European Reseller

Helping bring new products to market

Tuesday, Mar 19th

Last updateFri, 16 Jun 2023 8am

You are here: Home Cloud European Users are Hungary for Free Wi Fi
Hand Held

European Users are Hungary for Free Wi Fi

web links

Europol has issued a warning about sending sensitive information over public Wi-Fi hotspots.

The warning comes in the light of a growing number of cyber attacks using personal information stolen through public Wi-Fi hotspots, Europol’s cyber crime centre head Troels Oerting told the BBC.

Attackers are increasingly using open insecure Wi-Fi to steal personal information including online banking credentials to commit fraud, he said.

Europol, which helps co-ordinate investigations into organised crime across Europe, is helping several EU member states that have seen attacks carried out on Wi-Fi networks.

Stolen data

"We have seen an increase in the misuse of Wi-Fi, in order to steal information, identity or passwords and money from the users who use public or insecure Wi-Fi connections," he said.

"We should teach users that they should not address sensitive information while being on an open insecure wi-fi internet.

 

Online bank login

Sensitive data should only be swapped via secure networks

"They should do this from home where they know actually the Wi-Fi and its security, but not if you are in a coffee shop somewhere you shouldn't access your bank or do all of these things that actually transfer very sensitive information."

These unsecured attacks are via rogue Wi-Fi hotspots set up by attackers to dupe victims into mistaking them for official public Wi-Fi hotspots and connecting to them.

This means attackers are able to monitor all communications through the rogue Wi-Fi access points and steal data exchanged with banks, retailers and other online service providers.

"Everything that you send through the Wi-Fi is potentially at risk, and this is something that we need to be very concerned about,” said Oerting.

The warning comes just months after the European parliament turned off its public Wi-Fi after it was discovered it was being hijacked to carry out man-in-the-middle attacks.

In such attacks, an intruder intercepts communications between two parties, usually a user and a website. The attacker can use the information accessed to commit identity theft or other types of fraud.

November 2013

In an experiment conducted in London during November 2013 by security firm First Base Technologies, none of the public participants were aware that hackers could set up rogue wireless access points or evil twins that masquerade as legitimate hotspots to be used for stealing personal information.

They were also surprised to discover that many details were exchanged with their online service provider in clear text and not in an encrypted form.

In another experiment conducted using security firm’s own private wireless network and a variety of smartphones apps, First Base Technologies was able to use easily available smartphone apps to attack other devices on the same network.

One of these apps forced victim devices to use the attacking phone as the gateway to the internet, which meant all traffic was sent through the attacking phone, and in many cases the app was able to strip the encryption from ‘secure’ connections.

When it comes to improving security around the use of mobile data connections for business communications, education is extremely important, said Peter Wood, chief executive at First Base Technologies.

“I am a strong believer in colleagues, employees and managers as intelligent people who can fulfil the role of human firewall,” he said.

Failure to involve people in maintaining security and relying on technical controls alone is risky, said Wood, because people will always go around controls if they do not fully understand the consequences.

“In most organisations there needs to be a greater understanding of the threats and risks, starting at the top, but the C-suite are almost always setting a bad example,” he said.

Providers of public Wi-Fi hotspots also have a role to play, said Wood, by ensuring they deploy technologies that can make their facilities 200 times more secure, which could be used as a selling point.

According to a recent Kaspersky Lab survey, 34% of people using a PC admitted to taking no special measures to protect their online activity when using a Wi-Fi hotspot, while only 13% take the time to actively check the encryption standard of any access point before they use it.

“What is encouraging from our survey is the fact only 14% were comfortable banking or shopping online when connected to an untrusted Wi-Fi hotspot,” said David Emm, senior security researcher at Kaspersky Lab.

“Taking charge yourself greatly reduces the window of opportunity for cybercriminals to profit from any lax Internet security,” he said.

Emm recommends that to reduce the risk of attack when using public Wi-Fi, all users should:

Use only trusted and secure Wi-Fi networks when doing anything confidential that involves typing a username and password, or transmitting confidential data.

Make sure, before signing in to any web site, that  it is secure by looking for ‘https’ in the URL and the unbroken padlock symbol as well as checking the security certificate.

Secure the computer used to access public Wi-Fi with a reputable Internet security product.

Protect all devices, including laptops, tablets, and smartphones.