Cyber Attacks Via Public Wi-Fi

Shikha Tiwari

Assistant Professor - Department of Computer Science Kalinga University, New Raipur

People who work remotely, travel frequently or simply want to quickly check their email and social media while they are out and about, find public network Wi-Fi to be of great convenience. However, open Wi-Fi has historically been denigrated as a risky internet environment where your information is at risk. Spyware and rogue websites designed to lure you into giving up passwords or installing malicious software are among the top online security threats. Some of the common attacks are discussed below in this article.

Man in the middle attack

A man -in -the-middle (MITM) attack is a sort of cyber attack where an attacker can eavesdrop on and alter communication between two parties.

Hackers can easily mimic a network’s SSID causing reoccurring clients to connect to it automatically without the user realising they are not on the right network. The victim can connect to the internet and send data without having caused to suspect their security has been compromised since the hacker frequently configures their own laptop as a proxy server for internet access. After that, the hacker starts intercepting all packet traffic and data passing through this action is known as man-in -the- middle attack.

Session Hijacking

A session hijacking attack occurs when an attacker takes control of your internet session, for example while you are paying bills, checking the balance on credit cards or shopping online. Usually, browser or online application sessions are the targets of session hijackers. The attacker who hijacked your session may then perform anything you could do on the website. In essence, a hijacker tricks the website believe that they are you. A session hijacker can take control of an internet session and cause a lot of trouble for the user.

In order to access internet sessions, attackers have employed the following session hijacking exploits and tools

  • CookieCadger
  • DroidSheep 
  • FireSheep

DNS Spoofing

The word spoofing in the attack refers to the threat actor’s employment of a malicious website that closely resembles a user’s familiar official website. Due to the importance of DNS for the internet communication, poisoned records provide an attacker with the ideal phishing situation for obtaining sensitive information. Passwords, banking information, credit card number, contact information and geographic data can all be collected by the threat actor. The attacker can easily run a phishing campaign since the victim believes the website to be legitimate. The spoof site features aspects that the user can recognise and ideally does not have any warning signs that it is a fake.

How to prevent our own wifi with hacking?

There are some ways to prevent our wi-fi from getting hacked

  1. Set strong passwords i.e use mixture of uppercase words,lowercase words,numbers and special keys.
  2. Disable wps function from wifi admin panel.
  3. If there is need to use public wifi then avoid it specially while doing online payments.



  1. Ali, S., Osman, T., Mannan, M., Youssef, A.:On privacy risks of public WiFi captive

portals. In: Data Privacy Management, Cryptocurrencies and Blockchain Technology, pp. 80-98 (2019)

  1. Cisco, V.: Cisco visual networking index: Forecast and trends, 2017–2022 White

Paper, vol. 1,p. 1 (2018)

  1. Fang, Z., Fu, B., Qin, Z., Zhang, F., Zhang, D.: PrivateBus: privacy identification and protection in large-scale bus WiFi syste In: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, vol. 4 , pp. 1–23 (2020)
  2. Cheng, N., Wang, O., Cheng, M., Prasant, S., Aruna, : Characterizing privacy leakage of public wifi networks for users on travel. In: 2013 Proceedings IEEE INFOCOM, pp. 2769–2777 (2013)
  3. Sombatruang, N., Kadobayashi, Y., Sasse, M., Baddeley, M., Miyamoto, D.: The continued risks of unsecured public Wi-Fi and why users keep using it: Evidence from Japan. In: 2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1–11 (2018).
  4. Google: HTTPS encryption on the web.

https/overview?hl=en. Accessed (2020).

  1. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1388–1401 (2016)

Like this article?

Share on Facebook
Share on Twitter
Share on Linkdin
Share on Pinterest

Leave a Comment

Your email address will not be published. Required fields are marked *

Kalinga Plus is an initiative by Kalinga University, Raipur. The main objective of this to disseminate knowledge and guide students & working professionals.
This platform will guide pre – post university level students.
Pre University Level – IX –XII grade students when they decide streams and choose their career
Post University level – when A student joins corporate & needs to handle the workplace challenges effectively.
We are hopeful that you will find lot of knowledgeable & interesting information here.
Happy surfing!!

  • Free Counseling!