Best Practice

The risks of public Wi-Fi

Public Wi-Fi represents one of the main attack surfaces for cybercrime, exposing users and businesses to serious security risks. Let's explore the risks associated with public Wi-Fi networks and the solutions for safe browsing.

Contact us

PRIVACY

I declare that I have read and fully understood the Privacy Notice and I hereby express my consent to the processing of my personal data by Reply SpA for marketing purposes, in particular to receive promotional and commercial communications or information regarding company events or webinars, using automated contact means (e.g. SMS, MMS, fax, email and web applications) or traditional methods (e.g. phone calls and paper mail).

Something went wrong with the form submit. Try again.

Scenario

Today, connectivity has become essential, both in private and professional spheres. This widespread need brings new challenges, foremost among them the necessity of having effective tools to defend against increasingly sophisticated threats: from data loss to phishing, to targeted attacks on network infrastructures.

Among the most critical points in terms of exposure, Wi-Fi networks represent one of the most exploited attack surfaces, often underestimated. The very nature of wireless – based on radio signals that propagate through the environment – makes it possible to intercept traffic even without physical access to the network.

Attacks such as Evil Twin, Man-in-the-Middle (MitM), DNS spoofing, and KRACK (Key Reinstallation Attack) are just a few examples of the techniques that can compromise the security of users and organizations. The risk is further amplified with the spread of smart working and mobility: workers accessing sensitive corporate resources from airports, stations, trains, or other public places often rely on unprotected Wi-Fi hotspots, underestimating the dangers. Even simple daily operations, such as making a payment or sending an email, can expose the user to serious violations if conducted through insecure connections.

According to a report from Cybersecurity Ventures, by 2025, the economic damages caused by cybercrime will exceed $10.5 trillion per year, with a significant portion related to network breaches and the theft of sensitive data. A study by WatchGuard also highlights that over 60% of MitM attacks exploit poorly configured public or corporate Wi-Fi networks.

At NET Reply, we support clients of medium and large sizes, primarily Service Providers and Utilities operating in strategic sectors, in strengthening their security posture, with the aim of reducing operational risks and increasing resilience of the IT/OT infrastructures.

Our Network Security offering is based on solid multidisciplinary expertise and a vendor-agnostic approach, leveraging best practices regardless of the technologies adopted. This allows us to operate effectively in complex, heterogeneous, and constantly evolving environments.

Our expertise covers several key areas:

  • Security Governance — including the definition of secure policies, controls, and processes, as well as key activities such as vulnerability management, security compliance verification, and adherence to industry regulations. In particular, we actively support our clients in aligning with the European NIS2 directive through targeted gap assessments that highlight technical and organizational improvement areas, helping plan the necessary financial and technological investments ahead of the October 2024 deadlines.

  • Perimeter Security and Network Segmentation where we offer advisory services, technology scouting, and design. We design and implement segmented, resilient architectures following a security-by-design approach, integrating devices such as routers, switches, access points, and next-generation firewalls. The goal is to isolate critical flows, reduce the attack surface, and ensure visibility and control over network traffic.

  • Secure Connection & Application Security — where we provide advisory, technology scouting, and design services through the adoption of robust, scalable solutions such as Privileged Access Management (PAM), Multifactor Authentication (MFA), WAF/Proxy, and redundant load balancers. These solutions allow secure, controlled, and compliant management of distributed access to enterprise applications and services.

The dangers of public Wi-Fi networks

In a constantly connected world, data is a valuable resource. Connecting to an unsecured Wi-Fi network can mean unintentionally making your personal information available to malicious actors. It is indeed common for “unethical” hackers to exploit these open networks to intercept sensitive data transmitted from users' devices.

Here are some of the most common threats associated with using public Wi-Fi networks:

Man-in-the-Middle (MitM):

In this type of attack, the attacker connects to the same public network as the user and listens in, intercepting the traffic between the device and the access point. This way, they can acquire credentials, login data, and other confidential information.

Evil twin

The attacker creates a fake hotspot, with a name very similar to the real one (e.g., “Linate Airport free” instead of “Linate Airport Free”). If the user unknowingly connects to the malicious network, all exchanged information can be read and used by the attacker.

DNS Spoofing

In this attack, the attacker alters DNS responses to redirect the user to malicious sites that mimic legitimate ones (such as banking portals or login pages), with the aim of capturing credentials or installing malware.

KRACK (Key Reinstallation Attack)

This vulnerability affects the WPA2 protocol, used for encrypting Wi-Fi traffic. By exploiting KRACK, an attacker can force the reinstallation of encryption keys, making it possible to decrypt traffic and intercept transmitted data.

Exploitation of vulnerabilities and misconfigurations

Poorly configured routers or those with outdated firmware can be an easy target. A hacker can access them to change settings, spread malware, or compromise connected devices.

How to protect yourself

Protecting yourself when using a public WiFi network is crucial to avoid security risks.
Here are some effective countermeasures:

Why choose Net Reply

Net Reply, thanks to its consolidated experience in Network Security, is a reliable partner for clients looking to invest in the security of Wi-Fi networks, a strategic component that is often underestimated in managing the attack surface.

In this area, we operate with a dual perspective:

  1. we support clients offering connectivity in designing Wi-Fi security-by-design solutions, based on logical segmentation, strong authentication, and continuous traffic monitoring;

  2. we assist organizations in strengthening remote access security to critical assets, especially when traffic passes over public Wi-Fi networks or those outside the corporate perimeter. In these contexts, often exposed to interception, unauthorized access, or vulnerabilities in access devices, we apply Zero Trust (ZTNA) principles to ensure secure, verified, and traceable connections even from uncontrolled environments.

Furthermore, Net Reply has integrated, within a portable solution called BoxNet, a stand-alone 5G Core and a set of network devices capable of extending radio connectivity both for 3GPP technologies, such as 4G/5G, and non-3GPP technologies, such as Wi-Fi, in areas characterized by limited or absent coverage, or insufficient bandwidth capacity.
Thanks to a dedicated connector developed by a technology partner, BoxNet allows the extension of 5G benefits and advanced functionalities, such as Quality of Service (QoS), orchestration, and network slicing, even to non-3GPP networks, such as Wi-Fi.