Slashdot Mirror

← Back to Stories (view on slashdot.org)

Airport Experiment Shows That People Recklessly Connect To Any Free Wi-Fi Spot (softpedia.com)

Posted by timothy on from the practice-safe-computing dept.

An anonymous reader writes: Avast carried out a curious experiment at the Barcelona Mobile World Congress. They've set up 3 public Wi-Fi spots at the local airport and waited to see how many users would connect. In just 4 hours, more than 2,000 users used the free hotspots, despite the fact that they knew nothing about the WiFi network, if it was safe, or who was running it. Researchers randomly logged some traffic stats just to prove a point about how easy is to hack users on a public WiFi network. They also recommended using a mobile VPN app when navigating the Web via public WiFi.

4 of 197 comments (clear)

  1. we use roads in the same way by turkeydance · · Score: 4, Interesting

    1. know very little about the road. 2. is it safe? (Marathon Man ref) who knows? 3. who's running it? Feds/State/local/private/etc? WiFi is asphalt for smartphones. full speed ahead.

  2. Please, Avast, continue! by Nicopa · · Score: 3, Interesting

    Please, continue this research and expand it to every airport! And make it a permanent thing!

    Seriously: Avast is a "security" company that sells security to those feeling "insecure". So it's in their best interest to keep that feeling, seeing threats where there are none. In this case... why should a public WiFi network be more trustworthy than any other network in the middle of the big Internet? You should be doing SSL/TLS, SSH, etc. by now everywhere and that's it.

  3. Re:Colour me unsurprised. by shawn2772 · · Score: 5, Interesting

    I use free wifi for browsing /. but not for doing banking

    That's backwards. Your bank's web site is authenticated, so your browser can fairly strongly verify that it's legitimate, and the data is encrypted and authenticated so it can't be modified. Browsing /. (or any non-TLS web site), on the other hand, is dangerous because the Wifi operator can inject whatever they like into the stream. Exploits that target your browser, drive-by downloads, ads, tracking cookies (for any site)... whatever they like.

    Unless your bank has screwed something up, you can safely do your banking on a hostile network, but browsing /. is risky.

  4. VPN Difficulties by brunes69 · · Score: 5, Interesting

    You know, I see constantly people advising that you use a VPN when connecting with pubic wifi, without anyone ever acknowledging the difficulty of this problem.

    You see, between when I click "Connect" on the public wifi click-through, and when I have time to connect my VPN client, probably 50 different applications on either my laptop or my mobile phone HAVE ALREADY likely detected a positive connection and reached out to the internet. Any or all of these connections could already be compromised, BEFORE I can even get my VPN connected.

    Until OS vendors like Microsoft, Apple, and Google recognize this problem and allow you to create a rule like "Never connect to non-local addresses over a route that traverses unencrypted wifi", this will continue to be a problem. I wish more people were discussing it, because I see no solution in sight. The closest thing to a solution is with Android you can use Tasker to automate connecting your VPN as soon as it can see the VPN server, but even at this point, at best it's a race against all the other processes on your phone firing up as well.