How do I know if a Wi-Fi hotspot is safe? It's a good question - after all, there is free wireless internet almost everywhere these days. How safe are Wi-Fi hotspots? It’s possible for nefarious people to use public Wi-Fi to get information about you, so how safe are you when using a wireless networks? This guide to using Wi-Fi hotspots safely is designed to help you use public Wi-Fi securely. Discover how to find out if a Wi-Fi hotspot is safe with our guide to Mac OS X AirPort settings.
Are public Wi-Fi hotspots safe?
When you are out about with your iPad, iPhone or MacBook you may want to join a public network. These are often found in cafes, shops and public areas (like libraries and airports). How safe are these public Wi-Fi hotspots? How safe a hotspot is depends on the type of network. Here are some types of network:
- Unsecured. You can just connect to this network without entering any type of password.
- Password secured. This network requires a password for you to connect. The password system is commonly either WPA, WPA2 or WPS. It should be using WPA2.
- Web-based secured. This type of network appears to be unsecured, but when you connect you have to log-on to a web page. You usually need to enter either a login ID and password, or sign up with the service. Typically this is the system used by hotels, airports and so on.
- Ad-Hoc network. This type of network is created, usually by another computer or iOS device.
As a general rule you should only connect to a secured hotspot (either password or web-based security). This is one where you have to enter a password to log on to it. If you’re in a cafe or public space, with multiple hotspots then pick the secure system over the insecure system (even if it means signing up, or asking for the password). Even though it’s easier to join an unsecured network, remember that it’s also easier for somebody else to hack into that network and monitor your internet usage.
- Apple Tech Jargon Buster
- Apple AirPort Extreme review - Easy to setup; with extremely good transfer speeds
- iOS vs. Android: Which is more secure?
How do I tell what type of security a Wi-Fi hotspot is using?
When you are looking for a Wi-Fi hotspot then pick the type with the best security. Pick WPA2 over WPA, or WPS or unsecured. Click on the AirPort icon in the Menu bar and look for networks with a small lock icon next to them. These are password secured networks.
It is possible to get additional Wi-Fi hotspot security information in Mac OS X by holding down the Alt key and clicking on the AirPort icon in the menu bar. This gives you detailed information about the hotspot you are connected to (including Security). If you hover the cursor over other networks a small yellow note appears to the left outlining what kind of security that network is using.
There’s no way to tell if a network is using web-based security at the moment, but these are almost always public Wi-Fi networks from well-known services, such as O2 or The Cloud or Wi-Fi in hotels and AirPorts.
What is Free Public Wi-Fi and why can’t I connect to it?
When you’re using AirPort on your Mac to look for Wi-Fi you may see Free Public Wi-Fi but be unable to get a connection from it. These are fake internet connections, so don’t bother trying to connect to them. Free Public Wi-Fi is an ongoing glitch created by Windows computers whereby if a person running Windows tries to connect it sets up an Ad-Hoc network under that name so they are continuously broadcasting and setting up Free Public Wi-Fi without their knowledge. Ignore it.
How safe is public Wi-Fi?
If you connect to an unsecured website in public, then a nefarious computer user can get up to all kinds of trouble. A hacker can also connect to the public Wi-Fi and start to gather information about the other users, including you. Fortunately these sort of people are rare, but they do exists. And it’s possible to them to get all kinds of information about you once they’re connected to the same network.
Even though Mac OS X is itself a secure system, that you need to be careful of when connecting to an unsecured network is a ‘man-in-the-middle’ attack. This is where the nefarious hacker sets up a system where they sit between you and the internet. The information you send over the internet, and the information they send back is intercepted.
Don’t do online banking from a public Wi-Fi hotspot
We’d advise you not to do online banking when you are on a public Wi-Fi. Even if you’re connecting to a secure hotspot, we’d err on the safe side. For a malicious commercial hacker this is what they’re looking for. Do online banking at home.
Look for HTTPS when using a website
When using a website (especially one that requests information from you) then make sure that website’s URL starts with HTTPS and not just HTTP. The S is secure and shows that the website is using a secure communication. Most high profile websites (like Facebook) use HTTPS. If a website isn’t using HTTPS then don’t enter any information into it on the Wi-Fi hotspot. Just browse it and leave.
As an extra security precaution you can install a plugin for Firefox and Chrome browsers called HTTPS Everywhere. This is developed by the EFF (Electronic Freedom Foundation) and encrypts the communication with those websites.
Disable Ad-Hoc networking
Ad-Hoc (computer to computer networks) can be a security concern. As a safety measure we recommend setting up Mac OS X to require an administrator password for this. Follow these steps:
- Click on Apple > System Preferences.
- Click on Network and Advanced.
- Chose the Wi-Fi tab and place a tick in the Create Computer-to-Computer networks underneath Require Administrator Authorization To.
- Click OK, then the red Close Window button in System Preferences and Apply.
How to set up a Mac OS X Firewall
Another good tip if you’re going to use public hotspots is to turn on the Mac OS X Firewall. Follow these steps to set up Firewall in Mac OS X:
- Click on Apple > System Preferences.
- Click on Security & Privacy and choose the Firewall tab.
- Click on the Lock icon in the bottom-left and enter your Apple password and click Unlock
- Click Turn On Firewall.
- Click the Lock icon again in the bottom-right to re-lock the System Preference pane.
There are other Firewall options available for Mac OS X. But the stock Mac OS X firewall is pretty secure, and certainly better than not using a Firewall.
Turn off Mac OS X Sharing options
If you’re going to use public hotspots on a regular basis then we’d advise turning off any sharing features that you’re not using. Open System Preferences and click on Sharing. We'd suggest turning all of these off:
- Screen Sharing
- File Sharing
- Remote Login
- Remote Management
- Internet Sharing
- Bluetooth Sharing
Stay safe on a public Wi-Fi hotspot by using a VPN
If you want to secure a connection then consider joining a VPN (Virtual Private Network). Some larger organisations create VPNs for their staff, but if you want to join a VPN then you can pay to connect to a VPN system. The way it works is that you connect to the VPN via the Hotspot, and it sits between you and the wider internet. It’s a good security system in general, but can slow down browsing speed, and is overkill for most people. Setting up a VPN isn’t the easiest Mac OS X task, but the easiest VPN we’ve seen is TunnelBear. It’s worth investigating if you are serious about your internet security.
Alternatively, look out for protected Wi-Fi services such as Purple WiFi. Gavin Wheeldon, CEO of Purple WiFi told Macworld: "Now, more than ever, WiFi users and providers need to gain a deeper understanding of potential threats to their networks. At Purple WiFi, the emphasis is on how we eliminate the complexity and uncertainty of locally managed hotspots whilst bringing new levels of simplicity, security and insight to the cloud. We’re currently implementing a number of positive measures to protect users and AP’s on our network, including but not limited to preventing direct IP-IP traffic on the hotspot, physical interface lockdown on web UI’s and removing AP package manager capability. We are also able to flash our routers at cloud-scale, should any compromise occur as well as implement an extra layer of checks for this to ensure tighter security. Moving forward, Hotspot 2.0 will soon bring mandatory on-client encryption, and should give people more confidence that they are connecting to a safe and secure hotspot, rather than being something that actually makes the AP safer. We will be observing the latest developments in the hotspot world with great interest, particularly in the field of security where our cloud-based approach can demonstrate its inherent strengths."