In partnership with Google, Indian Railways is now offering RailWire, free public WiFi through 700 stations, giving access to 8 million people a month. That’s great. But there are definitely some security concerns you should keep in mind before you jump on free public WiFi.
Keep in mind that anyone can name a WiFi network “RailWireFREE” or something similar. If you join a rogue network that would give someone else, who could be up to no good, almost full access to your traffic.
Even if you join the official network, keep in mind that you’re on an open network, even if it requires login credentials. If you open up your bank’s mobile app and start performing some transactions, your data should all be encrypted. However, a skilled hacker could strip the encryption off your connection, find the session token and stay active in that session until you log out. Now that hacker can manipulate your account and possibly perform some transactions of his own.
If you’re at the rail station using RailWire and you’re browsing unencrypted sites, anyone on the network can inject a dialogue that could attempt to phish your RailWire credentials or credentials to many of your other accounts.
You’ll be safer if you’re doing banking or shopping when you’re on a network you’re sure is secured. Or if you can’t wait, you need an extra layer of protection.
That layer is known as a VPN or a virtual private network. Many free or public providers suggest using a VPN because it’s ultimately you who is responsible for the security of your device, as they don’t control all the devices on that network.
Without a VPN, it’s trivial for anyone else using the same WIFI to see big parts of your traffic, even if that network is password protected. You should use a VPN on your laptop, on your phone and your tablet whenever you are on any network that is accessed by strangers, especially if you’re doing anything online that involves your private financial data. This is true for WiFi networks on trains or subways. And it’s even true for hotels and workplaces where you can’t be sure the network is trustworthy.
Even if you’re a paying subscriber to a service like RailWire, it’s recommended that you use a VPN. A VPN adds an extra tunnel just for your data, even on compromised network. So if your data is in danger, it won’t even connect.
Expect more and more public and private partnerships to offer WiFi in public. So don’t get used to relying on the security of strangers. Instead sure you’re inside of your own private virtual network to do anything but just casually surf the web, or just wait until you’re somewhere where you can be sure you’re safe to connect.