Most people who rely on public Wi-Fi to get online are willing to sacrifice security for access — ignoring or unaware of the risk from hackers, according to a new survey by the digital security company Norton by Symantec.
The 2017 Norton Wi-Fi Risk Report released this week found that 92 percent of Americans have potentially put their personal information at risk while using public Wi-Fi. They’ve logged in to:
- A personal email account: 62 percent
- Social media account: 56 percent
- Their bank account or accessed other financial information: 32 percent
- Work email: 29 percent
Nineteen percent said they had entered personally identifiable information, such as their Social Security number or birthday, while logged in at a public hotspot.
Why take the chance of being hacked? It could be that people who do this don’t realize the risk. Nearly 70 percent feel their personal information is safe when using a Wi-Fi hotspot, yet 41 percent can’t tell the difference between a secure or unsecure public Wi-Fi network.
“There is a deep divide between what people think is safe when it comes to using public Wi-Fi versus the reality,” Fran Rosch, an executive vice president at Symantec, said in a statement. “What someone thinks is private on their personal device can easily be accessed by cybercriminals through unsecure Wi-Fi networks or even apps with privacy vulnerabilities.”
Related: Just How Hackable Is In-Flight Wi-Fi?
Americans are obsessed with staying connected and we depend on public Wi-Fi to make that possible. The Norton survey found that:
- More than half (57 percent) of the respondents said they can’t wait more than a few minutes before logging on to a Wi-Fi network or asking for the password after arriving at a café, hotel, or friend’s place
- Seventy-five percent said access to a strong free Wi-Fi network is a deciding factor when choosing a hotel. Forty-nine percent said that’s how they decide which restaurant, bar or café to go to.
- Thirty-five percent have accessed a Wi-Fi network with the owner’s permission. Twelve percent actually guessed or hacked the password to get in.
- Ten percent would be willing to share personal details or allow access to their contact list to get a strong, free Wi-Fi signal when they’re away from home.
Free Doesn't Mean Safe
Byers Market Newsletter
Get breaking news and insider analysis on the rapidly changing world of media and technology right to your inbox.
Kevin Haley, director of Norton Security Response, told NBC News their research shows that many people believe companies wouldn’t offer free Wi-Fi if it weren’t safe. Unfortunately, that’s not the case. And it doesn’t take a sophisticated criminal to hack in to these public systems.
Keep in mind that requiring you to use a password to access that hotspot doesn’t mean the connection is secure. The purpose of a password is to limit who can use the network.
“It’s fairly easy for someone to listen in and capture your data when you’re on public Wi-Fi,” Haley said. “They can discover your log-in and password and also the data you’re sending and receiving."
Even worse, they could be stealing this information and you’d never know it until something bad happens, such as unauthorized charges on your credit card or money withdrawn from your bank account.
Because it’s available to anyone, free public Wi-Fi, is inherently less secure than the wireless connection at your home or office. Cyber security expert Adam Levin, author of the book “Swiped,” said people need to understand this difference and act accordingly.
“Why would you want to go into a murky swimming hole where you don’t know if there’s an alligator there, if you can go into a pool where you can see the bottom and know there’s nothing dangerous waiting there for you?” Levin said.
Security Is Getting Better...Right?
It’s hard to change people’s behavior. The idea that they’re not going to walk into a coffee shop or airport and access a Wi-Fi hotspot is ludicrous. That’s why many popular websites, especially financial institutions, have taken steps to protect people from themselves, by using secure (HTTPS) connections that encrypt the data going back and forth.
“They’ve done this so that even when people access them in hostile environments, they’re protected from some of the lowest common denominator attackers sitting on an open-end Wi-Fi network and looking for victims, said Chad Thunberg, COO of Leviathan Security Group in Seattle. “So year-over-year, we are safer today when using public Wi-Fi than we were previously.”
Even so, Thunberg told NBC News, free hotspots are always “going to be dirtier” than a corporate or home Wi-Fi network. And there’s a new security problem most people aren’t aware of — apps.
When you access the web using a browser, you can check to see that it’s a secure connection by looking for https in the URL with a small green lock next to it. Apps, whether on a phone, laptop or other mobile device, don’t provide this level of transparency — no green lock, no URL to check.
Research done by Norton found that 38 percent of all apps don’t do anything to protect your data when they connect to a network.
“That means your passwords and all the data you’re sending via the app are being sent in the clear,” Haley said. “Anybody intercepting it can see it; it’s not encrypted. So there’s certainly a risk there.”
Are Virtual Private Networks the Solution?
One of the best ways to protect your information when you use public Wi-Fi to go online is to use a Virtual Private Network (VPN) from a trusted provider. A VPN creates a “secure tunnel” that encrypts everything that’s sent and received between your device and the Internet, including log-in information.
Most of the people (76 percent) surveyed by Norton know about VPN technology, but only 27 percent of them use a VPN to protect their personal information.
Chester Wisniewski, principal research scientist for the cybersecurity firm Sophos, wouldn’t think of logging on to the internet when he’s away from home without using a VPN. He says a VPN may slow things down by a few seconds, but the advantages greatly outweigh the downsides.
"VPN services provide a protection both from criminals capturing your Wi-Fi signal and malicious network operators. Remember, anyone can name their Wi-Fi "Starbucks" or “Marriott” and you might feel safe,” Wisniewski told NBC News. “While VPNs aren't a silver bullet to all security and privacy concerns, they go a long way toward ensuring the integrity of your internet access while taking advantage of ever more ubiquitous free public Wi-Fi."
Herb Weisbaum is The ConsumerMan. Follow him on Facebook and Twitter or visit The ConsumerMan website.