November 27, 2015 at 1:23 p.m. PST
Public WiFi networks typically don’t offer encryption or security. This article covers how to secure your iPhone on public WiFi hotspots.
Mobile computing provides us with the ability to work, communicate and play just about anywhere. Go to any coffee shop and you’ll see people using a computer or mobile device. Joining a public WiFi network can save on cellular data costs. Unfortunately, most public WiFi hotspots are not secure. Let’s take a look at the risks of using an unsecure hotspot and how you can protect yourself.
Risks of Public WiFi Hotspots
WiFi isn’t a singular technology. There are different WiFi standards, protocols and security methods. For most users, these choices are abstract. We usually just connect to the public WiFi hotspot with the strongest signal. Over the years, WiFi security has evolved and improved. Even with these improvements, most public WiFi hotspots don’t offer encryption.
Public WiFi hotspots are available to anyone who joins the wireless network. For the most part, these are frequented by normal, everyday users. Unfortunately, these open hotspots can attract malicious users looking to steal data. If you are using your iPhone on an unencrypted network, it may be possible for a hacker to steal your user IDs, passwords and even credit card numbers.
The worst case scenario is a counterfeit WiFi network. A malicious user can easily set up their own WiFi network, simply by using a laptop computer. They can give the WiFi network an innocuous name in order to entice unsuspecting users into joining the network. Once you have joined this fake WiFi network, the hacker can steer you to malicious websites and steal your data. For example, they can direct you to a fake version of your banking website and grab your login information.
Apps might not be more secure than a website. Many apps are simply wrappers around an embedded web browser. They might not look like a browser, but for all intents and purposes, they are. A well-designed app will ensure that you aren’t connecting to counterfeit server. As a consumer, you won’t be able to tell if an app is secure or not. It is possible to verify the security of a website, but this can also be spoofed.
Most public WiFi networks just aren’t secure. The WiFi hotspot itself might be a trap. If you find this troubling, rest assured, there are steps you can take to enhance security. Let’s take a look at how to secure your iPhone on public WiFi.
Ensure that the WiFi Network is Legitimate
If you frequent a coffee shop or other location, you probably know the name of the WiFi network. If you see multiple names where there used to be just one, it’s possible the additional network is malicious. Talk to an employee and ask if they added another hotspot. If not, it’s probably counterfeit and they may want to take action.
Whenever you are in an unfamiliar location, ask the proprietor if the WiFi network is legitimate. This might not always be an option. Some locations, such as parks, might not have any employees to verify the network. If this is the case, you can still secure your iPhone.
Internet service providers sometimes offer their own public WiFi networks. For example, Xfinity offers public WiFi hotspots all over the nation. These hotspots will typically require a user to authenticate with a username and password. Branded hotspots, like Xfinity WiFi are prime targets for malicious networks. They can even spoof the authentication page, making it seem like you logged in to a legitimate network. Unfortunately, there’s not much you can do to verify that these hotspots are legitimate.
I use Xfinity WiFi all the time, and feel it is a good service. It would be better if they added more security features. If you are a Comcast subscriber, you can login to their secure portal. If you buy an Xfinity WiFi pass, no such security is offered.
Even if the WiFi network is legitimate, most public hotspots are open and offer no security. A malicious user connected to the network can intercept sensitive data. Let’s look at how to find the hotspot with the best security. This might not be an option, as most public WiFi hotspots are open and don’t offer encryption or security.
Connect to A WiFi Hotspot with the Best Security
If you have the option of using a secure public hotspot, it’s your best bet. With encryption, other users on the WiFi hotspot won’t be able to access your data. A secure hotspot will require a password. In such cases, the proprietor of the business will usually provide the password. This also prevents non-paying customers from freeloading on their WiFi.
Tap on Settings > WiFi and look at the list of available networks. Networks with a lock icon are secure. You can tap on each network to check which type of security is offered. Some of the older methods of encryption are easy to crack on a laptop computer. Wired Equivalent Privacy (WEP) is an old WiFi encryption standard that is easily cracked. Unfortunately, it is still used because people have older WiFi routers. If you can only connect to WEP, consider this to be an unsecure connection. We’ll look at how you can ensure security on these networks later in the article.
WiFi Protected Access (WPA) is a much better standard for security. WPA2 is an updated version of this encryption technology. It uses 256-bit encryption, making it much harder to crack. If you have the option, connect to a WPA or, preferably, a WPA2 network. Unfortunately, WPA2 security can be cracked. It takes much more effort, but it can be done. Fortunately, there are other ways to stay safe and secure on WiFi hotspots.
Check Security Certificates on Websites
It’s not just public WiFi hotspots that are unsafe. When you visit a site or use an app that communicates over the Internet, your data hop from server to server. Anyone along this path can intercept this data using a packet sniffer, if it is unencrypted. Websites that handle sensitive data usually use Secure Sockets Layer (SSL) security. Encrypted websites display a lock icon on the address bar. This means that data exchanged between you and their server is done securely.
There’s a problem with SSL. It’s possible for malicious websites to get SSL certificates. Anyone can generate their own SSL certificate. Legitimate sites purchase SSL certificates from a certificate authority. These corporations vet the company and make sure they are legitimate and authentic. Having gone through this process, I know that they really do ascertain the legitimacy of the certificate holder. You can verify the validity of an SSL certificate by tapping on the lock icon in the address bar. Check to see if the site is legitimate based on the information displayed.
For the most part, browsers keep tabs on legitimate certificate authorities. If the certificate looks valid, it probably is. An SSL protected site with a valid certificate can prevent malicious users from browsing your data. Unfortunately, some sites have lapses in SSL security. For example, a poorly developed shopping cart application could pass sensitive information in clear text (unencrypted). Always make sure to bank and shop with reputable companies.
A Virtual Private Network (VPN) is the gold standard for Internet security. Most corporations force remote workers to use VPN. It enables remote workers to securely access the corporate network, just as if they were in the office. This technology isn’t just for corporations. Concerns over Internet privacy have caused the VPN industry to blossom. Anyone can now get excellent VPN service for a few dollars a month. You should always use VPN when connecting to open public WiFi hotspots.
VPN works by creating a virtual tunnel between your computer and the VPNs host servers. No one on the WiFi network can intercept this data. In fact, no one on the Internet can either. It’s about as secure as you can get. That’s why corporations use it.
IPVanish offers a fast and affordable VPN service. I have no affiliation with IPVanish, other than being a customer. I have used the service for about a month and it’s excellent. The speeds are very fast — only slightly slower than a non-VPN Internet connection. VPN will slow down your Internet connection, as the communication is encrypted. Also, the VPN service is another bottleneck, as your Internet traffic moves within their servers. I haven’t experienced slow speed at all. If my non-VPN connection is 15 Mbps, I get about 11-13 Mbps with VPN. This is fast enough to stream HD video and leave extra bandwidth for other applications. Whatever VPN service you use, make sure they are a reputable company. There are free VPN services that are malicious and will steal your data. If it looks too good to be true, it probably is.
There are other advantages to using VPN, even if you’re not on a public WiFi hotspot. Many ISPs engage in a practice known as “deep packet inspection”. They examine the data of their customers and throttle speeds for specific uses. For example, they may selectively slow down speeds for streaming video. If Netflix is in SD, but Speedtest shows fast download speeds, your ISP may be using deep packet inspection against you. If you stream Netflix over VPN, they can’t inspect your Internet traffic, and therefore can’t throttle you in that way. They can lower your overall speed, but you would see that on Speedtest. VPN is a great way to improve the performance of streaming video and fight back against this unfair practice.
IPVanish, unlike other VPN services, also acts as a firewall. When you are connected to IPVanish VPN, no one can hack into your computer, whether at home or on a public WiFi hotspot. This adds another layer of security and peace of mind.
There are other advantages to VPN. If you live overseas, VPN can make it seem like you are in another nation. For example, if you live in a country that doesn’t have access to Hulu or Spotify, you can use VPN to access these services. VPN also prevents geotargeting and greatly enhances privacy. IPVanish hides your IP address by using the same address for multiple users. No one can tell what you’re doing online, as it is obfuscated by a shared IP address.
You can download the IPVanish app from the App Store. Their app offers a convenient way to sign up, but I recommend shopping around online. IPVanish offers great deals from affiliates and directly on their website. With a little effort, you can get VPN for less than $5 a month, and use it on your iPhone, iPad and computer.
Use Cellular Data Connection
Cellular data connections for smartphones offer encryption and security. Although cellular data is typically expensive, there are good reasons to use it. You don’t have to use your cellular data connection for everything. If you are just going to watch some streaming video, the public WiFi network is probably good enough. Banking and anything that requires security should be done over a cellular connection if your WiFi network is unsecure and you’re not connected to VPN. These transactions won’t consume a lot of data.
You can turn on cellular data by turning off WiFi. Simply swipe your finger up from the bottom of any screen to reveal Control Center. Tap on the WiFi icon to toggle the wireless connection off. You should see a 3G or LTE icon on the top left of your iPhone, next to your carrier’s brand. If you don’t see this, tap on Settings > Cellular and turn on cellular data. Be careful not to go over your cellular data limits. You can check your usage by tapping Settings > Cellular. Most carriers also offer an app to check usage. Verizon even offers a widget with current cellular usage statistics.
We’ve looked at various ways to secure your iPhone on public WiFi networks. If possible, try to connect to a secure, encrypted WiFi network. VPN is one of the best ways to ensure security on any network. If VPN is too costly, consider using cellular data for sensitive activities, such as banking and online shopping. With a little knowledge and care, you can prevent malicious users from stealing your data.