You arrive at the subway. You have coffee in one hand and your phone in the other. You quickly log into the Wi-Fi. Then, you fire off emails as you head to work. It’s a morning routine for many commuters in New York City, but it also poses hidden dangers.

Free public Wi-Fi has been available in all underground subway stations for nearly two years. Transit Wireless provides the service through a long-term contract with the MTA and NYC Transit. This allows commuters to stay connected as they move about the city. But as with any free and public Wi-Fi network, there are risks to using it.

“Like any product on the market, the system is hackable,” said expert Omri Admon. He is a corporate innovation specialist for SOSA. This is the firm tapped by the city Economic Development Corporation to launch its Global Cyber Center.

Transit Wireless and the MTA have taken precautions to mitigate the effects of hacking. They do as much as possible, Admon added. These precautions include the use of advanced encryption codes. They also perform automatic system reboots when an attack is suspected.

About 10.5 million people access the subway’s Wi-Fi each month, according to the MTA. Christopher McKniff, a spokesman for the transit authority, advised riders to utilize common sense. He suggested employing cybersecurity precautions as they would in any common space.

“The introduction of Wi-Fi and cell connectivity in the subway system has provided our customers with an enhanced experience. It has also offered additional capacity for emergency and trip planning communications,” he added. “As part of our efforts to modernize the system, riders can now keep up with work. They can access entertainment. They can utilize trip planning services. Additionally, they can contact family and friends.”

The two main concerns with public Wi-Fi, according to Admon, are “evil twin” and “man-in-the-middle” attacks.

A man-in-the-middle attack might involve a fake access page. This page looks similar or identical to the Transit Wireless Wi-Fi landing page. Once the user clicks through, the hacker can access the phone’s data.

“So if I type something that is a password or card information, that can definitely cause a problem. Any public network is in danger of that risk. This is especially true for networks used by so many people,” Admon said.

An evil twin attack, meanwhile, is when someone sets up a fake Wi-Fi network that has the exact same name as the authentic one to trick unsuspecting users into connecting to the wrong one. Additionally, if someone has previously logged into the authentic Wi-Fi and has automatic connect engaged on their phone, they could be instantly and unknowingly brought to the fraud network, where the hacker can then access the phone’s data.

While Transit Wireless does what it can to stop both types of hacking from occurring, commuters can also play an active role in avoiding cybersecurity attacks.

Amy McLaughlin, Transit Wireless’ general manager of Wi-Fi data and advertising, said the company’s chief goal is to provide a quality experience for riders while ensuring the network’s security.

“Public Wi-Fi is an open network meant for people to easily and seamlessly connect to the internet,” McLaughlin said. “Users looking to enhance their security while on a public network can use web addresses that begin with HTTPS, which provide added protection by sending their information through an encrypted tunnel. Additionally, users can use a virtual private network (VPN), which encrypts device traffic.”  

There’s also a free app, NYC Secure, that alerts users to potential threats on their device.

“It might tell you to disconnect from the Wi-Fi system or navigate away or uninstall an app,” Admon said. “So it’s kind of adding a layer of security.”

The city-funded, ad-free mobile app is operated by the NYC Cyber Command. This agency was created by Mayor Bill de Blasio in 2017. It works to prevent, detect, and respond to cyber threats.

Admon said education on the risks of using public Wi-Fi and the ways riders can protect themselves is also paramount.

“The main issue with cybersecurity is the human factor, so most of the hacks come through that,” he said. “Just as with any other technology, you just need to be smart about it and know what you’re logging into.”

By Lauren Cooklauren.cook@amny.com @L_Cook865