A lot of people find themselves passing through airports frequently, either with work or travel. Along the way they may need to use the Wi-Fi services offered at airports. How safe is the Wi-Fi at airports though?
In short, airport Wi-Fi is another form of public Wi-Fi, which as we have covered elsewhere, is not a particularly safe form of Wi-Fi. The huge number of people accessing Wi-Fi at airports means it is a very open network and therefore we do not recommend logging into any accounts or entering sensitive information over airport Wi-Fi without first using a VPN.
Let’s break the issue down into different levels of security:
- Browsing on airport Wi-Fi without any form of security at all is not recommended at all, except for the most casual light browsing where you aren’t entering any personal details.
- Using airport Wi-Fi on sites with the green HTTPS padlock is slightly more secure, but still not really recommended on any public Wi-Fi network. You data could still be intercepted.
- Using airport Wi-Fi with a VPN is safe and is the recommended option almost all of the time, especially when entering sensitive information.
Let’s look into the issue of airport Wi-Fi, HTTPS and VPNs in more detail.
There is so much waiting around at airports it can be tempting to use the Wi-Fi to pass the time. We don’t recommend doing this to access personal accounts without a VPN
The Dangers of Using Public Wi-Fi Unsecured
Most airports around the world offer a combination of free and paid Wi-Fi. It is often the case you can get a certain period of time free, like 30 to 60 minutes, and then have to pay for further Wi-Fi use. At some airports you will find Wi-Fi that is totally free. In airports where you have to pay there are also some tricks you can do to get past the paywall and access the Wi-Fi for free.
However airport Wi-Fi is just another form of public Wi-Fi , about which we have covered the dangers of in another article. In short, we concluded that public Wi-Fi is not safe and has numerous known security vulnerabilties that leave data sent over it to be exposed to interception.
There are some qualifiers to this, such as the size of the network and the number of users connecting to it, and this is where the security issue is particularly important for airport Wi-Fi. Connecting to a small Wi-Fi network in your local coffee shop along with only a few others, all of whom you know well, is one thing. Connecting over airport Wi-Fi which can often have thousands of users, none of whom you know, is quite another.
There is just not the same level of control over access and security that you would have on a home Wi-Fi network, which do have some security issues but are much more manageable. See our article on making your home wireless network more secure.
The limited number of users, and the fact these users are known and trusted, makes managing security on them much easier. Also the account holder has direct access and control over their network settings to set a level of security that suits. With airport Wi-Fi you don’t have the same control – someone else is in charge of security on the network and public Wi-Fi tends to be set up for convenience rather than security.
Therefore, the point number 1 we mentioned above – browsing on airport Wi-Fi totally unsecured without any security measures – is not recommended except in the most narrow and non-security sensitive contexts.
Here are a few examples of what we mean by this:
- Browsing to check weather forecasts, sports results, news or something else that is not security sensitive.
- Streaming videos on a site where you aren’t logged in.
- In short, any scenario where you are not entering any personal details, and are not bothered if someone else could see what you were doing (because someone who knows what they’re doing can on public Wi-Fi)
Let’s move up one step in terms of security – to the HTTPS protocol.
Browsing on Airport Wi-Fi With The Green HTTPS Padlock
Browsing on airport Wi-Fi on a site which has the green https “secure” padlock in the corner does add another level of security. It basically means that connection is encrypted with basic algorithms, and should in theory not be so open to hacking and interception.
You could argue that this HTTPS protocol takes care of most of these public Wi-Fi security issues, since almost all the major sites where you can login or enter personal details already have this enabled anyway, to make sure any details are entered over secure connections.
However, recent studies have shown that even this protocol can still be hacked by someone who knows what they’re doing.
A huge security flaw in the current WPA2 Wi-Fi protocol was actually discovered by a group of Belgian researchers in the so called KRACK attack in 2017. They were able to trick an access point into thinking they were the intended recipient and not the actual device by exploiting a flaw in a security protocol that is present on most access points.
See here for an excellent article that goes into the subject. Most importantly, the study showed that even data that was previously considered to be “green padlock” secured was still able to be intercepted using the hacker’s method. A newer, tighter Wi-Fi protocol was released but vulnerabilities with public Wi-Fi still remain.
Using airport Wi-Fi with the green https padlock is more secure than not having it, but still not really recommended on any public Wi-Fi network.
Here’s a summary of the recommended do’s and donts for using airport Wi-Fi with the https padlock:
- Basic, non security sensitive browsing as mentioned above (should be safe on HTTPS)
- Video streaming
- Still not really recommended for logging into accounts or entering other sensitive details or doing payments over a public Wi-Fi connection. You do so at your own risk.
Putting The Security Risks in Context
A critic could argue that this is way overblown and that there is really nothing to worry about. After all, of all the places hackers could go and try to steal sensitive information, why would they go to airports, one of the most security conscious places on earth, where there are cameras and surveillance everywhere?
This is a fair point. It is not the most obviously logical place to go for a hacker or identity thief. They are probably more likely to target hotels rather than airports, for a number of reasons we have covered in our article on hotel Wi-Fi.
However, it could also be argued that a busy airport could be the perfect place to blend in even despite the security simply because of the sheer number of people. Also, skilled hackers will always take steps to cover their tracks and will very difficult to detect amongst the thousands of people using devices in an airport.
Therefore, the fact still remains that using any form of public Wi-Fi, even with the HTTPS padlock, does leave you open to having your information stolen by someone who knows what they are doing.
See the video below from hacking expert Frank Heidt, where he confirms that hacking public Wi-Fi networks is easy for someone who has the technical know-how.
Here is a summary of the main things which count against airport Wi-Fi being safe:
- The sheer number of people connecting to Wi-Fi at airports (hundreds or thousands)
- The fact that all these people are unknown strangers.
- The lax security on many airport Wi-Fi networks – most public Wi-Fi is set up for convenience and ease of use rather than security.
- As with hotels, the lax mindset of many people in airports, who are often on “holiday mode” and letting their guard down, not as safety conscious and uptight as they may be in normal daily life.
This is why it is probably better to be safe than sorry. Many people may get away with just using HTTPS – hackers in airports are in reality not likely to be very common.
Entering sensitive information like usernames, passwords and card details over public Wi-Fi such as at airports can be dangerous and risk interception by hackers and identity thieves.
But if you are the rare person that gets caught out, all the hassle that can entail getting hacked – cancelling cards, getting new ones issued, proving transactions were fraudulent, resetting all your login details etc. can be a nightmare to deal with.
This is why the best option is really to use a VPN. Let’s cover this in the next section.
Use a VPN to be More Secure on Airport Wi-Fi
Anyone using airport and other public Wi-Fi on a regular basis should ideally use a Virtual Private Network or VPN to secure their browsing and keep their personal details and passwords private.
A VPN is a piece of software which creates a virtual tunnel for your browsing data, encrypting and securing it so no one else can see or intercept it. For safety conscious browsers it is an essential security tool if using public Wi-Fi on a regular basis for logging into personal accounts.
As we mentioned, even having the green “secure” padlock when visiting a page on public Wi-Fi does not guarantee total safety. Whilst it is definitely more secure than not having it, cybersecurity researchers in the so called KRACK attack project in Belgium in 2017 were able to get past even this layer of security on a Wi-Fi network.
A VPN is preferable as over this connection all traffic is encrypted or “scrambled” at each end using much more powerful algorithms and only unscrambled once it reaches the other end. Intercepting data on a VPN is virtually impossible; at best a hacker could see only that traffic is being sent, but they will never be able to see what that traffic actually is. They just see an encrypted connection.
Both Free and paid VPN services are available. However, in our experience, the free VPN services are most often unreliable and painfully slow in their service, delivering a connection that sometimes makes even basic browsing very slow, and streaming impossible. For regular Wi-Fi users it is best to get on a paid service, which offers faster more reliable servers.
There are dozens and dozens of VPN services now, all of which do pretty similar job but for simplicity, we will embed a comparison table of four well known VPN providers – Nord VPN, Vypr VPN, Express VPN and Tunnelbear.
Each service has it’s pro’s and con’s, but they all deliver a secure, encrypted connection for the user ensuring that all browsing is secure on any Wi-Fi network.
Some Paid VPN Services – Click to Compare (affiliate links)
|Provider||Price (12 months paid in advance)||Number of servers/countries||Number of Devices Allowed||Main Benefits|
|Surfshark||$2.50/month (24 months)||3200+/65||Unlimited||Cheap and 30 day risk free trial|
|NordVPN||$6.99/month||5300+/61||6||Choice of Servers & Double Encryption|
|Tunnelbear||$5.00/month||41+/41||5||No Nonsense Simplicity|
*Offers and Flash Deals are very common with VPNs, so if you click the links to check the price, you may often find a better deal than the one listed.
*Tunnelbear do offer a free plan but it only comes with a 500MB monthly data allowance. Will work for very light, occasional browsing, but for any kind of heavy browsing, video streaming or downloading you will probably need a paid plan.
Signing up for a VPN is usually very easy. You simply visit their site (click on one of our affiliate links above for each provider), sign up, pay your subscription, download their product and boot up the program. Once running you simply select a preferred server location and open the VPN connection. You now have a secure connection that no one else on that Wi-Fi network can see or access.
A VPN is an excellent investment for security and piece of mind for anyone who is using Wi-Fi at airports and other public places on a regular basis, like regular holidaymakers, people who travel internationally with work, and digital nomads.
Airports and hotels are particular instances where a VPN is of benefit, as these are large unsecured networks with lots of strangers connecting. Therefore securing your traffic becomes an even better idea when entering personal information a lot over these networks.