Security researchers with Avast Software set up a number of fake WiFi networks around Republican National Convention sites, and not surprisingly, thousands of attendees exposed themselves to the risk of being hacked.
In a day-long experiment, researchers set up open networks with names like “Google Starbucks,” “I vote Trump! free Internet,” and “Xfinitywifi” around the Quicken Loans Arena and at the Cleveland airport. More than 1,200 people connected, 70% of whom had their identities exposed.
Hackers can easily set up WiFi networks in the hopes that unsuspecting people connect to them. Once online, their web traffic, emails, and other data can be intercepted, since the hacker is in control of the network.
Many of the users Avast was tracking were using Facebook or Facebook messenger, Twitter, or messaging apps like WhatsApp. About 10% were browsing the Internet via their mobile web browser.
It’s important to note that many mobile apps use encryption by default, so if a user was using the Facebook app, for example, the traffic sent and received over the WiFi network was probably not sent in plaintext. However, normal web traffic through the browser typically is, though even if a secure protocol is used it can be fooled to do otherwise.
“With Washington heatedly discussing cybersecurity issues virtually every week, we thought it would be interesting to test how many people actually practice secure habits,” Gagan Singh, president of mobile at Avast, said in a statement. “Understanding the talking points behind these privacy issues is very different from implementing secure habits on a daily basis.”
The company ran this same test earlier this year at Mobile World Congress, with similar results.
The protection against such an attack starts with common sense: Don’t connect to WiFi networks you don’t really trust.
But if you must, stick with core mobile applications instead of working in a browser, and limit your usage of public WiFi to non-sensitive functions. You can also use a VPN to better protect your data, which travels through an encrypted tunnel from your phone to the Internet.