From 2017 free WiFi will be rolled out across a number of UK train operators, thanks to the Department for Transport’s £50 million initiative to increase WiFi on trains.
Raj Samani, CTO EMEA at Intel Security:
“While this will hugely benefit a number of commuters, who can work remotely during their journey to and from work, this also comes with significant security risks if the right precautions are not implemented,”
A Freedom of Information Request (FOI) uncovered that the DfT “has not linked receiving funding for the on-train Wi-Fi with including a specific cyber security strategy.” While the department will be providing some suggested cyber security guidelines, it is not a mandatory requirement for train operators to follow these in order to be deemed eligible for funding to launch open WiFi on their trains.
“I severely hope that despite the lack of mandatory guidelines, each individual train operator puts strict security measures in place to protect commuters who access their WiFi,” continued Samani.
“Free WiFi hotspots are a breeding ground for hackers and our latest demo has uncovered that there is a potential new threat set to hit users of public WiFi. Intel Security ran a demo using a fake WiFi hotspot and proved that those that access the network can be targeted with ransomware. The ransomware then lies dormant on the user’s computer until they return to the office and log on to the business network. The ransomware then activates and locks down network assets, holding them to ransom.
“Alongside the train operators, I urge commuters to take precautions when accessing public WiFi. Creating a virtual private network (VPN) is one of the best ways to keep your browsing session private.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.