
Is public WiFi dangerous?
AFP via Getty Images
Republished on July 22 with additional analysis of the unsecured network threat.
Holiday season is now upon us. And as we head to airports across the U.S. and overseas, the Transportation Security Administration (TSA) has issued new warnings for all smartphone (and PC) users to stay safe and secure at airports while traveling.
The first warning plays into the controversial risk of juice jacking. This is where you’re tricked into plugging your phone into a public charging socket in a hotel or mall or airport. “So, when you’re at an airport do not plug your phone directly into a USB port. Bring your TSA-compliant power brick or battery pack and plug in there.”
TSA’s second warning plays into the even more controversial risk of public WiFi. Nothing irritates cybersecurity professionals more than blanket warnings about public WiFi, given that most traffic to and from your smartphone is now encrypted.
Forbes‘One In Four’ Smartphone Owners Must Upgrade This YearBy Zak Doffman
But TSA has warned smartphone users nonetheless. “Don’t use free public WiFi,” it says as one of its “two best tips for staying cyber safe at airports while you’re traveling.” That means do not connect to free airport networks as most of us do. This is especially true, it adds, “if you’re planning to make any online purchases,” and also warns “do not ever enter any sensitive info while using unsecured WiFi.”
So, is this right? In general, public WiFi is fine — and that includes airport WiFi. As the FTC says “because of the widespread use of encryption, connecting through a public Wi-Fi network is usually safe.” But be sure to follow those golden rules when connecting:
 Disable auto-connection to public or unknown WiFi networks
 Do not download any software or provide any data other than an email address into a captive portal that gate-keeps your access to a WiFi network.
 Ensure that all website connections are encrypted — check for the padlock, and do not enter any sign-in information into an unexpected popup on your device.
 Check the WiFi network identifier carefully before joining — if it’s a hotel, airport or mall, or even a coffee shop, be sure it’s the official network for the location.
 VPNs do make you more secure — but only reputable, paid VPNs from bluechip developers. A free VPN or a Chinese VPN is more dangerous than no VPN at all.
The mobile security specialists at Zimperium have just issued their own public WiFi warning for smartphone users “especially during travel when vigilance is low.” With free public-WiFi everywhere,” they say, “attackers know exactly how to strike.”
ForbesMicrosoft Deletes Your Passwords In 10 Days—‘You No Longer Decide’By Zak Doffman
Echoing TSA’s warning, the team says “during travel, these risks multiply.” And it’s not just airports. “Hotels, ride-share hubs, and cafés all offer rich hunting grounds for attackers.” It’s worse overseas, but “major U.S. cities like Los Angeles, New York, Portland, Miami, and Seattle are seeing increased mobile malware activity.”
Responding to the public WiFi warning, Venn’s David Matalon told me “these risks go well beyond just mobile. As more employees work remotely from home offices or while traveling, they’re often using not just personal phones, but personal laptops as well.” All of which are now often connected to “unsecured networks.”
“For business travelers,” Zimperium says, “the risk is real: compromised devices can quickly become gateways into corporate environments, especially when security controls are not enforced or visibility is lacking.”
SlashNext’s J Stephen Kowski agrees: “Mobile devices are a prime target for attackers, especially when employees connect to unsecured WiFi or download apps from outside official stores. Security teams need to keep a close eye on all mobile endpoints and enforce strict controls to block risky connections and apps.”
ForbesDelete These Texts ‘Immediately,’ Police Forces WarnBy Zak Doffman
“The traditional perimeter is gone,” Venn says. “The Bring-Your-Own-Device (BYOD) reality for remote workers requires a shift in strategy: from securing the device to securing the work itself.” The tools are there, even if they’re not being used.
“Today’s technology enables organizations to isolate and protect work from any personal use on the same computer,” Venn says, “even if the network or device is compromised. It’s time to stop asking ‘if’ work data and apps will be exposed on a personal device and start planning for ‘when’ it happens.”
Zimperium says smartphone settings should be changed to “block connections to public unsecured WiFi,” with “over 5 Million Public Unsecured Global Wi-Fi networks found since beginning of 2025, with 33% of users connecting to public unsecured networks.”
 
				