How safe is public WiFi exactly?

First of all, the most important thing for security is user awareness to threads. So tell your relatives what they shouldn't do (such as opening PDFs from Emails by senders they don't know), and maybe install some web protection (like Script blockers, Adblockers, etc.) and make sure they use up-to-date software (Browser, Java, Flashplayer, etc.). This way you can mitigate the possibility of infections. Concerning your questions:

Braders88 said:

1. When at my girlfriends house I use my 3G a lot. I was going to use the WiFi there for my emails, Facebook/Twitter, but I discovered they use a lot of Windows machines which have a couple of nasty viruses floating about on them. I understand the situation with Apple products and viruses but if I am using the same network wouldn't my information (passwords) be intercepted or compromised during the back and forth connection? Apologies if I have not explained that one too well.

Click to expand...

In short: if you access the websites via HTTPS, it is very unlikely an attacker can sniff your passwords. Nevertheless I would _not_ browse unsecured websites in such a network.
Longer answer: With HTTPS your connection is encrypted and an attacker needs to break the TLS security to sniff any data. Although there are possible attacks on TLS (see TLS B.E.A.S.T for example), an attacker would have to actively attack you and do a man-in-the-middle attack to steal your session data. Another possibility would be if he gets to poison your browsers TLS Root-certificates and he finds a way to get fake X.509 certificates for Facebook/Twitter and manages to provide them to you. This is *very* unlikely, and to manipulate your browsers Root certificates he needs to break the iPhone security, in this case you have lost already anyway. So: if you access websites via HTTPS it is highly unlikely that an attacker may steal any data.

Braders88 said:

2. My mother has joined the tech world and bought a tablet from her friend (Prestigo). She is not computer literate at all. She wants it for Facebook and everyday browsing. I understand it is Android and not as secure as Apple but I have to ask, if she visits a "not so friendly site" or ends up choosing to accept or download something containing a virus or something would my home network be at any risk of viruses?

Click to expand...

Difficult to answer this question. I'd say, yes there is a thread, if she doesn't take care at all. I don't know much about android exploits, but I'd say it is possible, that she could get infected and her infection be used as gateway to your home network. I think this really depends on how advanced current Android trojans are and what user machines you're running in your home network (unpatched Windows XP? ^^). If you're running current operating systems with available patches applied I would rate the thread as "low". But as said in the beginning, the best defense is user awareness (plus up-to-date software), so give your mother some coaching of what to do and what to avoid.

Hope this helps.

/edit

Forgot about Emails.. make sure you're using secured connections to your mail servers (you should do this anyway). Have a look at your Email Settings and check if you have SSL/TLS enabled.

Braders88 said:

Hello MacRumors community,

I just have a couple of quick questions that I am sure you awesome people could help me with.

1. When at my girlfriends house I use my 3G a lot. I was going to use the WiFi there for my emails, Facebook/Twitter, but I discovered they use a lot of Windows machines which have a couple of nasty viruses floating about on them. I understand the situation with Apple products and viruses but if I am using the same network wouldn't my information (passwords) be intercepted or compromised during the back and forth connection? Apologies if I have not explained that one too well.

2. My mother has joined the tech world and bought a tablet from her friend (Prestigo). She is not computer literate at all. She wants it for Facebook and everyday browsing. I understand it is Android and not as secure as Apple but I have to ask, if she visits a "not so friendly site" or ends up choosing to accept or download something containing a virus or something would my home network be at any risk of viruses?

Thank you guys for your replies, much appreciated!

Click to expand...

On both points, I would not worry. Even with viruses it is highly unlikely the windows boxes could intercept the wifi communications. One way to be certain is to make sure the router has a guest network with access to the local lan turned off.

With the second point, even IOS has been compromised in the past. I wouldn't worry more about android than IOS. You have a valid concern but it is misplaced in thinking android is more vulnerable.

So there are Windows boxes with viruses on them and no one is doing anything about it?

Login on secure servers, most are. Regardless of the network it's just as difficult to sniff out a password within or beyond the network.

Keep "download from unknown sources" off, on the Android tablet for her. It's the default setting and unlikely she will find it.

How safe is public WiFi exactly?

Why would you even care if someone were to "log your details"? What details are you referring to exactly? What would be logged? To where?

Why do you think your internet service provider isn't logging your "things" as well?

Edit: don't want to be rude or anything, just thinking why do you care about using some public wifi when you are anyway connecting to internet all the time. Or do you have some internet encrypting thingy going on at home? You use mobile networks, how safe can they be?

A public wifi is not safe at all.

rrares1996 said:

A public wifi is not safe at all.

Click to expand...

^This.

Winona Northdakota said:

^This.

Click to expand...

What do you mean?

YEEEE, my 1000th post on MacRumors.

I won't use a public hotspot unless I use a VPN and after I verify the name of the public hotspot with its owner (to make sure there isn't some tool using a MHS of their own with a similar name lurking nearby).

I have yet to read about somebody's iPhone or iPad being compromised on a public WiFi network.

How safe is public WiFi exactly?

rrares1996 said:

What do you mean?

Click to expand...

I agree with you. A public wifi is not safe at all.

----------

SpyderBite said:

I have yet to read about somebody's iPhone or iPad being compromised on a public WiFi network.

Click to expand...

Seriously? It's not the device that we are talking about. It's the information that is sent and received with any device over a public Wi-Fi that is insecure. At least, use a VPN or tunnel into a secure server, when using a public Wi-Fi.

Though, it is true, IPhones and iPads as devices are far less susceptible to being hacked into or compromised than other platforms.

Winona Northdakota said:

I agree with you. A public wifi is not safe at all.

----------




Seriously? It's not the device that we are talking about. It's the information that is sent and received with any device over a public Wi-Fi that is insecure. At least, use a VPN or tunnel into a secure server, when using a public Wi-Fi.

Though, it is true, IPhones and iPads as devices are far less susceptible to being hacked into or compromised than other platforms.

Click to expand...

Just out of interest, not saying you're wrong, but what exactly do you think might happen if you use a public wifi? Your information goes to where? What's being done with it then? Does this information stealing somehow affect your life or is it just the mere fact that your privacy is being disturbed that bothers you?

I perform pretty much everything on Public WiFi except Internet Banking.

Zenton said:

Just out of interest, not saying you're wrong, but what exactly do you think might happen if you use a public wifi? Your information goes to where? What's being done with it then? Does this information stealing somehow affect your life or is it just the mere fact that your privacy is being disturbed that bothers you?

Click to expand...

Arp packet spoofing and they can get all your information, accounts which you have used on public WiFi. Even can redirect to malicious website and control your PC

How safe is public WiFi exactly?

Zenton said:

Just out of interest, not saying you're wrong, but what exactly do you think might happen if you use a public wifi? Your information goes to where? What's being done with it then? Does this information stealing somehow affect your life or is it just the mere fact that your privacy is being disturbed that bothers you?

Click to expand...

My local coffee shop has free Wi-Fi. It's a commercial service where customers are given a login code. Everyone thinks they are safe and secure in their own little login bubble. I can launch my Wi-Fi on my MacBook Pro and using standard Unix built in Wi-Fi diagnostics, I can packet sniff all Wi-Fi traffic on the coffee shop's network. Anyone running OS X can do this.



When you connect to any W-Fi, other than your own, you are at the mercy of the person(s) who set it up and administer it to be safe. A good question is, why do we even have passwords and logins in the first place?

Let me grab a beer and nuts.......continue please hahahahahahahahaha.
Love the paranoia hahahaha.

karstas said:

Arp packet spoofing and they can get all your information, accounts which you have used on public WiFi. Even can redirect to malicious website and control your PC

Click to expand...

Who can get? An ill minded criminal, who would do exactly what with YOUR information? Credit card theft or something like that? Read your emails? Log into your Facebook and troll? Are you seriously afraid that something like that would happen? What about hacker groups who steal millions of passwords from various services, how can you ever register to a site since then your data is stored in some server and is therefore possibly "stealable"? Who do you know that someone isn't monitoring your cellphone?

I understand if one doesn't want to log in to his bank account in Starbucks' public wifi, but pretty much anything else is beyond me.

I stay away from public wifi as much as possible, only using it when I absolutely have to, and do not have access to my own LTE connections on AT&T or T-Mobile.

Even when I do have to use it, I always use VPN. It's far too easy to sniff traffic otherwise.

bandofbrothers said:

I perform pretty much everything on Public WiFi except Internet Banking.

Click to expand...

If your bank uses SSL, and if they don't, I would change banks immediately, then your data isn't at risk on public WiFi.

But logging into MacRumors via WiFi? Someone could easily sniff out your username and password.

I'd honestly avoid using them.

Most large companies deal with he public wifi problem by using a virtual private network,vpn,which provides an encrypted tunnel to a secured network. Once connected you can surf like normal, but everything will be encrypted. Without encryption people with a little knowledge can use software to see exactly what you do. Banks and most email service encrypted your password, some email service do not encrypt your email itself. Therefore someone could read your, emails, tweets, dirty selfies etc.

For someone who does not work for a company there are pay services out there that will provide a vpn for you. Hidemyass is a popular service and one noted by the media the hacker group anonymous used.

rrares1996 said:

A public wifi is not safe at all.

Click to expand...

This!

Which is why I always use VPN on public WiFi.