Europol warns: public Wi-Fi isn't safe

7 Mar 2014
Wi-Fi

Packet-sniffing and man-in-the-middle attacks prompt police agency warning

Public Wi-Fi isn't safe enough for banking and other sensitive online transactions, according to Europol.

The European policing agency is helping authorities in multiple countries deal with an increasing number of attacks that attempt to steal banking passwords and other identifying details over public Wi-Fi networks, Troels Oerting, the head of Europol's cyber crime centre, told the BBC.

"We should teach users that they should not address sensitive information while being on an open insecure Wi-Fi internet," he said. "They should do this from home where they know actually the Wi-Fi and its security; but if you are in a coffee shop somewhere you shouldn't access your bank, or do all of these things that actually transfer very sensitive information."

We should teach users that they should not address sensitive information while being on an open insecure Wi-Fi internet

The policing organisation's warning comes four years after the infamous Firesheep browser extension, which highlighted how easy it was to hijack Wi-Fi sessions by using a packet sniffer.

Kaspersky Lab researcher David Emm noted that such an attack could be run by a person sitting next to you on their laptop - but since the typical Wi-Fi router has a range of 100 metres, they could equally be sitting in a different building or in a nearby car park.

Aside from Firesheep-style sniffing, Oerting warned that hackers are also setting up fake hotspot login sites that allow them to run man-in-the-middle attacks, sitting between you and your bank, for example.

He added that the European Parliament had turned off its public Wi-Fi after uncovering a similar attack using its network.

Indeed, Emm points out that a man-in-the-middle attack "can be used to capture any confidential data you type in, get access to what’s on your device, install malware on the device or even use your device to distribute spam messages on their behalf."

Better late than never

The warning was "better late than never", according to F-Secure analyst Sean Sullivan.

He added that "this has been a concern for years - that's why sensible companies force employees to use VPN connections".

"Does insecurity stop me from using open hotspots? Nope, I use free Wi-Fi all the time," he said. "And I don't plan on changing that particular habit any time soon."

"If you want to use an open Wi-Fi hotspot to search for the latest sports scores - go for it," he added. "But if you want to check your bank balance, read your email, or have a private chat with your friends – get yourself a VPN service."

While that's sensible advice, Kaspersky Lab said a recent survey it conducted revealed that 34% of people took no "special measures" to protect themselves when on a public Wi-Fi network.

Read more

News