Avast Wi-Fi Hack Experiment Finds “Reckless” User Behavior

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
I would make fun of these people but, the truth is, we've all logged on to some unknown wi-fi network when we really needed it.

For the experiment, Avast researchers set up Wi-Fi networks next to the Mobile World Congress registration booth at the Barcelona Airport. The Wi-Fi network names were “Starbucks”, “Airport_Free_Wifi_AENA“ and “MWC Free WiFi” — Wi-Fi names (SSIDs) that are either commonplace or that look like they were set up for the congress visitors. In just 4 hours, Avast saw more than 8 million data packets from more than 2,000 users. To protect people’s privacy, the researchers scanned the data, but did not store it.
 
Yup, it's hard to know who to trust, especially since it's so easy to make a Wifi access point look so much like the real thing. And even worse: sometimes even the "trusted" Wifi access points are hacked.

And this is why I treat my phone as a DMZ: only give it my credit card number, since that's not my money. But it's still the wild wild west out there.
 
people should utilize a VPN service that anonymizes their data while connecting to public hotspots to ensure that their connection is secure.

Avast SecureLine VPN for Android and iOS devices encrypts connections on unsecured public Wi-Fi and allows users to browse anonymously.


So this was just to "scare" people into buying their VPN solution?

I'm not too worried about connecting to a "free" WiFi with my phone. As long as I don't click on a "login" screen that installs malware, it's not really an issue.
So what if they see me connect to gmail , do a Google search or see I'm using an Android phone. Someone could figure that out just by looking over my shoulder.
All my email traffic is encrypted, as is any other important traffic. All they will see is just noise that doesn't matter.
 
dgingeri said:
Not me. When I need it, I use my phone. If I can't use that due to signal issues, I wait. I know better. I don't do ANYTHING over an unfamiliar network.
Click to expand...

This! I never do anything critical or personal on a public network. If they want to steal the info off my Clash of Clans/Star Wars they can. Can't tell you how many times I have seen people logged into banking websites on public airport wifi networks.

Use your phone or if it can wait, do it at home.
 
One dead give-away is that free access points provided by companies almost always have ToS disclaimers you must accept. Connect to a point called "Starbucks" and don't get one? Chances are you're dealing with a lazy person who didn't bother to spoof that.



Because SSID spoofing is so easy and devices can be installed in coffee cups for middleman attacks. Maybe they should come up with an accepted standard (Apple,Google,Microsoft) that would use some sort of certificate authority to verify an SSID-network once connected. The OS could then warn "this SSID could not be verified, you're at risk, continue?" Might require a different type of SSID though, one that requires registration.

It really needs to be taken out of the users hands as most people simply won't know the signs like the people here on [H].
 
Last edited:
Not really seeing the issue. How is this different from your data traveling over the other dozen + hops on the internet to a destination? If you data is not encrypted it can be intercepted by anyone in the chain... Short of the AP doing some packet injection so all my images load as goatse I don't really care that "someone" can see I visited facebook or that my device is a windows phone.
 
You must log in or register to reply here.
Back
Top