Hacking Easy at Free Public Wi-Fi Spots

Putting privacy to the test at a local hotspot

Millions of people are logging into Free Wi-Fi at public places every day. However, “free” may actually come at a big price to your privacy.

I went to a local Starbucks to find out just how vulnerable we really are. The coffee shop was crowded with people on computers. 

I grabbed a cappuccino and a corner table and used the AT&T Wi-Fi to log onto Facebook. Sitting at the next table was cyber security expert John Gannon. He was watching it all on his computer.

It took just seconds for Gannon to hack into my account and post something, pretending to be me.

I wasn’t the only one he could see. From his computer he detected 30 other vulnerable accounts in the area.

I approached some of those people, and asked them if they would let us hack into their Facebook accounts. 

Thomas Stewart agreed. Gannon speedily hacked into his account, and was able to see all of his messages, and, from the next table, tell him whom he emailed last.

“I think that’s scary," Stewart said. "I have a lot of information in here, that I need to keep private." 

Gannon said the accounts he hacked were easy to access. He also could have hacked into any page that was not encrypted.

Local

Get Los Angeles's latest local news on crime, entertainment, weather, schools, COVID, cost of living and more. Here's your go-to source for today's LA news.

Survivor of Oct. 7 Hamas' attack on Israel music festival speaks out in Los Angeles

All lanes of eastbound 60 Freeway shut down in Riverside County

“I had full control of their accounts, Gannon said. "I could do anything they could have done, as if they had logged into Facebook on my machine and kept it there for me to play with.”

What's concerning is that the application he used to hack into these accounts is available for download from the Internet.

How do you protect yourself?

First, when you are using free public Wi-Fi, make sure that you are surfing on a secured site.

How can you tell? 

Look at your address bar in the browser. If it starts out with httpS – then it’s safe. The S means it’s secure and encrypted, Gannon said.

If the site address starts out with http, without an S, then you leave yourself vulnerable.

The good news is, on many of social networking sites, you can change your settings so that you're always on an "https" connection.

To see a step-by-step video (embedded, left) showing how to change your secure browsing settings in Facebook, click here.

The more secure setting isn't automatic because it creates more "stress" on the servers, Gannon said.

"If everyone was to connect over https the same time, it would slow down their site,” he said.

For broader protection, Gannon says you can download plug-ins for your computer like Firefox’s “Https Everywhere” that will enforce an https connection anywhere that it’s available for every website.

To prevent your computer from latching onto unsecure networks automatically, turn off Wi-Fi on your computer when you are not using it.

The best way to stay secure is by connecting to a VPN network, a virtual private network, which are common in the business world and which can also be set up for personal accounts.

"Basically what it allows you to do is to connect directly to that network and tunnel your traffic to that network,” Gannon said.

Also, Gannon said, phones are more secure than iPads and laptops when browsing on free Wi-Fi hotspots.

Follow NBCLA for the latest LA news, events and entertainment: Twitter: @NBCLA // Facebook: NBCLA

Contact Us