|Home page Technology|
We all know that we should be careful about connecting to free public Wi-Fi networks, although it’s an easy warning to forget about when you’re away from home and need to get online in a hurry.
But a new experiment by Czech security software makers Avast highlights why you really need to think twice before hitting up Wi-Fi from unknown sources. The company set up a bogus honeypot hotspot showing just how easy it is to seduce people into unwittingly giving up their personal data when they’ve connected to what looks like a legitimate network.
To create the trap, Avast set up their honeypot in a highly trafficked public location: a registration booth in Barcelona Airport for uber-massive tech trade-show Mobile World Congress (MWC). With close to 100,000 attendees annually, the event brings in droves of tech-using travellers, many of whom would be reliant on Wi-Fi hotspots to get online.
The company’s researchers set up three separate Wi-Fi hotspots in the airport with network names (SSIDs) designed to look like they were legit internet connections for travellers or conference visitors: "Starbucks", "Airport_Free_Wifi_AENA", and "MWC Free WiFi".
In only 4 hours, more than 2,000 people connected devices to the bogus Wi-Fi networks, sending and receiving some 8 million data packets. To protect people’s privacy, the company did not store any of the data, but the amount of information they were able to glean from unsuspecting users in this short timeframe shows how exposed we can be when we connect to Wi-Fi sources intentionally set up as network spoofing attacks.
Among the haul, Avast detected that: 61.7 percent of users searched for information on Google or checked their Gmail; 52.3 percent had the Facebook app installed; 14.9 percent visited Yahoo; and 1 percent used dating apps (Tinder or Badoo). What’s more, the researchers could see the identity of the device and user in almost two-thirds of the connections made.
"Many individuals recognise that surfing over open Wi-Fi isn’t secure. However, some of these same people aren’t aware that their device might automatically connect to a Wi-Fi network unless they adjust their settings," said Avast mobile president Gagan Singh. "With most Mobile World Congress visitors travelling from abroad, it’s not surprising to see that many opt to connect to free Wi-Fi in order to save money, instead of using data roaming services."
So what’s the solution? As Avast recommends, using a virtual private network(VPN) service to anonymise and encrypt your connections is a good start – and one that comes with the added bonus of stepping around any geo-blocking restrictions you might come across on your travels.
2016.02.25 / 21:10