Following the release of Ofcom’s Communications Market 2014 report, it’s been shown that 77% of individuals who use WiFi connections outside of their own homes are not concerned with how secure it is.
Toyin Adelakun, a VP at Sestus, has provided the following comment explaining why exactly people should be more worried about the security of public WiFi connections:
“The dangers of indiscriminately using Wi-Fi outside the home are legion:
Sniffing: particularly if the Wi-Fi network is unsecured and uses no encryption, attackers can eavesdrop on or "sniff” your data, inspecting it for usernames and passwords and any other sensitive information. But note that encryption and sniffing are NOT mutually exclusive: an attacker might set up a Wi-Fi network with encryption and still perform sniffing (e.g. via a so-called “evil twin” network).
Man-in-the-middle attack: Using so-called ARP spoofing and session-hijacking methods, attackers can insert themselves between your device and a server, masquerading as you to the actual server, and masquerading as the server to you. Often, the attackers will use encryption, which makes the deception more convincing. Once thus inserted, attackers can modify or at least snoop on your communications.
Malware: An attacker with a computer on the same Wi-Fi network can be on the lookout for vulnerable laptops, and infect them with malware. The attacker might indeed be the person who set up the network, and might use a "captive portal" for the purposes of installing malware.
Data theft via File Sharing: Many laptop users have File Sharing enabled — as a feature of Windows or Mac OS. On public Wi-Fi networks, file sharing should be disabled — but in many cases is not. This opens the risk of unwanted access to data held on the laptop.
It is better to be safe than sorry. Always keep your operating software and anti-malware software up-to-date; switch off file-sharing when on a public Wi-Fi network; switch off Wi-Fi unless you absolutely need it; and unless you are establishing a VPN connection to a known or trusted network (e.g. your office VPN, or a commercial VPN to which you subscribe), only connect to sites that use SSL (HTTPS).”