Slashdot Mirror

← Back to Stories (view on slashdot.org)

Airport Experiment Shows That People Recklessly Connect To Any Free Wi-Fi Spot (softpedia.com)

Posted by timothy on from the practice-safe-computing dept.

An anonymous reader writes: Avast carried out a curious experiment at the Barcelona Mobile World Congress. They've set up 3 public Wi-Fi spots at the local airport and waited to see how many users would connect. In just 4 hours, more than 2,000 users used the free hotspots, despite the fact that they knew nothing about the WiFi network, if it was safe, or who was running it. Researchers randomly logged some traffic stats just to prove a point about how easy is to hack users on a public WiFi network. They also recommended using a mobile VPN app when navigating the Web via public WiFi.

7 of 197 comments (clear)

  1. Are people connecting to any free wifi hotspot? by PSXer · · Score: 5, Insightful

    Or do their devices automatically do it for them?

  2. False security by HeadSoft · · Score: 5, Insightful

    Always assume all networks are insecure. You're always correct.

  3. Why shouldn't it be safe? by hawguy · · Score: 5, Insightful

    The bigger question is, why shouldn't it be safe to connect to any random Wifi hotspot? Literally everything should be using https by now, SSL certs are even available for free, so there's no excuse not to. I often connect to public Wifi hotspots (and use a VPN since I know that everything is *not* secured with SSL) and there's really no other option (other than "never use public wifi hotspots") since there is no way to know whether the "Starbucks" or "Starbucks - SFO" or "Starbucks - Public" SSID is the legitimate one.

  4. Re:I have hitch hiked before by KGIII · · Score: 5, Informative

    Here's the actual announcement from Avast:
    https://press.avast.com/en-us/...

    That has all you might need. No need to hitch off this softpedia site. They're not adding any value over reading the press release and they don't even include a link (or I didn't see it in their layout) to the original press report. It's the internet, linking is kind of important. Maybe they want to pretend it's exclusive content or real journalism? I dunno... Screw it, avoid entering the unknown and go to a verified source - like the message of the article.

    --
    "So long and thanks for all the fish."
  5. Re:Colour me unsurprised. by shawn2772 · · Score: 5, Interesting

    I use free wifi for browsing /. but not for doing banking

    That's backwards. Your bank's web site is authenticated, so your browser can fairly strongly verify that it's legitimate, and the data is encrypted and authenticated so it can't be modified. Browsing /. (or any non-TLS web site), on the other hand, is dangerous because the Wifi operator can inject whatever they like into the stream. Exploits that target your browser, drive-by downloads, ads, tracking cookies (for any site)... whatever they like.

    Unless your bank has screwed something up, you can safely do your banking on a hostile network, but browsing /. is risky.

  6. Re:Colour me unsurprised. by Wycliffe · · Score: 5, Insightful

    People would still take candy from strangers if we didn't drill it into them from a young age. Stupidity isn't limited to Wifi, it pervades everything people do.

    This "drilling" does very little to actually stop abductions. First off, most abductions are not strangers but rather someone they already know. Secondly, they've done experiments and kids will readily go with someone with a puppy/kitten if they tell them they have more in the back of their van.
    The "don't talk to strangers" is completely silly. The one safety tip I try to teach my kids is that if they get lost to immediately walk up to the first stranger they see and ask for help. Don't wait for a stranger to come to you. If you pick the stranger then the odds of picking a bad person are slim to none but if they pick you then the odds of them being a bad person are significantly higher.

  7. VPN Difficulties by brunes69 · · Score: 5, Interesting

    You know, I see constantly people advising that you use a VPN when connecting with pubic wifi, without anyone ever acknowledging the difficulty of this problem.

    You see, between when I click "Connect" on the public wifi click-through, and when I have time to connect my VPN client, probably 50 different applications on either my laptop or my mobile phone HAVE ALREADY likely detected a positive connection and reached out to the internet. Any or all of these connections could already be compromised, BEFORE I can even get my VPN connected.

    Until OS vendors like Microsoft, Apple, and Google recognize this problem and allow you to create a rule like "Never connect to non-local addresses over a route that traverses unencrypted wifi", this will continue to be a problem. I wish more people were discussing it, because I see no solution in sight. The closest thing to a solution is with Android you can use Tasker to automate connecting your VPN as soon as it can see the VPN server, but even at this point, at best it's a race against all the other processes on your phone firing up as well.