precautions should be taken if I were to use it.

Anyone ever been hacked/compromised in some way using free WiFi at a place like that?

My thoughts:
- I would use phone/laptop but not do much in terms of personal information. Social engineering is probably the best they can do from public wifi (Someone more informed may contest this)
- Don't click on anything suspicious while on the public access point.
- I personally don't do any banking on my phone. I generally do not trust any current type of phone security.
- Use a password manager and make-hard-to-crack passwords (I personally use KeePass but I think there are better out there)
- Use a VPN. I previously used PrivateInternetAccess (PIA) and it was very fast, cheap, secure. Good, free VPNs exist too.