Public Wi-Fi is becoming more and more popular. It’s becoming prominent absolutely everywhere, and almost everyone uses it when given the opportunity. But many people still seem to feel that public Wi-Fi networks are built to give the public free Wi-Fi access without having to make concession with their privacy, and this is in spite of growing evidence to the contrary. And based on the show of political support for Wi-Fi, one can extend this to include the perception of lawmakers.
So we here at F-Secure teamed up with ethical hacking firm Mandalorian and investigative journalist Peter Warren to conduct a little experiment that could highlight the risks that people (including politicians) take when they use public Wi-Fi.
The politicians, deliberately selected from the most powerful chambers in UK politics, were Rt. Hon. David Davis MP,Mary Honeyball MEP, and Lord Strasburger. The exercise was carried out with the permission of the politicians who, despite holding important positions within the different parliaments, admitted that they had received no formal training or information about the relative ease with which computers can be breached while using public Wi-Fi – a service they all admitted to using regularly.
The experiment saw Steve Lord (from Mandalorian) and Warren intercept various communications the politicians made while using public Wi-Fi hotspots. The duo set up malicious Wi-Fi hotspots using inexpensive, easily obtainable materials. The locations were everyday places that people visit regularly, such as cafes, hotels and offices, and in each case Warren and Lord successfully compromised the politicians’ devices. The experiment was designed to exploit the weaknesses inherent in Wi-Fi rather than weaknesses in the targets, making the security risks common to others using public Wi-Fi hotspots.
The experiment showed just how easy it was to monitor communications conducted over Wi-Fi, and information contained in calls, emails, and social media accounts were easily intercepted by Lord and Warren. Passwords and login details for different services were also easily obtained, essentially compromising access to various online services, such as social media and email accounts.
Wi-Fi Exposé Hits Home for Lawmakers
“I’ve used Wi-Fi all over Europe, so this is very worrying indeed. I need to use it in my work because I travel around a lot” said Honeyball. “I am surprised and shocked.”
Much of the information intercepted during the experiment, such as browsing history, seems harmless enough. But when this information is incorporated into hacking or other criminal enterprises, it can be used to launch highly effective attacks – such as spear-phishing campaigns, or various forms of identity theft.
“Well it’s pretty horrifying to be honest,” said Davis. “Gmail is pretty much my private conversation, so you were able to get into all of that, and quite frankly you would have been able to masquerade as me.”
Check out this podcast for more reactions and details about the experiment.