How does a hacker in a public WIFI actually view your computer?

I've read that they can see what sites your viewing or even access your computer if you're connected on the same WIFI connection but how exactly?


Some clarifications should be made. Firstly, an attacker can only trivially perform the following techniques if the public Wi-Fi is totally unencrypted (which is to say, does not require a password) or is implementing the weak WEP privacy protocol. To ensure greater security, wireless networks can use the WPA or WPA2 certifications. As pointed out by @BlueRaja in the comments on this post, WPA and WPA2 use tougher security protocols, called TKIP and CCMP. Both WPA and WPA2 support TKIP, but only WPA2 supports CCMP, which is much more secure. In an ideal world, WPA2 using CCMP would be in use in all places. (There is also a whole world of room to talk about WPA2-Personal versus WPA2-Enterprise, but that is another question.) For the purposes of this answer, we'll assume that no password is present, and so the network is entirely unencrypted.

The answers by Spiff and diogo_rocha both point out packet sniffing, which is the simplest form of intrusion. A free program like tcpdump can be used to capture all of the data sent over the wireless connection, including both traffic to or from your computer. Thus, any unencrypted internet traffic to/from your computer can be transparently viewed, either at the time or later. In the simplest case, this includes every website you visit, but if the websites in question don't use HTTPS (the green lock symbol in your browser bar), this can include passwords and usernames. This is BAD.

Spiff mentioned weak intrusion points, either through VNC (or SSH on Unix-based machines) or known vulnerabilities. A tool like nmap can be used to quietly scan a machine for any services you may have left open, and can then be used to attempt to break into them. In particular, remote desktop and screen sharing allow for simple visual observation of all behaviour on your machine.

Unpatched exploits are worse. Using these, an attacker can run arbitrary code on your machine. Most commonly, this will involve installing some piece of spyware, such as a keylogger. Again, on an open wireless network, if you have such a vulnerability it can be quite simple to locate using nmap, and the Metasploit Framework provides free access to a huge number of known vulnerabilities. This is why security professionals and savvy computer users insist that you should always apply patches and updates ASAP, unless you have a very good reason not to. On a Windows machine, turn automatic updates on.

Additionally, mentioned by both @yosh m and @Scott Chamberlain, session hijacking became a major news item in the past few months, and this is also relatively simple to implement over open WiFi. For me to explain what this is, you need to understand that when you log-in to a site, your login is stored in a browser cookie, so that the website knows that each new connection is still you (this is an enormous oversimplification, but for space considerations I won't elaborate: see the firesheep link in this paragraph for more info). Unfortunately, if HTTPS is not used (or a man-in-the-middle attack is used to set up a false HTTPS connection, see next paragraph), these cookies are sent in plaintext and broadcast to the entire wireless network. Thus, anyone who is listening for it can catch that cookie, and piggyback on your session. This was implemented in a Firefox plugin called Firesheep. A great discussion from the author of the plugin is here: http://codebutler.com/firesheep-a-day-later , and you can find the plugin yourself with no real difficulty. The simplest way to protect yourself from this is to ensure that you are always using HTTPS to send your credentials and establish connections with authenticated services.

Finally, open wireless networks enable attacks known as Man-In-The-Middle attacks. These are when a machine intercepts your traffic intended for a third party, adjusts or records it, and then sends it on. This can be implemented when you believe you are using HTTPS, and as a result caution should be used on open wireless networks even when HTTPS would cause you to believe you are safe.

Although you didn't directly ask it, I'll quickly suggest the easiest way to avoid these problems: set up and use a VPN whenever you use an unsecured wireless network, and make sure you know how your firewall works. Both of these things can be investigated with a quick Google search, and should mitigate all of the problems I mentioned.


For a sobering (and scary) look at some of the things they can easily do, take a look at Steve Gibson's discussion of Firesheep located at http://steve.grc.com/2010/10/28/why-firesheeps-time-has-come/ - and also a discussion of how hotspot owners can easily protect against that exploit.


For seeing the sites you're viewing, they just have to run a packet sniffer tool that captures all the network traffic being transmitted over the air. Unencrypted HTTP traffic is simple to reconstruct.

As to viewing your computer, some people leave file sharing and/or Remote Desktop/VNC/Screen Sharing enabled with exceedingly weak passwords. It's also possible they could use known unpatched security exploits in your machine to gain access.


Another potential danger with public WiFi is the existence of "Rogue Access Points", especially the Evil Twin variant.

Simply put, an attacker creates a wireless access point with the same name and (spoofed) MAC address as a real AP near the victim's computer -- say, for example, Starbucks.

The attacker can then send de-authentication packets, causing all connected clients to disconnect from the real Starbucks network. When the affected devices attempt to reconnect, they will instead connect to the "Evil Twin" access point (so long as it is broadcasting a stronger radio signal).

An attacker can then perform a person-in-the-middle attack on affected devices, allowing for e.g. session hijacking and other attacks outlined by the above posters.