Scenario: I'm currently at a hotel and want to connect my Chromecast to the hotel's public Wi-Fi; however, it cannot automatically connect to it because it requires pressing an "Accept" button. I then use my laptop to connect to the public Wi-Fi and turn on the laptop's hotspot and then connect the Chromecast to the hotspot.
How likely is it that my laptop can be hacked merely using it as a hotspot?
To assess the risk, you have to understand the complications of using public Wi-Fi. The attack which might be happening is a Man-in-the-middle attack. So traffic you send and traffic you receive might be intercepted and changed or just read by someone else on the network.
Knowing this, whether or not your Laptop will be "hacked" depends on what you do with the received traffic. Do you have ports open to everyone in the same network or install software via this connection? Then the risk is higher, compared to just using a web service where no credentials are needed.
It is possible for an attacker to potentially compromise your device if you connect to an unsecured public Wi-Fi network.
If you connect to a public Wi-Fi network, your device is essentially on the same network as all the other devices that are also connected to that network.
As has been said by the previous answer your traffic can be listened to, intercepted and modified even when you are on a HTTP or HTTPS-secured site ssl-stripping-attack.
The risk factor becomes more plausible depending on what you are doing:
Are you running a vulnerable service listening on an open port?
Are you browsing using an unpatched browser version?
And there is the possibility of a zero day exploit that can compromise your browser/PC.
Simply using a public or hotel wifi without using a VPN makes your PC more readily available to a bad actor in the same network.
SSL Stripping
SSL Stripping is an attack that aims to demote the security of an HTTPS secured website by intercepting and altering the communication between a client and a server. The attack aims to exploit vulnerabilities in SSL/TLS connections, which are used to encrypt and secure communication over the internet.
This could be achieved by downgrading a more secures TLS to an insecure ssl Connection. So an attacker in close proximity in the same network can relay traffic between a user and web server using his own generated certificate and key for decryption.ssl stripping allows the attacker to create a bridge or proxy between the client and server thereby sniffing sensitive info without the users knowledge man-in-the-middle-attack.
Virtual Private Network (VPN)
Virtual Private Network is a network that allows you to create a secured and encrypted connection to another network over the internet. A VPN helps to protect against mitm by encrypting internet traffic of a user over a secured tunnel/channel, which makes it extremely d1ifficult for an attacker to decrypt the data and read the data (which to a second party is gibberish).
A VPN can also help in authenticating to the VPN server using a Digital certificate this help to verify you are connecting to the intended server rather than an insecure server set up by an attacker.
