A Wi-Fi hack experiment conducted at various locations at or near the Republican National Convention site in Cleveland, US, underlines how risky it can be to connect to public Wi-Fi without protection from a VPN.
The exercise, carried out by security researchers at Avast, an anti-virus firm, revealed that more than 1,000 delegates were careless when connecting to public Wi-Fi.
Attendees risked the possibility of being spied on and hacked by cybercriminals or perhaps even spies while they checked their emails, banked online, used chat and dating apps, and even while they accessed Pokemon Go.
Avast researchers set up fake Wi-Fi networks at various locations around the Quicken Loans Arena and at Cleveland Hopkins International Airport with fake network names (SSIDs) such as “Google Starbucks”, “Xfinitywifi”, “Attwifi”, “I vote Trump! free Internet” and “I vote Hillary! free Internet” that were either commonplace across the US or looked like they were set up for convention attendees.
Of the people connecting to the fake candidate name Wi-Fi in Cleveland, 70 per cent connected to the Trump-related Wi-Fi, 30 per cent to the Clinton-related Wi-Fi.
With mobile devices often set to connect to known SSIDs automatically, users can overlook the networks to which they are connecting. Although convenient, this feature is eminently easy to exploit by cybercriminals who set up a false Wi-Fi network with a common SSID. Moreover, web traffic can be visible to anyone on any Wi-Fi network that is unencrypted. Any Wi-Fi that does not require a password is a risk.
In its day-long experiment Avast saw more than 1.6Gbps transferred from more than 1,200 users. Some 68.3 per cent of users‘ identities were exposed when they connected, and 44.5 per cent of Wi-Fi users checked their emails or chatted via messenger apps. The researchers scanned the data, but did not store it or collect personal information.
Avast learned the following about the Republican National Convention attendees:
- 55.9 per cent had an Apple device, 28.4 per cent had an Android device, 1.5 per cent had a Windows Phone device, 3.4 per cent had a MacBook laptop and 10.9 per cent had a different device
- 13.1 per cent accessed Yahoo Mail, 17.6 per cent checked their Gmail inbox, and 13.8 per cent used chat apps such as WhatsApp, WeChat and Skype
- 6.5 per cent shopped on Amazon, and 1.2 per cent accessed a banking app or banking websites like bankofamerica.com, usbank.com, or wellsfargo.com
- 4.2 per cent visited government domains or websites
- 5.1 per cent played Pokemon Go
- 0.7 per cent used dating apps like Tinder, Grindr, OKCupid, Match and Meetup
- 0.24 per cent visited pornography sites like Pornhub.com
“With Washington heatedly discussing cybersecurity issues virtually every week, we thought it would be interesting to test how many people actually practice secure habits,” said Gagan Singh, president of mobile at Avast.
“Understanding the talking points behind these privacy issues is very different from implementing secure habits on a daily basis. Though it is not surprising to see how many people connect to free Wi-Fi, especially in a location with large crowds such as this, it is important to know how to stay safe when connecting. When joining public Wi-Fi, consumers should utilize a VPN service that anonymizes their data while connecting to public hotspots to ensure that their connection is secure.” ®