A new F-Secure wi-fi investigation conducted on the streets of
London shows that consumers carelessly use public wi-fi without
regard for their personal privacy. In the experiment, which involved
setting up a ‘poisoned’ wi-fi hotspot, unsuspecting users exposed
their Internet traffic, their personal data, the contents of their
email, and even agreed to an outrageous clause obligating them to
give up their firstborn child in exchange for wi-fi use.
The independent investigation supported by Europol, was carried
out on behalf of F-Secure by the UK’s Cyber Security Research
Institute and SySS, a German penetration testing company. For the
exercise, SySS built a portable wi-fi access point from components
costing around 200 euros and requiring little technical know-how.
Researchers set the device up in prominent business and political
districts of London. They then watched as people connected, unaware
their Internet activity was being spied on.
In a thirty minute period, 250 devices connected to the hotspot,
most of them probably automatically without their owner realizing it.
33 people actively sent Internet traffic by carrying out web searches
and sending data and email. 32 MB of traffic were captured (and
promptly destroyed in the interest of consumer privacy). And in a
surprising finding that underscores the need for encryption, the
researchers found that the text of emails sent over a POP3 network
could be read, as could the addresses of the sender and recipient,
and even the password of the sender.
For a short period, the researchers introduced a Terms &
Conditions (T&C) page that needed to be accepted in order to use
the hotspot. The T&C included an outlandish clause that obligated
the user to give up their firstborn child or most beloved pet in
exchange for wi-fi use. In total, six people agreed to the T&C
before the page was disabled. The clause illustrated the lack of
attention people typically pay to T&C pages, which are often too
long to read and difficult to understand.
“We all love to use free wi-fi to save on data or roaming
charges,” says Sean Sullivan, Security Advisor at F-Secure,
who participated in the experiment. “But as our exercise shows,
it’s far too easy for anyone to set up a hotspot, give it a
credible-looking name, and spy on users’ Internet activity.” When
it comes to hotspots provided by a legitimate source, even those
aren’t safe, he says. Even if they aren’t in charge of the
hotspot, criminals can still use ‘sniffer’ tools to snoop on what
others are doing.
“The issue of wi-fi security is one that we at the European
Cybercrime Centre (EC3) at Europol are very concerned about,”
says Troels Oerting, Head of Europol’s EC3. “We
wholeheartedly support activities which shine light on this everyday
risk consumers face.”
The solution? Either stay away from public wi-fi – or use wi-Fi
security. With wi-fi security, your connection is invisible in the
wi-fi network and your data made unreadable by encryption. So even if
someone tries, they can’t tap into your data. F-Secure
Freedome is a wi-fi security product, or VPN, that creates a
secure, encrypted connection from your device and protects you from
snoops and spies, wherever you go and whatever wi-fi you use.
Still don’t believe that public wi-fi poses risks? Take a closer
look next time you’re faced with a Terms & Conditions page for
public wi-fi hotspot. “A good number of open wi-fi providers take
the time to tell you in their T&C that there are inherent
risks with wireless communications and suggest using a VPN,”
Sullivan says. “So if you don't take it from me, take it from
them.”
Comments
Post a Comment