Download Free
Learn MoreMaking a Connection: Using Public WiFi
As part of National Cyber Security Awareness Month, we have been reminding our users to treat their smartphones and tablets as mini-computers. Just like your computer, your smartphone has access to WiFi networks. A quick Google search for “public WiFi” will give you plenty of articles with tips on how to stay safe while on public WiFi on your PC, like this slideshow from PC Mag. But how do you make sure the data on your phone is protected as well?
Public WiFi networks, the kind you find for free in coffee shops and airports, are usually unsecured; this means that all of the data sent over the network is unencrypted. Sending data unencrypted (e.g. via HTTP rather than HTTPS) is like sending your sensitive data in clear envelope so that everyone can see its contents rather than in an opaque envelope. So while the free Internet connection may seem convenient, if you are connected to an unencrypted network, anyone with the right tools would be able to see where you are surfing, the emails you are sending, and potentially even the passwords that you enter.
The key to securing the activity on your phone from prying eyes is pretty simple: you need to encrypt it. Here are 7 actions you can take to ensure you are surfing the web in the safest way possible:
If possible, connect to an encrypted WiFi network. In general, a network that requires a password is safer than a network without a password because of the encryption. Just because you are paying for Wi-Fi, that doesn’t mean it is secure, anyone with the same password could potentially access your data. Tip: Many people think that paid WiFi hotspots are more secure than free hotspots. While this may be somewhat true, just because you are paying for WiFi doesn’t mean it is secure – paid hotspots are almost always unencrypted and just use a captive Web portal to prevent access if you haven’t paid yet.
Let your device forget any public networks to which you have previously connected. To prevent reconnection:
- On Android: Go to Settings > Wireless & networks > WiFi settings > Click on the open network name and hold down until you see a menu, then click “Forget Network”
- On iPhone: Go to Settings > WiFi > Click on the blue arrow next to the network name and then select “Forget this Network” at the top of the page
Use encrypted websites
Even if you aren’t able to connect to a secure WiFi network, you can still protect your data by using websites with SSL encryption (note: the URL will start with HTTPS instead of HTTP are encrypted). You will also see a lock next to the URL that lets you know your data is protected. Check out this video of Lookout’s CTO, Kevin Mahaffey, giving a demonstration on how to ensure you are using SSL encryption whenever possible.
Use your data connection
When you are away from your home or work network, you can’t go wrong with using your 3G or 4G cell data connection instead. Even though it is a little slower and it uses your battery more than sending data over WiFi, it is a secure connection. Most cell service providers encrypt the traffic between cell towers and your device, so you can send emails and check your bank account balance with the peace of mind that your data is secure.
Download a security app that notifies you as soon as you connect to an unsecured WiFi hotspot. iPhone users can download Lookout to alert them if they connect to an unsecured WiFi hotspot that could expose their personal data and passwords.
Only window shop
If you can’t take any of the actions above to protect your data, you can still surf the web, but we recommend that you wait until you are on a secure connection to transmit sensitive data. Just imagine that a stranger is looking over your shoulder the whole time and can see everything that you do on your phone – and don’t do anything that you wouldn’t want them to see!
Consider using VPN if your device supports it
For those of you that may be a bit more tech-savvy, the most secure way you can connect to WiFi on your phone is through a VPN, because all of your data is sent through an encrypted tunnel. Both Android and iOS include VPN support, and this article from eSecurityPlanet gives you some quick options for how to set it up.
The great thing about the Internet is the ability to be connected and online 24/7. There is an unlimited amount of information at our fingertips and we can easily communicate with anyone at the click of a button. But with this connectivity comes security risk when it comes to your personal information. We just want to make sure that you aware of the security risks so you can keep your data and your phone protected.
© 2012 Lookout, Inc. All rights reserved. Patents pending.
as much as all of this falls under common sense for MOST IT types, it still escapes the masses and the other IT types
learned to download a security app the notifies as soon as you coonect to a unsecured wifi hotspot!! thanks for the lookout!(pun intended)
Public WiFi is not secure so the network users have to be careful… thanks for the heads up, I always trust the networks I am connected in.
Don’t remember unencrypted networks, and always use HTTPS when possible!
I’m using Lookout since the beginning. its the best way to keep your phone save. i recommended to several friends! thanks for thos useful tips!
That is why i never use public wifi unless am downloading huge files that will take forever with my carrier. After download is complete, i disconnect immediately. Good info guys.
Excellent article! In an ever mobile age of information, it’s amazing how many people still don’t get the basics of wireless security.
New lessons I learned is to -> Only window shop & to make sure that the websites are secure. This way, I won’t have to face any security & privacy breaches.
Thanks Lookout
Don’t go to any website unless you know its secure. I got fished
.
I woke up the other day with a DM on Twitter saying that there was a bad blog about me floating around on the internet. I though, WHAT? So I clicked the link and Signed in to what I thought was Twitter. BOOM! HACKED! Won’t do that ever again.
I liked the blog….great concept…looking forward to more posts.
Lookout for Android – I am a fan!
La seguridad móvil es una necesidad continua, más ahora que la red se ha trasladando a nuestras manos, el conocimiento es el mejor firewall contra los ataques, ayudado por aplicaciones como lookout, que proporciona un escudo contra cualquier daño, recomiendo mucho generar procesos de seguridad, no solamente en los dispositivos móviles, sino en cualquier dispositive que tenga contacto con la red.
Dont go to any fishy website and always take care when on unsecured wifi. I always use my 3G Connection unless I’m in my office where i use my secured wifi network. Lookout is the best
this is the best tip i founded about connections. i always connect to unsecure connections and didn’t know the risks. thanks for this!
I learned so much from that blog that i did not know thank you Lookout for the heads up!
Most people are still unaware of the security risks that public wifi connections bring. Some of them doesn’t even know that their smartphones are prone to security and still continue like nothing’s going to happen. Carelessness always leads to something not good. We need to be open-minded that our personal information is always at risk everytime we use the internet.
For me this is common sense, but once again Lookout comes to the help. For me I do not and will not use unsecured WI fi networks. But as always Lookout provides timely help and advice. I found the piece of advice around vpn’s very interesting. Thanks again Lookout and keep up the good work.
Learned it would be better to use my cell to connect my laptop wirelessly to the internet.
I still can’t seem to set up a free VPN on my OG Droid.
I never trust most of the wifi spots, unluess i have used it before. But since i have tried Lookout a premium upgrade would make my day so much better. I use my phone alot since i am in the military.
I never realized that public wifi wasn’t encrypted at all.Thanks Lookout for the eye opener.
Lookout- thanks – Lessons learned this way are much safer than loosing sensitive data via an sniffer program or other. I will be only using a VPN via and Iphone when I am surfing a unprotected hotspot. Using a public access site is very similar to going to a public toilet – try not to touch anything and if you do make sure you are covered. lol
Thanks again
Great tips. I will certainly take consideration these procedures especially the ‘Forget Network’, I had never thought.of my data being at such great risk. Thank you Lookout. Lesson Learnt!
It’s awesome work
I learned just how Very important ro be careful of the sites
I visit. Thx
Using any open wifi source especially a public one, IE. AT&T and wayport and sending out any type of sensitive data is just a bad idea. Even if all you are doing is just checking your email. With the ease of access to all kinds of kiddie scripts. And free WIFI being offered at all kinds of diffrent business to lure potential customers into the business. Or as an added bonus to repeat customers to the business. It is easy for anyone with just a smart phone to intercept this data with one of the various FREE kiddie scripts or someone with a computer can do the same thing. The adverage person does not really understand what happens when you are using your smartphone and decide to use an unsecure wifi source just to read your email. Programs are available to enhance the security of the information that you are sending out into the air for anyone to collect. But no one program is 100% safe. If you are going to be using public wifi to send sensentive info, have your guard about you at all times while you are connected to the source. And be cautious that even if the program does say your information is being encrypted, once again these programs are not 100% bullet proof. So just be mindfull of what info you are sending when you connect to public WIFI. My suggestion is if it is something that is real sensentive IE. Bank information, disconnect from the Free WIFI make sure that you are disconnected and use the phones 3g,4g, CDMA or GSM for this use, that way you know your information is secure and do not have to worry about trolls or kiddie script users.
new lesson learned —->> window shop!! didn’t realize how unsafe using “free WiFi ” really is!!! thank god for Lookout!! <3 <3
Another tip is to never associate to “free public wifi”! Its not a real network, mostly just an ad-hoc that gets remembered on peoples devices when they associate to it. Your device can easily be compromised when connected to it because you’re connected to another persons device.
Its Better to be safe than sorry its better use a network with a password that secured than with out a secured network and people with the right tool can read all your data.
Just another great tips from My Lookout that I have never heard.I learned may important things from this.Genarally I use wi-fi,but I did’nt know that it’s uncecure or crypted my data.Really like a clear envolbe.And I learned how to Protect.I fin.d a new ways likeFforget open network,loolout app. HTTM and the whole 7 way protection.
I’ve accepted that we all live in thousands of
databases. The state of New York knows where
and when I drive, thanks to my E-ZPass
(electronic toll-booth badge). Stop & Shop
knows what I eat, thanks to my grocery discount
card. Blockbuster knows what kinds of movies I
watch. Verizon knows whom I call, MasterCard
knows what I buy–it ’s just hopeless.
Frankly, I consider the details of my life so
boring to other people that I really couldn’t care
less. I’ve got nothing to hide, so why not accept
it?
That attitude spilled over to a “From the Desk of
David Pogue” e-column I wrote in 2004, in which
I attempted to throw water on scare-tactic
computer-magazine articles that said, in effect:
“Ooooh! If you use your Wi-Fi laptop at public
Internet hot spots, the bad guys will see
everything you’re doing and rifle through your
files!”
I’m back again today to throw that water right
back into my own face. On this topic, my eyes
have been opened.
It came about like this: I recently filmed six
episodes of a new TV series (“It’ s All Geek to
Me,” which airs in February on The Science
Channel, Discovery HD and Discovery Europe). In
one of them, I wanted to get to the bottom of this
Wi-Fi snooping business. I wanted to see exactly
what is, and is not, possible for the bad guys to
intercept when you’re sitting there in Starbucks
or the hotel lobby.
I put a note up on my blog, seeking a guest who
could appear on the show and show me the
hacky ropes. I found Jon Baer, a technical
consultant who seemed just right for the part.
We met (Jon, the camera crew and I) in a
Manhattan Wi-Fi coffee shop. Turns out there
was absolutely nothing to it. Jon sat a few feet
away with his PowerBook; I fired up my Fujitsu
laptop and began doing some e-mail and Web
surfing.
That’s all it took. He turned his laptop around to
reveal all of this:
* Every copy of every e- mail message I sent
*and* received.
* A list of the Web sites I visited.
* Even, incredibly, the graphics that had
appeared on the Web sites I had visited.
None of this took any particular effort, hacker
skill or fancy software. Anyone could do it. You
could do it.
All Jon needed was a “packet sniffing” program;
such software is free and widely available. (He
used a Mac program called Eavesdrop.) It sniffs
the airwaves and displays whatever data it finds
being transmitted in the public hot spot.
Now, the fact that it’s so easy to intercept your
Internet signals in a public hot spot doesn’t
mean that somebody is *doing* it. In fact, of
course, most of the time, nobody is.
Nonetheless, Jon’s little demonstration made
clear that somebody *could* intercept your
transmissions extremely easily.
So are you supposed to crawl into a hole, turn off
your Wi-Fi, and go back to dial-up?
Not exactly. You can take steps to protect
yourself:
* If you see the little padlock in the corner of
your Web-browser window (or if the Web
address begins with “https ://” instead of
“http: //”), you’re connected to a secure Web
site. Your transmissions are encrypted in both
directions, so you have little to fear from casual
packet sniffers. Banking and brokerage sites,
for example, are protected in this way.
* You can sign up for encrypted e- mail services
or programs, too, if avoiding e-mail
eavesdropping is that important to you.
* You can connect to your company over a VPN
(virtual private networking) connection, which
encrypts *all * data to and from your laptop. This
is something a network geek would have to set
up for you.
* Otherwise, you can just conduct your online
transactions with the awareness that a stranger
could be “overhearing ” them. Wait to visit Web
sites, or to send e- mail messages, of a delicate
nature until you’re on a wired connection or a
private wireless one.
Truth be known, since my eyes were opened,
my Wi- Fi habits haven’t actually changed much.
I still open the laptop in the hotel lobby,
exchange e-mail with readers, editors and
friends, and check a few news sites or blogs.
None of it would really mean anything to an evil
eavesdropper nearby.
But at least I’m aware that I *could* be
observed. And isn’t it always better to know
Want premier free for anyhow….
be sure to delete public sites after use via do not remember function.
Thank you for the fantastic, interesting and informative tips! I had no idea that WiFi was such a huge security risk. I had never used a WiFi network before but now I know definitely to rather use my network data.
There are enough threats to security out there, and just as much as the criminals and hackers never run out of tricks and gimmicks to rob the consumer, so must we never rest and believe that they are not plotting. Thank you for once again looking out for the consumers.
Great “LookOut” Tip!
I just watched the Android “Ice Cream Sandwich” release video on the new “Nexus Galaxy” phone. And it was a very scary presentation, at least regarding their privacy practices and implementation of security features, which are NONE!
Then they try to promote the “new” facial recognition phone unlock feature! What a joke, it didn’t even work, and if it did work, who would not just try to flash a picture of the owner, in front of the camera, to unlock it. [Epic Fail!]
In fact this is exactly where mobile phone OS developer have failed miserably. All the great tips that are mention in this article should have been implemented long time ago on the basic application level. The user should not have to think about this. Bloody scandal!
PS. Yeah, I’d love to have Lookout Pro!
I consider using OpenVPN as I do on my laptops, but unfortunately you have to root your Android in order to use it…
Using unsecure wireless connection is akin to closing your main door without locking it. This makes it easy for anyone to have access to your house. So don’t just close your door, always remember to lock it.
From where I belong, Public Wi-Fi is not possible, because almost all of the stores, mall, cafe, etc… here are not free.. but its a nice blog, lots of idea..
A big thank you to everyone for sharing your great comments with us! We really enjoyed hearing what each of you learned from Lookout’s Public WiFi safety blog post. Congratulations to the five winners of a one-year complimentary Lookout Premium account: Camilo, Joel, Dustin, Vern, and Roman (the winners will be contacted directly to receive their Premium upgrade). Throughout National Cyber Security Awareness Month Lookout needs your help spreading the word that the phone in your pocket is a computer too! To raise awareness, we’re giving away Lookout Premium accounts…be sure to stay tuned on Lookout’s Facebook, Twitter, and blog sites for another chance to win!
Good info. I needed to reminded to check Facebook’s act