Public Wi-Fi Risks: Why Open Networks Are More Dangerous Than You Think

You''re at a coffee shop, airport, or hotel. You connect to the free Wi-Fi without a second thought. Millions of people do this every day — and most have no idea what they''re exposing.

Public Wi-Fi networks are fundamentally different from your home network. Understanding why — and what attackers can actually do — is the first step to protecting yourself.

What Happens When You Connect to Public Wi-Fi

When you join an open Wi-Fi network, your device communicates with the access point (the router) over radio waves. On an unencrypted network, that communication is broadcast in the clear. Anyone within range with basic tools can capture those radio signals and read the data.

Even on "secured" public networks (the ones with a shared password posted on the wall), the protection is minimal. WPA2-PSK with a shared password means anyone who knows the password can derive the encryption keys used by other clients on the same network.

The Five Real Attacks

1. Man-in-the-Middle (MITM)

The most common and dangerous attack on public Wi-Fi. An attacker positions themselves between your device and the access point, intercepting and potentially modifying all traffic passing through. This can happen through ARP spoofing (tricking your device into sending traffic through the attacker''s machine) or by setting up a rogue access point with the same name as the legitimate one.

What they can see: Every unencrypted request, including HTTP sites, DNS queries, and metadata from encrypted connections (which domains you''re visiting, connection timestamps, data volume).

2. Evil Twin Access Points

An attacker creates a Wi-Fi network with the same name as a legitimate one — "Starbucks_WiFi" or "Airport_Free_WiFi." Your device may automatically connect to it, especially if you''ve connected to a network with that name before. All your traffic now flows through the attacker''s hardware.

This attack is trivially easy to execute. A laptop with a wireless adapter and freely available software is all that''s needed.

3. Session Hijacking

When you log into a website, the server issues a session cookie that authenticates you for subsequent requests. On an unencrypted network, these cookies can be intercepted. The attacker doesn''t need your password — they clone your session cookie and access your account as if they were you.

HTTPS mitigates this for well-configured websites, but many sites still have mixed content issues, redirect chains that briefly expose cookies, or subdomains without proper cookie security attributes.

4. DNS Spoofing

An attacker intercepts your DNS queries and returns false responses, redirecting you to malicious sites. You type "bank.com" in your browser, but the DNS response points you to a convincing clone controlled by the attacker. If you don''t notice the missing HTTPS padlock or a slightly different URL, your credentials go straight to the attacker.

5. Packet Sniffing

Even without actively attacking your connection, an attacker on the same network can passively capture all unencrypted traffic using tools like Wireshark. This includes HTTP traffic, email sent over unencrypted SMTP, FTP transfers, and DNS queries revealing every site you visit.

"But Everything Uses HTTPS Now"

HTTPS has improved significantly — as of 2026, over 95% of web traffic is encrypted. But HTTPS alone doesn''t fully protect you on public Wi-Fi:

DNS queries are still visible. Standard DNS is unencrypted. Even if the content of your communication with a site is encrypted, anyone watching can see which domains you''re connecting to. DNS over HTTPS (DoH) and DNS over TLS (DoT) address this, but they''re not universally deployed.

SNI leaks your destination. When establishing a TLS connection, the Server Name Indication (SNI) field reveals which domain you''re connecting to. Encrypted Client Hello (ECH) is still in limited deployment.

Not all apps use TLS properly. Mobile apps, IoT devices, background services, and some desktop applications may still use unencrypted protocols for syncing, notifications, or telemetry.

HTTPS doesn''t prevent MITM on the connection layer. An attacker controlling the network can still see connection metadata, perform traffic analysis, and potentially downgrade connections where possible.

How to Actually Protect Yourself

Use a VPN

A VPN encrypts all traffic between your device and the VPN server — not just HTTPS traffic. DNS queries, app traffic, background syncs, everything goes through the encrypted tunnel. Even if an attacker has full control of the Wi-Fi network, they see only encrypted VPN traffic.

Key features that matter on public Wi-Fi:

Kill switch — If the VPN drops, all internet access is blocked until the VPN reconnects. Without this, your device may briefly send traffic unencrypted.

DNS leak protection — Ensures all DNS queries go through the VPN tunnel, not the local network''s DNS server.

Auto-connect on untrusted networks — The VPN automatically activates when you join a new Wi-Fi network.

Split tunneling — Route sensitive traffic through the VPN while allowing local network access for things like casting to a nearby device.

Additional Measures

Disable auto-connect. Your device remembers Wi-Fi network names and auto-joins them. An evil twin with the same name will fool your device. On iOS, go to Settings → Wi-Fi → Ask to Join Networks. On Android, disable auto-connect for public networks.

Use cellular when possible. Your cellular connection is encrypted between your device and the cell tower, and intercepting it requires significantly more sophisticated equipment than public Wi-Fi attacks.

Enable two-factor authentication. Even if session cookies or credentials are intercepted, 2FA adds another layer that the attacker would need to bypass.

Verify HTTPS. Before entering any credentials, verify the padlock icon and the full URL. Be especially cautious if your browser shows any certificate warnings.

Forget networks after use. When you''re done with a public network, tell your device to forget it. This prevents automatic reconnection to potentially spoofed networks with the same name.

The Scale of the Problem

These aren''t theoretical attacks. In 2023, a security researcher demonstrated at DEF CON that a $20 device could intercept traffic from dozens of devices simultaneously on a hotel Wi-Fi network. Corporate espionage campaigns have been documented using evil twin attacks at industry conferences. Airport Wi-Fi networks are consistently among the most targeted.

The convenience of public Wi-Fi is real. So are the risks. The solution isn''t to avoid public networks entirely — it''s to use them with appropriate protection.

---

CasperVPN automatically secures your connection on untrusted networks with WireGuard encryption, kill switch, and DNS leak protection. Download CasperVPN — free plan available.