FBI warns against using free WiFi networks while traveling

FBI: Use your phone's mobile data connection instead.

Free WiFi Wi-Fi

Image: Paul Hanaoka

In its weekly tech advice column, the FBI warned holiday travelers about the danger of using free WiFi networks while traveling -- such as those found in hotels or airports. The advice is an old one, given by many others in the past, but one that needs repeating.

"Don't allow your phone, computer, tablet, or other devices to auto-connect to a free wireless network while you are away from home," the FBI said.

"This is an open invitation for bad actors to access your device. They then can load malware, steal your passwords and PINs, or even take remote control of your contacts and camera," the agency said.

FBI: Don't use public WiFi for sensitive operations

But the FBI also understands that users can't travel around the world without using any WiFi networks at all.

In these cases, the FBI recommends that users refrain from using a public, free, or untrusted WiFi connection for sensitive operations like checking bank accounts.

"A hacker would love your user ID and password - don't give it to them," the FBI said, referring to the fact that attackers can intercept traffic on public WiFi networks.

In most cases, this can be mitigated if the user is connecting to sites via HTTPS. However, this is not always a given.

If the attacker is in control of the WiFi router or access point (they physically own the device or they've hacked it), they can also intercept encrypted HTTPS traffic. Albeit more complicated, this is possible, and the reason why users shouldn't be using public or unknown WiFi for any type of sensitive operations, even if their connections are loaded via HTTPS.

FBI: Use your mobile data plan instead

Instead, the FBI recommends that travelers use their phone's mobile data connection rather than connecting their phone to an untrusted WiFi network.

If they need to connect a laptop, the FBI says you should create a mobile hotspot via your phone (where the mobile data connection is active), and let your laptop connect to the internet through your phone's mobile data plan.

And last but not least, the FBI also recommends that if you're not traveling and you're instead the one receiving guests, you should also "consider setting up a separate WiFi account for them."

"That way, if they are running unsecured devices on your network, you can segregate their vulnerabilities from your sensitive data," the Bureau said.