How cautious are you when you use WiFi hotspots? How would you feel if you learned that you had just connected to an Evil Twin – a fake hotspot designed to steal your sensitive information? These are two of the questions Trend Micro got answers to in its 2013 Mobile Security Report. What it found won’t be reassuring for anyone who uses public WiFi hotspots.
Trend Micro teamed up with First Base Technologies to set up a series of Evil Twin hotspots in London. Hotspot users could only take part in the experiment if they consented to have their data collected. None of the participants knew beforehand about Evil Twin WiFi hotspots. And they didn’t know fake hotspots could be used to steal the information of users who connect to them.
That’s probably why the participants in the test were surprised to learn how easily ethical hackers could snatch their sensitive information from public WiFi locations. Of those surveyed, 22% said they access business e-mails on public hotspots and 10% check confidential documents. Equally alarming, usernames and passwords, coupled with their transactions on some websites, are all the kind of data cyber criminals routinely use to commit identity fraud.
Volunteer Victims React to Being Hacked After Connecting To An Evil Twin
Even though the experiment was a test, after being told they had unknowingly logged into an Evil Twin hotspot, the volunteer victims used words like these to describe their feelings: “Cautious, scared, paranoid, self-conscious, angry, worried, invaded, unsecure.”
Ten of the participants were interviewed by Dr. Chris Brauer, founder of the Centre for Creative and Social Technologies at Goldsmiths, University of London. When he asked them about the impact of learning there could be rogue WiFi networks in public places, they said:
- Their dignity was compromised by fears of knowing they could connect to Evil Twins.
- They felt an increased lack of trust in their physical environment.
- They worried about their liability for other people’s data than for their own – especially corporate data.
- Their worst fears about compromised data were about their bank details, followed by company secrets, email log-ins and intimate photographs or communications.
In spite of the risks of their behavior, seven out of 10 participants said they had connected to an unsecure WiFi hotspot. The ease which with researchers in this experiment were able to grab mobile users’ sensitive information should be another wakeup call for WiFi hotspot users everywhere.
According to Rik Ferguson, a major contributor to the study and the global vice-president of security research at Trend Micro, IT departments provide a VPN for employees to create a secure connection to enterprise networks. However, the same principle should apply to any individual accessing public WiFi; all should have access to the same technology. So if you’re not using a VPN like PRIVATE WiFi to encrypt your data, the same thing could happen to you. If it does, it won’t be a test and the hackers who get hold of your data won’t be wearing a white hat.