Public Wifi - do I need protection?

[Trader]

I'll be overseas around the middle of this year and one option is to just pay $5 per day for data roaming.
The other is to jump onto public wifi and keep the data turned off.

The places I'm going will generally have a good coverage of wifi, so I'm not concerned about being out of range. And generally it's not an issue if I'm out of range anyway.

So my question becomes around how safe is it to use public wifi (mainly hotels) on my iphone?

Websites will tell you to get antivirus and use a VPN, but those websites are trying to sell you antivirus and VPNs, so its a little hard to tell if I actually need it or not.

I've used a VPN in the past (10+ years ago) when spoofing my location to get around the inplay betting laws in Australia. And a lot of the VPN stuff seems to be for getting around location restrictions on youtube, netflix, etc.

Do I really need it if I'm going to just be checking facebook, sending the odd email, and potentially using my internet banking app?

Do I need both (VPN and antivirus), is one better than the other, can I get away with neither?

Thanks in advance.

[beef]

Just got back from America a couple days ago.
Used free WiFi the whole time and had no issues, a few places where couldn't get any but 95% could get something and used uber Facebook and other pages with no issue.
My phone is a bit older than my other family members so they were able to connect to more options at times.
I'm probably one of the least tech savvy people in the world but was all pretty simple and don't think I got any viruses and phone seems to be running same as normal since being back.

[Jimmy_041]

I'm in the same boat Trader
I dont use VPN here unless for the same reasons as you

Cyber crime has developed since I last toured so I probably will use a VPN this trip

I am going to ask my IT provider what they think and what to use so I will let you know

[Trader]

Just got back from America a couple days ago.
Used free WiFi the whole time and had no issues, a few places where couldn't get any but 95% could get something and used uber Facebook and other pages with no issue.
My phone is a bit older than my other family members so they were able to connect to more options at times.
I'm probably one of the least tech savvy people in the world but was all pretty simple and don't think I got any viruses and phone seems to be running same as normal since being back.

Thanks.
Lines up with my thinking.

But equally once your comporomised its a massive problem to resolve.
Hopefully a few more tech heads can throw in their two cents.

[Jimmy_041]

@Trader

Morning Jimmy_041,

Honestly VPN's are really only used to bypass regional blocks e.g. China or accessing country specific content.

I know they are sold as adding more security when browsing however there is no net advantage to using one as instead of the internet provider storing the metadata, the VPN carrier does.

I only use one when testing access controls or running external traffic tests, or if I need to access say HBO America for a specific documentary.

[Trader]

Perfect, thanks.

[dedja]

Bumping an old thread, but just saw it so thought I’d add my 2c.

Generally, using public wifi is not advisable, reason being is that they are completely open security wise so anyone can join, meaning that your device is exposed to anyone else on the same public wifi network, and all traffic is ‘clear text’, unless the sites you use are end to end encrypted.

You are vulnerable to what’s known as ‘the man I the middle attack’. As default, most devices remember the wifi networks that they have previously connected to, and will automatically connect to one of those networks if they are available.

Bad actors can use this to their advantage, by creating a fake wifi hotspot with the exact SSID (wifi network name) of a real hotspot, which means that most devices that previously had connected to the real hotspot will then automatically connect to the fake one. The bad actors can then do whatever they like, creating fake sites that then will try to harvest info.

That said, if you’re roaming around a foreign country or on holiday, it would be unlikely that you’d be caught out by this scenario. To help mitigate this, just delete any hotspot on your device that you’re not going to use again, or not going to use in the immediate future, or just turn off auto-connect to wifi networks.

With regards to most activities on a device on a public hotspot, as long as your go to legitimate sites, then your are generally OK as most sites, including financial sites/apps, are end to end encrypted. If a site is not end to end encrypted (ie. HTTP instead of HTTPS), then all info is clear text, including usernames and passwords. To be honest, the use of HTTP is rare these days.

Agree with previous comments regarding VPN, it’s not a security mechanism and is practically useless to prevent being hacked. Anti-virus, yes, if it’s a windows laptop, but not phones and as a Mac user, I’ve never installed anti-virus in any of my Mac devices, ever.

So generally you will be OK, obviously it’s much, much cheaper than mobile roaming if overseas, but try to use anything but public wifi if you can.

Hope this helps.

[Trader]

Thanks Dedja,
I've been travelling a bit since that first post. Been risking the wifi without issue so far, but I guess it's only a matter of time. Play the game long enough you're bound to lose at least once.

Thanks for the info re the man in the middle attack, interesting and will certainly keep that in mind moving forward.

Yeah, most of my surfing is 'safe' via official apps, rarely spend time just browsing the net these days (other than SA Footy of course lol).

Interesting about the https, I note the bom,gov,au has moved away from it and no longer supports the s. Seems a strange move.

[Booney]

When we travel I take my current mobile and an old unit with no banking apps etc on there.

I take the old burner out to use as a camera and jump on the wi-fi when I need and just bluetooth the images from that phone to my current phone when back in the room. If I jump into a pool pissed ( again ) I lose nothing but an old phone.

[dedja]

Good pickup regarding bom.gov.au, indeed its not using secure HTTPS, but that’s actually not an issue at all because it’s just providing information, so there’s no user account and therefore none of your personal information required to access.

Interesting use case for a burner phone Boon