If You Use Someone’s Wi-Fi, Can They See Your Texts?

We can all agree about privacy being one of our top priorities when we are online. Whether you are a school student, an employee, or a tourist, you want to be sure no one can get to your texts and other private digital possessions when you connect to the Wi-Fi network in a school, workplace or some random public place. Many of us asked ourselves one or more of the following questions:

Can a teacher read my texts about mocking him when I’m connected to a school Wi-Fi?

Is there a way for the boss to find out I hate him and my job when I go online using a wireless connection at work and share my thoughts and feelings in a chat?

Is it easy for some hacker to read my screen and steal my data while I’m walking across a public square, chatting over a public Wi-Fi network?

Can my partner go through my messages at home without taking my phone, but exploiting the fact that we both share the same network?

The short answer is – mostly NO. However, it can be done using some reacharounds. 

If you want to learn how and why, what are the exceptions, and what needs to be done in order to read someone’s texts or screen contents, keep reading to the end of this blog.

How are your texts protected from hackers when you are online using Wi-Fi?

Mobile phone users send two types of text messages.

One is SMS (Short Messages Service) or MMS (Multimedia Messages Service) and the other are chat messages exchanged via some popular programs and platforms (Viber, WhatsApp, FB messenger etc.). PC users mostly use the latter.

SMS and MMS messages are transferred using a mobile signal, and their vulnerability has nothing to do with whether you use Wi-Fi or not.

Most chat apps and services use end-to-end encryption (E2EE). This means your messages get encrypted on your phone before being sent. They remain encrypted all the way to the end user’s device, where they are being decrypted back to the readable text. 

How can someone read my texts?

can someone read my texts

In order to read messages transferred using end-to-end encryption, an attacker must (1) either find a way to install some spy or remote control software on your phone, (2) intercept and then decrypt messages somewhere between the end-users, or (3) find a way to mimic the end-user, decrypt and read the message, then forward it to the end-user in order to avoid detection.

Let’s go from the top.

1.         There are many remote access software solutions like AnyDesk, TeamViewer, and others. But, to exploit them, an attacker needs to install them on your device and then allow connection with his device without you noticing it. If he somehow succeeds, he can pretty much see your screen and everything you do in real-time. He can even take over and control your device like his own. However, this has nothing to do with you being on the same Wi-Fi or not, or with you using Wi-Fi at all. This will work as long as you are online using any kind of internet connection.

Another type of software that can be used to read your texts is a keylogger. Keyloggers can be both hardware and software. 

The hardware version is a little device that plugs into your laptop or computer. It intercepts signals from your keyboard and stores them in internal memory or relays them to the attacker. These kinds of attacks are more likely to happen if you often use the same, publicly accessible computer in an internet café or library because the attacker needs to plug the device into the victim’s computer. 

Software keyloggers can be sent to the victim as attachments or hidden within some other file, but most security software will detect them and warn the user before letting them be installed. However, an unaware user can allow the installation manually, thus giving the attacker access to all the keyboard inputs.

2.         Even though being on the same Wi-Fi network can make intercepting encrypted messages a tiny touch easier, decrypting them is not an easy task. It requires very sophisticated hardware, software, and it is a time-consuming process. Unless you are on the most wanted list, there is very little chance you will have to deal with this kind of privacy invasion.

3.         Mimicking the end-user to get a decryption key is also one of the options to get your texts. This method is also known as Man-In-The-Middle (MITM). However, most of the end-to-end encryption protocols use some kind of endpoint authentication to prevent these kinds of attacks.

Also, it is worth mentioning that some of the less popular messenger services don’t use end-to-end encryption. This makes communication through them easy prey for the attackers.

How can I protect myself when I’m sharing Wi-Fi with unknown people?

There are a few simple things you can do in order to stay safe from unwanted people getting access to your device, chats, texts, and other private data.

Never leave your device unlocked and unattended.

This will prevent anyone from gaining physical access to your phone or computer, allowing him to bypass the security and install spy or remote control software. Use good, reliable VPN software.

A Virtual Private Network or VPN is a piece of software that virtually creates a private network. Using it, all your communication with the internet goes through an encrypted tunnel, making it very difficult to hack. 

Pay attention to the icon of the lock on the left side of your browser’s address bar. 

SSL protected

If it shows unlocked, don’t download anything and totally avoid it if possible.

The lock icon shows whether the website you are visiting has an SSL certificate or not. SSL stands for Secure Socket Layer. This protocol allows secure, encrypted communication between your browser and the server. 

Summary

Even if using the same Wi-Fi network doesn’t allow the owner to access your private data or read your texts, it can make you vulnerable to attacks. In order to prevent this, you can follow a few simple pieces of advice. First, don’t leave any of your devices unlocked and unattended. When you are connecting to the internet, use VPN software. Communicate through services that use end-to-end encryption like Viber, FB messenger or similar and avoid downloading files or interacting with websites without SSL certificates represented by a locked lock icon on the left of your address bar.

Leave a Comment