A recent survey shows that half of the respondents will choose to use public WiFi instead of mobile data when they are away from home.
But few users are aware of the dangers public networks may pose, and they make the risks even worse by not switching some of their phones’ settings off.
“One of the most ‘dangerous’ settings we usually have on our phones is the auto-join function,” said Daniel Markuson, a digital security expert at NordVPN.
“This function helps to connect your phone to a network automatically after you first logged in to it. The auto-join function may save you a couple of seconds a day, but it also puts the security of your device in danger. And that is why disabling it is highly beneficial.”
Why does the auto-join function put your device at risk?
The problem with the auto-join setting is associated with its ability to connect to a public WiFi network without the user’s permission. Public WiFi usually has an exceptionally low firewall when it comes to blocking hackers.
This weak security allows hackers to place themselves between users and the WiFi connection. So, when users enter their bank account details or any other kind of personal information on public WiFi, they can never be sure that a group of hackers is not accessing it, said NordVPN.
To understand the risks of the auto-join function better, it is important to know how it works. Phones that have the auto-join function enabled are configured in a way that, if a person manually connects to a network for the first time, the device will connect to this network automatically every time it is in range.
The problem is that phones recognise WiFi by its SSID (wireless network name), and a hacker can set a WiFi network with the same SSID as the safe network we were connected to before, said NordVPN.
A hacker’s WiFi with the same SSID as a secure network is often called “evil twin” WiFi. Even if users normally avoid using public WiFi and only connect to secured networks, they can still unknowingly connect to an evil twin hotspot if the auto-join function is on.
“Let’s imagine: on Monday, you went to your favourite cafe and manually connected to its WiFi network called “Starbucks WiFi”. You know that the network at this cafe is normally secured and you feel like you have nothing to worry about. But then, on Tuesday, a hacker can set up an evil twin network nearby with the same SSID (network name).
“And, when you come to grab your daily cup of coffee on Wednesday, you cannot be sure which network your device will automatically join,” Markuson said.
Once a user gets connected to an evil twin network, their device is under the hacker’s control.
Ways to keep your phone protected
Markuson recommends disabling the auto-join function to avoid connecting to an unprotected public network by accident. Using mobile data while away from home instead of WiFi in an airport, bar, cafe, or other public places can also help users feel safer. If the user still needs to connect to public WiFi, here are some things they can do to be more secured:
- Use a VPN. It is important to remember that a VPN is a beneficial software for anyone using public WiFi. It encrypts users’ data and doesn’t allow third parties to intercept it.
- Connect to secured WiFi. Choose public WiFi that is secured by strong and sophisticated passwords.
- Don’t make any purchases or connect to social accounts using public WiFi. The best way to keep your credentials (passwords, credit card details, etc.) safe is to enter them only on a secure network.
- Enable your firewall. While a firewall is not necessary over a secure connection, it is always a good idea to enable it while using public WiFi.