Home
 » ISP News » 
Sponsored

F-Secure Warns – UK People Ignore Privacy via Careless Use of Public WiFi

Tuesday, September 30th, 2014 (8:20 am) - Score 408
wifi uk internet security

The potential security risks of accessing a public WiFi hotspot are nothing new and yet a new F-Secure study of consumers in London has discovered that many users are continuing to connect themselves, without first checking the hotspots validity, to so-called “poisoned” wireless Internet access points (designed to steal your data).

On this occasion the poison hotspots were actually setup by anti-virus firm F-Secure, with help from SySS and the UK’s Cyber Security Research Institute, as part of an experiment to see how many unsuspecting users might expose their personal Internet traffic and emails to data thieves.

As part of the exercise SySS built a portable wifi access point from easily found components costing £150+ and these were then positioned in several “prominent business and political districts” of London. Comically one of the clauses that users of the poisoned hotspots needed to agree before they could get online was one that obligated them to “give up their firstborn child” in exchange for wifi use (seems like a fair trade) and apparently 6 people agreed to this before the page was disabled. As usual very few people ever read T&C’s, which are generally long, complex and often confusing hulks of text.

The hotspots then began to wait and over a period of 30 minutes some 250 devices connected (many were probably doing so automatically and perhaps without the owner realising), while 33 people actively made use of Internet traffic on the poisoned service (e.g. web searches, email etc.). Some 32MB (MegaBytes) of data was captured and later destroyed in the interests of consumer privacy.

The researchers also noted that the text of emails sent over their hotspot via POP3 networks could be read, including the addresses being used and surprisingly even the passwords! This is probably because the owners had not enabled encryption or were using an email server that didn’t support it (these are still quite common).

Sean Sullivan, Security Advisor at F-Secure, said:

We all love to use free wi-fi to save on data or roaming charges. But as our exercise shows, it’s far too easy for anyone to set up a hotspot, give it a credible-looking name, and spy on users’ Internet activity.”

Sullivan notes that even hotspots provided by a legitimate source aren’t safe because criminals can still use “sniffer” tools to snoop on what others are doing. At this point F-Secure starts to promote its own products as the solution, although we have a few other tips that might help.

Firstly, never allow your device to “connect automatically to accessible hotspots within range“, this feature should always be disabled as otherwise you’re just asking for trouble. Always check the hotspot manually before you connect.

In addition, if you’re planning to do any work or exchange sensitive info. then do it from behind a Virtual Private Network (VPN) and make sure the data on your computer is secure (we always try to keep anything sensitive encrypted locally and there are lots of apps for doing that).

Ultimately a little paranoia goes a long way when considering your interactions with any form of open public network because the potential for abuse is significant. This is one of the reasons why we prefer Mobile Broadband links to public WiFi, wherever possible.

Add to Diigo
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
0 Responses

Comments are closed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £21.00 (*25.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: £50 Shopping Voucher
  • TalkTalk £21.95 (*36.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited (FUP)
    Gift: None
  • Post Office £22.90 (*37.00)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2535)
  2. FTTP (2255)
  3. FTTC (1677)
  4. Building Digital UK (1616)
  5. Politics (1444)
  6. Openreach (1432)
  7. Business (1258)
  8. Statistics (1111)
  9. FTTH (1106)
  10. Mobile Broadband (1058)
  11. Fibre Optic (978)
  12. Ofcom Regulation (922)
  13. 4G (919)
  14. Wireless Internet (918)
  15. Virgin Media (870)
  16. EE (604)
  17. Sky Broadband (601)
  18. TalkTalk (586)
  19. Vodafone (534)
  20. 3G (418)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact