unisa logo

Using free public wifi could be putting you at risk of cyber attack

By Candy Gibson

Woman using free wifi at the airport Unsecured wifi is often found in airports, cafes, malls, restaurants and hotels.

Smartphone users desperate to conserve their mobile data are leaving themselves wide open to cyber attacks by accessing unsecured public wifi networks.

The warning comes in the wake of a recent study involving UniSA examining why mobile phone users put their security and privacy at risk, knowing the potential pitfalls.

The study, led by University College London (UCL), found that mobile users with restricted data (less than 4GB a month) were more likely to log into available unsecured wifi networks in a bid to conserve data once it dropped below 40 per cent. Depleting battery levels did not have a similar impact on mobile user behaviour.

Unsecured wifi – which means there's no special login or screening process to get on the network – is often found in airports, cafes, malls, restaurants and hotels. Agreeing to terms and conditions to gain internet access does not necessarily mean wifi is secure either.

Data transmitted via unsecured public wifi networks exposes smartphone users to hacking – from eavesdropping to malicious software attacks and the theft of personal and financial information.

“People are made aware of the risks, so it is puzzling why they still use these networks,” says UniSA Professor Michelle Baddeley, a co-author of the study and Director of UniSA’s Institute for Choice.

“Most web browsers warn users that unencrypted web pages are not secure, but the same cue is not visible to people using apps, which can expose them to risks they may not be aware of.

“One theory is that people (falsely) believe their devices are secure enough to mitigate the risks when using public wifi. Many users are also reluctant to download software because they believe it drains the battery and mobile data, even though updates can reduce the risks,” Prof Baddeley says.

The phenomenon is more surprising given that mobile data is becoming cheaper and faster, but this hasn’t stopped 76 per cent of UK mobile users and 58 per cent of Australian smartphone users from logging into unsecured wifi networks.

A 2017 Norton Global Wifi Risks Report also found that more than half of 15,532 survey participants from 14 countries were unable to resist using free public wifi and 80 per cent admitted using these networks to deal with sensitive information such as email and online banking.

Smartphone users can get around the security risks by installing Virtual Private Network (VPN) software on their phone that lets them access the web safely and privately by routing their connection through a server and hiding online actions. However, the uptake is low with only 25 per cent of UK and 10 per cent of Australian mobile phone users using a VPN.

Researchers say that apart from installing VPN software, making data plans cheaper and encouraging app developers, public wifi providers and telecom providers to encrypt transmitted data would mitigate the risks.

The study is the first to track mobile use in a natural setting via an app, revealing how users behave, as opposed to what they say or think they would do when public wifi is available. A total of 71 participants in the UK were recruited to install an app called My Wi-Fi Choices on their mobile phone and run it for three months in the background. The app captured details of data allowance and battery power.

Factors influencing users to use unsecured wi-fi networks: evidence in the wild was presented to the 12th Conference on Security and Privacy in Wireless and Mobile Networks in Miami, Florida in May 2019.