According to a recent F-Secure investigation, it seems that consumers don’t care too much for their privacy & security when connecting to free, public Wi-Fi hotspots. The security firm conducted an investigation on the streets of London and discovered that consumers carelessly use public Wi-Fi without regard for their personal privacy.
The experiment involved setting up a ‘poisoned’ Wi-Fi hotspot where unsuspecting users exposed their Internet traffic, their personal data, the contents of their email, and even agreed to a clause which obliged them to give up their firstborn child in exchange for Wi-Fi use.
The independent investigation discovered that in a thirty minute period, 250 devices connected to the hotspot, with 33 people actively sending Internet traffic by carrying out web searches and sending data and email. Some megabytes of traffic were captured and it was found that the text of emails sent over a POP3 network could be read, as well as the sender and recipient, and even the password.
Sean Sullivan, Security Advisor at F-Secure, who participated in the experiment, said the following:
We all love to use free wi-fi to save on data or roaming charges. But as our exercise shows, it’s far too easy for anyone to set up a hotspot, give it a credible-looking name, and spy on users’ Internet activity.When it comes to hotspots provided by a legitimate source, even those aren’t safe
Criminals can still use ‘sniffer’ tools to snoop on what others are doing, even if the Wi-Fi hotspot is being set up by persons with good intentions. Troels Oerting, Head of Europol’s EC3, the company which conducted the investigation for F-Secure, also added his input:
The issue of wi-fi security is one that we at the European Cybercrime Centre (EC3) at Europol are very concerned about. We wholeheartedly support activities which shine light on this everyday risk consumers face.
The solution to avoid these problem is to stay away from public Wi-Fi or use Wi-Fi security. If you make use of Wi-Fi security tools, your connection becomes invisible and your data made unreadable by encryption. Sullivan also added that Wi-Fi providers themselves suggest using a VPN in their terms and conditions pages:
A good number of open Wi-Fi providers take the time to tell you in their T&C that there are inherent risks with wireless communications and suggest using a VPN. So if you don’t take it from me, take it from them.
So, knowing all this, how are you going to connect next time to public Wi-Fi next time? – with or without a security tool?