Airport Experiment Shows That People Recklessly Connect To Any Free Wi-Fi Spot (softpedia.com)

← Back to Stories (view on slashdot.org)

Airport Experiment Shows That People Recklessly Connect To Any Free Wi-Fi Spot (softpedia.com)

Posted by timothy on Monday February 22, 2016 @02:42PM from the practice-safe-computing dept.

An anonymous reader writes: Avast carried out a curious experiment at the Barcelona Mobile World Congress. They've set up 3 public Wi-Fi spots at the local airport and waited to see how many users would connect. In just 4 hours, more than 2,000 users used the free hotspots, despite the fact that they knew nothing about the WiFi network, if it was safe, or who was running it. Researchers randomly logged some traffic stats just to prove a point about how easy is to hack users on a public WiFi network. They also recommended using a mobile VPN app when navigating the Web via public WiFi.

14 of 197 comments (clear)

Min score:

Reason:

Sort:

I have hitch hiked before by invictusvoyd · 2016-02-22 14:47 · Score: 4, Insightful

But I always carry a concealed weapon
The Internet isn't "safe" by xaosflux · 2016-02-22 14:48 · Score: 4, Insightful

Why should anyone expect some random WLAN to be "safe" - they are trying to get to the Public Internet, this is just another Public inter-Network along the way.
1. Re:The Internet isn't "safe" by greenfruitsalad · 2016-02-22 23:46 · Score: 4, Insightful
  
  why should i expect it to be unsafe? email is via ssl/tls, chat apps are client-to-server encrypted, all eshops use ssl/tls, google search is by default via ssl/tls, cloud storage i encrypted in transit, so what could they have possibly gained by this devious man in the middle circus? list of websites i access and my http data?
Are people connecting to any free wifi hotspot? by PSXer · 2016-02-22 14:50 · Score: 5, Insightful

Or do their devices automatically do it for them?
Colour me unsurprised. by mjwx · 2016-02-22 14:57 · Score: 2, Insightful

Lets face it, people are dumb.

People would still take candy from strangers if we didn't drill it into them from a young age. Stupidity isn't limited to Wifi, it pervades everything people do.

However airports are strange. A lot of people are stuck there for some time with little to do. So free Wifi is a godsend, I admit, despite being quite security aware, that I've been a bit free and loose with connecting to airport Wifi when bored out of my skull at various airports (mostly Australian ones who didn't have free Wifi until recently).

Free Wifi isn't inherently unsafe, but must be treated with suspicion. However most people wont, so back to my original point... People are dumb.

--
Calling someone a "hater" only means you can not rationally rebut their argument.
1. Re:Colour me unsurprised. by Austerity+Empowers · 2016-02-22 15:00 · Score: 3, Insightful
  
  Not always easy to know what the name of the freewifi service is in an airport you are not familiar with too. All you really know is you're not going to PAY for one, so it's either free or you're tethering. But which one is the free one?
2. Re:Colour me unsurprised. by mjwx · 2016-02-22 15:06 · Score: 4, Insightful
  
  Not always easy to know what the name of the freewifi service is in an airport you are not familiar with too. All you really know is you're not going to PAY for one, so it's either free or you're tethering. But which one is the free one?
  That's kind of my point.
  
  How are you to know the difference between a legit and non legit network if they're both named "LAX Public Wifi".
  
  You should really be suspicious of any Wifi network you dont control or at the very least, know the owners on a personal level. I use free wifi for browsing /. but not for doing banking or anything else that could potentially harm me, but as a sysadmin, I'm mindful of such things where as the average Joe isn't.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
3. Re:Colour me unsurprised. by toonces33 · 2016-02-22 15:33 · Score: 4, Insightful
  
  For random browsing of the news, it might be fine. But the other problem with free WiFi in places like airports is that kids will start streaming music and videos and it will be dog slow.
  In reality, I am not sure if there is much difference between free WiFi at an airport and free WiFi at a hotel or a coffee shop. They are all effectively the same thing from an insecurity perspective.
4. Re:Colour me unsurprised. by Wycliffe · 2016-02-22 17:07 · Score: 5, Insightful
  
  People would still take candy from strangers if we didn't drill it into them from a young age. Stupidity isn't limited to Wifi, it pervades everything people do.
  This "drilling" does very little to actually stop abductions. First off, most abductions are not strangers but rather someone they already know. Secondly, they've done experiments and kids will readily go with someone with a puppy/kitten if they tell them they have more in the back of their van.
  The "don't talk to strangers" is completely silly. The one safety tip I try to teach my kids is that if they get lost to immediately walk up to the first stranger they see and ask for help. Don't wait for a stranger to come to you. If you pick the stranger then the odds of picking a bad person are slim to none but if they pick you then the odds of them being a bad person are significantly higher.
False security by HeadSoft · 2016-02-22 14:59 · Score: 5, Insightful

Always assume all networks are insecure. You're always correct.
Why shouldn't it be safe? by hawguy · 2016-02-22 15:08 · Score: 5, Insightful

The bigger question is, why shouldn't it be safe to connect to any random Wifi hotspot? Literally everything should be using https by now, SSL certs are even available for free, so there's no excuse not to. I often connect to public Wifi hotspots (and use a VPN since I know that everything is *not* secured with SSL) and there's really no other option (other than "never use public wifi hotspots") since there is no way to know whether the "Starbucks" or "Starbucks - SFO" or "Starbucks - Public" SSID is the legitimate one.
Re:HTTPS or SSL isn't enough? by guruevi · 2016-02-22 15:20 · Score: 3, Insightful

Who do you trust as a reliable Internet provider? You're better off just deleting all root certificates (if you're that kind of paranoid) and make exceptions for every single site you visit.
OR you could just do like me: you don't store information that matters in places you don't have full control over.

--
Custom electronics and digital signage for your business: www.evcircuits.com
You cannot recognize "safe" WiFi by gweihir · 2016-02-22 16:12 · Score: 4, Insightful

In most circumstances you cannot recognize or verify that a given public WiFi network is safe. What you do instead is assume it is non-safe and use secure communication technologies, like SSH, VPN links, etc. This has been known for ages.
Incidentally, logging traffic is not "hacking".

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Why would that be a reckless behaviour? by Afty0r · 2016-02-23 01:23 · Score: 3, Insightful

If I want my packets sending to other hosts on the internet, I connect to wifi to do it. Or my ISP. Or my friends ISP. Or my works network. They're just packets being routed - if people are sending *sensitive* packets IN THE CLEAR on anybody's network - including their own internet connection at home or at work - then that is the problem. Not the network, which you shouldn't trust anyway.