Public Wi-Fi is everywhere now: coffee shops, airports, hotels, your school's guest network. It's convenient, but it's also one of the easiest places for an attacker to mess with you. This topic is about understanding who those attackers are, what tricks they pull on wireless networks, and what you can actually do to keep your data safe when you're connecting to a network you don't fully control.
Classifying Adversaries by Skill Level
Not every attacker is a hoodie-wearing genius in a dark basement. In cybersecurity, adversaries (the people or groups carrying out attacks) get grouped by how skilled they are, and that matters because it changes what they can do to you.
Low-Skilled Adversaries
Low-skilled adversaries don't write their own attack tools. They buy or download tools that other people made, often from shady online marketplaces or forums. These tools target known vulnerabilities, meaning security flaws that have already been discovered and documented (and usually already patched, if the victim bothered to update).
Think of someone downloading a ready-made Wi-Fi cracking app and pointing it at a neighbor's router. They don't really understand how it works under the hood. They just press buttons. These attackers are sometimes called "script kiddies" in the industry, and while they sound harmless, they cause a huge amount of real damage because their tools are cheap and easy to use.
High-Skilled Adversaries
High-skilled adversaries are a different threat entirely. They can:
- Build brand new attack tools from scratch
- Modify existing tools to dodge antivirus software and other defenses
- Discover zero days, which are vulnerabilities that nobody else knows about yet (not even the company that made the software)
A zero day is especially dangerous because there's no patch available. The defenders literally have "zero days" to prepare. Nation-state hackers and elite cybercriminal groups fall into this category.
Why Adversaries Attack
Skill level tells you what an attacker can do. Motivation tells you why they're doing it. The CED lists a handful of common motivations:
- Greed: Stealing money, credit card numbers, or cryptocurrency
- Desire for recognition: Hacking something flashy to brag about it
- Dedication to a cause: Often called "hacktivism," like attacking a company they think is doing something unethical
- Revenge: A fired employee going after their old company
- Politics or beliefs: Targeting governments, election systems, or ideological opponents
A single attack can mix motivations. Someone might hack a corporation for both money and political reasons. Knowing the motive helps defenders predict who's likely to be targeted and what the attacker is after.
Types of Wireless Cyberattacks
Wireless networks have specific weaknesses that wired networks don't. Three attacks are essential to know: evil twin, jamming, and war driving.
Evil Twin Attacks
In an evil twin attack, the attacker sets up their own wireless access point (WAP), which is the device that broadcasts a Wi-Fi signal. They give it a service set identifier (SSID), the network name you see in your Wi-Fi list, that looks identical or nearly identical to a real network.
Say you're at a Starbucks and the real network is Starbucks WiFi. An attacker sets up a network called Starbucks WiFi (same name) or Starbucks_Free_WiFi (close enough to fool you). You connect, thinking it's legit, and now all your traffic flows through the attacker's device. They can capture everything you send.
There's one big limit on this attack: encrypted protocols still protect your data. If you're browsing a site using HTTPS (the lock icon in your browser), the attacker sees that you're connecting to that site but can't read the actual content. They can't see your password or your messages. That's why HTTPS matters so much on public Wi-Fi.
Jamming Attacks
A jamming attack is the brute-force option. The attacker blasts a strong electromagnetic (EM) signal in the same frequency range your Wi-Fi uses (typically 2.4 GHz or 5 GHz). This drowns out the legitimate signal between the access point and the users. Nobody can connect, nobody can browse, nothing works.
Jamming is an example of a denial of service (DoS) attack. DoS attacks don't steal your data. They block you from using a resource. Imagine someone holding down an air horn next to two people trying to have a conversation. That's the vibe.
Jamming is illegal in most countries because it interferes with radio spectrum, but adversaries still use it, sometimes to force you off a secure network and onto an evil twin they've set up nearby.
War Driving
War driving is more about reconnaissance than direct attack. An adversary drives or walks around an area with a laptop or phone scanning for wireless network beacons (the signals access points broadcast to announce themselves). When they pick up a signal, they note:
- The type of wireless network (which security protocol it uses, like WPA2 or WPA3)
- How far the signal reaches, especially if it leaks outside the building it's supposed to serve
Why does this matter? If a company's Wi-Fi signal reaches into the parking lot, an attacker can sit in their car and try to break in without ever stepping inside. War driving builds a map of targets that the attacker can come back to later.
Protecting Your Data on Public Wi-Fi
Knowing the attacks is half the battle. The other half is what you actually do when you're sitting in an airport about to connect to free Wi-Fi.
Verify the Network Name Exactly
This is the simplest and most ignored step. Before joining a Wi-Fi network, confirm the SSID matches the network you actually intend to join. If the airport's official network is LAX-FreeWiFi, don't connect to LAX_Free_WiFi or LAX-FreeWiFi-Guest just because they show up in your list.
How do you check? Ask an employee, look for posted signage, or check the official website. This single habit defeats most evil twin attacks because the attacker is counting on you not paying attention.
Think About What Data You're Exposing
Most modern internet protocols are encrypted by default. HTTPS protects web browsing, modern email clients encrypt their connections, and messaging apps like Signal or iMessage encrypt end-to-end. So even on an unencrypted Wi-Fi network (one without a password, or with weak security), most of your traffic is protected.
But not everything is encrypted. DNS queries are a good example. Every time your device looks up a website's IP address ("what's the IP for instagram.com?"), that query is often sent in plaintext. Anyone watching the network can see which sites you're visiting, even if they can't read what you do there.
So the practical question becomes: how sensitive is what I'm about to do? Checking the weather on open Wi-Fi? Probably fine. Logging into your bank? Maybe wait until you're on a network you trust, or use extra protection.
Use a VPN
A virtual private network (VPN) is a service that encrypts all of your device's traffic and routes it through the VPN provider's servers before it goes out to the internet. From the perspective of anyone watching the local Wi-Fi (the evil twin attacker, the coffee shop, your ISP), they just see encrypted gibberish heading to the VPN.
This is powerful protection on public Wi-Fi. The attacker can't see your DNS queries, can't see which sites you visit, and can't capture data from any unencrypted apps you're using.
There's a catch, though, and the CED specifically calls it out: the VPN provider can see your traffic. You're not making your traffic invisible. You're shifting trust from the local network to the VPN company. If you use a sketchy free VPN, you might be handing your data to someone worse than the coffee shop. Choosing a reputable VPN provider matters.
Quick Comparison of Defenses
| Defense | Protects against | Limit |
|---|---|---|
| Verifying SSID | Evil twin attacks | Doesn't help if you mistype or rush |
| Relying on HTTPS/encryption | Traffic capture on open networks | Doesn't protect DNS queries or unencrypted apps |
| Using a VPN | Most local network snooping | VPN provider sees your traffic |
None of these defenses is perfect on its own. The strongest approach is layering them: verify the network name, stick to encrypted protocols, and use a trusted VPN for anything sensitive. That combination makes you a much harder target than the person sitting next to you who just tapped "connect" on whatever free Wi-Fi popped up first.
Vocabulary
The following words are mentioned explicitly in the College Board Course and Exam Description for this topic.Term | Definition |
|---|---|
adversary | An individual or entity that attempts to exploit vulnerabilities in systems, applications, or data to cause harm, steal information, or disrupt operations. |
cyberattack | A coordinated attempt by adversaries to disrupt, harm, steal, or destroy devices, networks, or data, typically executed through multiple phases. |
denial of service | A type of cyberattack that prevents legitimate users from accessing network resources or services. |
DNS queries | Requests sent to resolve domain names into IP addresses, which can reveal the websites a user is visiting. |
encrypted | Data that has been converted into a coded format to prevent unauthorized access or viewing. |
evil twin attack | A wireless cyberattack in which an adversary creates a fraudulent wireless access point with an SSID identical or similar to a legitimate network to trick users into connecting and capture their network traffic. |
high-skilled adversaries | Attackers with the capacity to create new malicious tools, modify existing ones, and discover undocumented vulnerabilities. |
HTTPS | A secure communication protocol that encrypts data transmitted between a user and a web server, protecting it from being read by unauthorized parties. |
jamming attack | A wireless cyberattack in which an adversary floods an area with a strong electromagnetic signal on the same frequency as a wireless network to prevent legitimate communication between the access point and users. |
known vulnerabilities | Security weaknesses in systems or software that have been identified and documented. |
low-skilled adversaries | Attackers who rely on existing malicious cyber tools purchased online to exploit known vulnerabilities. |
malicious cyber tools | Software or programs designed to compromise, damage, or gain unauthorized access to computer systems and networks. |
network traffic | The flow of data packets between devices on a network, including both inbound and outbound communications. |
sensitive data | Information that requires protection from unauthorized access, such as personal credentials, financial information, or private communications. |
service set identifier | The name of a wireless network that is broadcast by an access point to identify the network to potential users. |
unencrypted Wi-Fi networks | Wireless networks that do not use encryption to protect data transmitted between devices and the network. |
virtual private network | A service that encrypts all internet traffic from a user's device through a secure tunnel to the VPN provider's system. |
war driving attack | A wireless cyberattack in which adversaries detect wireless network beacons while driving or walking to gather information about networks and identify areas where wireless signals extend beyond physical buildings. |
wireless access point | A networking device that allows wireless devices to connect to a wired network and transmit data wirelessly. |
wireless network | A network that uses radio waves to connect devices without physical cables, allowing internet access through Wi-Fi. |
wireless network beacon | A signal broadcast by a wireless access point to advertise its presence and allow devices to discover and connect to the network. |
zero days | Undocumented or previously unknown vulnerabilities in software or systems that have not yet been patched or disclosed. |