Public Wi-Fi is mostly safe from Heartbleed

April 30, 2014: 8:23 AM ET
How hackers beat the Heartbleed bug
NEW YORK (CNNMoney)

The Heartbleed Internet bug is still haunting websites worldwide, but it looks like public Wi-Fi is pretty safe.

That doesn't mean you should start banking on an open network -- that's still dangerous. However, you can connect your laptop or smartphone at most coffee shops, hotels and airports without worrying about hackers exploiting the Heartbleed bug on a Wi-Fi router to spy on you.

Most of the Wi-Fi devices used in public spaces are made by Cisco (CSCO)or Ruckus Wireles, (RKUS)and both companies say that hardware wasn't susceptible to the bug in security software.

The same thing goes for all Starbucks (SBUX)locations, as well as major airports like Denver International and Phoenix's Sky Harbor. None of them would specify what kind of equipment they use, citing security concerns. Las Vegas' McCarran International Airport said its wireless gear was vulnerable to the bug, but it updated its systems as soon as a fix was available.

Also safe: small businesses that use the same D-Link, Linksys and Netgear (NTGR) routers we use from home. None of those companies' Wi-Fi devices were affected either.

Related story: The Heartbleed bug, explained

Because Ruckus provides the wireless routers for several hotel chains and shops, many of the following locations are safe too:

  • Marriott
  • Hyatt
  • Mandarin Oriental
  • Intercontinental
  • Wyndham
  • Le Pain Quotidien

Consumers can breathe a sigh of relief. But that doesn't mean they should dismiss Heartbleed entirely. Servers at work could still be affected. And many computer systems rely on older hardware that might never be patched. A weakness somewhere is essentially a weakness anywhere. That's why security experts say you'll have to stay on your guard for weeks and months to come.

Change passwords often. Don't visit strange websites. And whenever possible, use a Heartbleed checker to see if a website still vulnerable to the bug.

Here's a handy list of major websites that have patched their systems, or never used the vulnerable security software.

Still, it's a smart bet to assume your online communication isn't secure unless a website specifically states it patched its systems for Heartbleed. Just about everything you do online -- email, social media, banking -- is still at risk. The Heartbleed bug affects gadgets everywhere. Companies are still updating firmware for their devices. Two weeks ago, there were still 150 million vulnerable apps running on Android smartphones, according to cybersecurity provider FireEye.

The danger is real. A hacker broke into Canada's tax records with Hearbleed and managed to steal personal information on 900 people.


Search for Jobs