Slashdot Mirror

← Back to Stories (view on slashdot.org)

Simple Rogue WiFi Hotspot Captures High Profile Data

Posted by samzenpus on from the protect-ya-neck dept.

jones_supa writes Gustav Nipe, president of Sweden's Pirate Party's youth wing, was successful with somewhat trivial social engineering experiment in the area of the Sälen security conference. He set up a WiFi hotspot named "Öppen Gäst" ("Open Guest") without any kind of encryption. What do you know, a large amount of unsuspecting high profile guests associate with the network. Nipe says he was able to track which sites people visited as well as the emails and text messages of around 100 delegates, including politicians and journalists as well as security experts. He says that he won't be revealing which sites were visited by specific experts, as the point was just to draw attention to the issue of rogue network monitoring. The stunt has already sparked criticism in Swedish newspapers and on social media, with some angry comments saying that Nipe breached Sweden's Personal Data Act.

6 of 67 comments (clear)

  1. You want to protect your data? by ArcadeMan · · Score: 5, Insightful

    If you want to protect your data, don't connect to an open WiFi hotspot.

    Also, shame on the so-called "security experts" who used it.

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:You want to protect your data? by Cramer · · Score: 5, Insightful

      Are you 100% certain the cnn.com you think you asked for a page is actually cnn.com and not some i'm-gonna-fill-your-browser-full-of-malware spoof?

    2. Re:You want to protect your data? by TheRaven64 · · Score: 3, Insightful

      I wonder how many people would actually notice if they got SSL errors for Google addresses and how many would just click 'accept' and move on.

      --
      I am TheRaven on Soylent News
    3. Re:You want to protect your data? by retroworks · · Score: 4, Insightful

      Agree with this AC.

      What I'm more concerned about and don't know the answer to are the Smart Phone apps which may check for their own "updates" while I'm on a sinister wifi hotspot. Will a "Bank of App" program open an auto update query in the background, and disclose any details I don't intend it to? I never "save passwords" and rarely enter them in unknown wireless environments.

      The Swedish guy probably did a public service, but the alarms seem aimed at people who don't know the risks. "Never use wifi, and never read CNN online" hyperbole just fatigues people and causes people to treat it as an acceptable risk rather than something they can cope with through caution. The "what if its a fake CNN site" question is a totally separate problem which could occur on a verified hotspot, or wired account... And so what if it's a fake CNN site? They get my lowest concern throwaway password, as I have no money at CNN. I too always am careful which sites I go to on public wifi hotspots.

      --
      Gently reply
  2. Hackers Obey the Law!! by muphin · · Score: 5, Insightful
    i like the quote:

    with some angry comments saying that Nipe breached Sweden's Personal Data Act

    like hackers really care about obeying laws?

    --
    It's not a typo if you understood the meaning!
    1. Re:Hackers Obey the Law!! by bunratty · · Score: 2, Insightful

      Most people who go to prison don't particularly care about obeying laws. That attitude doesn't seem to result in much leniency from the courts.

      --
      What a fool believes, he sees, no wise man has the power to reason away.