If we take a look at which countries have the best-developed public Wi-Fi networks, it quickly becomes clear that countries with smaller economies are leading the way worldwide. According to a recent study by Rotten WiFi, numerous smaller European nations belong to the top 20 countries offering public Wi-Fi. First two places go to Lithuania and Estonia, followed by Singapore and Switzerland. The Netherlands, UK and Denmark follow in places five, six and seven.
Major industrialized nations like Germany and France are missing from this list entirely, although it is clear that this subject is an important one in those countries. Heated debates are currently driven in Germany by a draft law aiming at exempting German hotspot providers from legal redress, while in France the government briefly considered prohibiting public Wi-Fi networks altogether in an effort to combat terrorism.
Quite apart from these discussions, free wireless Internet access in cafés, public places, hotels or airports is enormously popular among business users and the public. And yet there is very little concern about the security of hotspot users.
It is no secret that the security of many public hotspots is poor. Hotspots often transmit their data unencrypted. For this reason, public Wi-Fi networks are a popular target for what are referred to as man-in-the-middle attacks. This type of attack involves an intruder taking place between the hotspot and the users to take full control over the user data traffic. The attacker is thus able to read and manipulate all of the data transmitted over the hotspot network.
The evil twin hotspot – exposed in public
A typical scenario for man-in-the-middle attacks involves a rogue Wi-Fi hotspot, a so-called evil twin. The attackers set up cloned hotspots, which are given the same names as the public Wi-Fi networks from known hotspot operators. When a user connects to a fake hotspot, the attacker has full access to the data communication of the unsuspecting victim.
Just how easy this is was demonstrated recently by a product manager from Finnish IT security company F-Secure in front of a live audience at a Wi-Fi conference in Amsterdam: To create a hotspot clone (AKA evil twin), all he needed was a laptop, a commercially available Wi-Fi USB dongle, and some Linux skills, which are easily acquired with a little research on the Internet. The corresponding guides are widely available online. All he had to do next was to send a signal to the genuine hotspot, which caused all of the devices to disconnect and re‑connect with the cloned SSID operated by the fake hotspot. It was easy to intercept or sniff all of the data traffic with the connected devices.
Again an experiment by F-Secure in London in 2014 showed that under real conditions, users readily fell into the trap by connecting to a manipulated Wi-Fi hotspot operated in various public places. In no time at all, 250 devices logged in to the network and around 33 people, without hesitation, sent data via the fake hotspot. In a real-world scenario, this would have been a field day for criminals.
Both of these examples reveal the same problem: The client that logs in to the hotspot Wi-Fi is not a particularly intelligent device. It automatically connects to the Wi-Fi offering the strongest signal and does not differentiate between hotspots that are trustworthy or not. By using VPN technology (Virtual Private Network), however, you can be sure that your data stays secure—even if it is sent via a fake hotspot.
Safety first – It’s the VPN, stupid!
A fundamental cornerstone of secure connectivity is and remains a VPN client, or a VPN application on the device (current versions of iOS and Android have one already integrated). The VPN client establishes an end-to-end encrypted tunnel through the Internet to the VPN gateway at the company or to a VPN-capable router at home. Only from there does it connect to the Internet, securely.
The traffic flowing through this VPN tunnel is securely encrypted and is immune to interception or attack. This provides secure access from the hotspot to the network at the company or at home. When traveling, the VPN connection also provides secure access to company or private resources.
Hotspot users who operate in this way benefit from the same level of security as they enjoy at home or at work, and they can use any hotspot without further worry.
VPN clients are available for all operating systems, and many of them are free of charge. For a specific example of how to set up a secure VPN connection over a public Wi-Fi network using a VPN client and VPN router, see this document in our Knowledge Base.
Additional information about how to stay secure on public Wi-Fi can be found here: