Skip to navigation
Latest News

Europol warns: public Wi-Fi isn't safe


By Nicole Kobie

Posted on 7 Mar 2014 at 16:33

Public Wi-Fi isn't safe enough for banking and other sensitive online transactions, according to Europol.

The European policing agency is helping authorities in multiple countries deal with an increasing number of attacks that attempt to steal banking passwords and other identifying details over public Wi-Fi networks, Troels Oerting, the head of Europol's cyber crime centre, told the BBC.

"We should teach users that they should not address sensitive information while being on an open insecure Wi-Fi internet," he said. "They should do this from home where they know actually the Wi-Fi and its security; but if you are in a coffee shop somewhere you shouldn't access your bank, or do all of these things that actually transfer very sensitive information."

We should teach users that they should not address sensitive information while being on an open insecure Wi-Fi internet

The policing organisation's warning comes four years after the infamous Firesheep browser extension, which highlighted how easy it was to hijack Wi-Fi sessions by using a packet sniffer.

Kaspersky Lab researcher David Emm noted that such an attack could be run by a person sitting next to you on their laptop - but since the typical Wi-Fi router has a range of 100 metres, they could equally be sitting in a different building or in a nearby car park.

Aside from Firesheep-style sniffing, Oerting warned that hackers are also setting up fake hotspot login sites that allow them to run man-in-the-middle attacks, sitting between you and your bank, for example.

He added that the European Parliament had turned off its public Wi-Fi after uncovering a similar attack using its network.

Indeed, Emm points out that a man-in-the-middle attack "can be used to capture any confidential data you type in, get access to what’s on your device, install malware on the device or even use your device to distribute spam messages on their behalf."

Better late than never

The warning was "better late than never", according to F-Secure analyst Sean Sullivan.

He added that "this has been a concern for years - that's why sensible companies force employees to use VPN connections".

"Does insecurity stop me from using open hotspots? Nope, I use free Wi-Fi all the time," he said. "And I don't plan on changing that particular habit any time soon."

"If you want to use an open Wi-Fi hotspot to search for the latest sports scores - go for it," he added. "But if you want to check your bank balance, read your email, or have a private chat with your friends – get yourself a VPN service."

While that's sensible advice, Kaspersky Lab said a recent survey it conducted revealed that 34% of people took no "special measures" to protect themselves when on a public Wi-Fi network.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Not possible - except for the NSA

My understanding is that the man in the middle attacks weren't possible unless someone can forge the certificate. However, with the recent revelations of the "bugs" in both Apple products and Linux, such attacks are indeed "easy". Thank you NSA for making us vulnerable to such things.

By MJ2010 on 7 Mar 2014

This is one reason why I use a VPN to my home network, that said it's obviously only an option if you have a good enough connection.

Or is a VPN inadequate these days as well?

By tech3475 on 7 Mar 2014

100 meters range?!

>>but since the typical Wi-Fi router has a range of 100 metres

I would love to own a wifi hub that worked 100 meters away! Which model wifi is this? I work in an IT firm, and I'm sure many of our clients would be interested too.

Possibly you mean 100 *feet*. Or given the performance of some devices, possibly 100 *inches*.

By ANTIcarr0t on 8 Mar 2014


Couldn't agree more. 100m is a router from science fiction!

By sihaz2 on 9 Mar 2014


It is possible to intercept a wifi signal from 8 miles!

By stasi47 on 9 Mar 2014


MJ2010 mate ur a massive noob. SSLStrip is all you need and unless the victim checks for a HTTPS address he will never know.

By JammyGit on 10 Mar 2014

No password

no connection.

If the network isn't encrypted, don't join it.

By big_D on 10 Mar 2014


Man in the middle attacks on an open Wi-Fi connection are perfectly possible and have been demonstrated many times.

Also with the hacked cert authorities, it wouldn't be impossible to get a "valid" looking certificate to spoof the connection - although the desktop browser makers do a fairly good job of invalidating the certs, once it is known a cert authority has been cracked.

And as Jammy says, unless people know to look, they probably wouldn't even notice a crude MitM attack.

By big_D on 10 Mar 2014

Leave a comment

You need to Login or Register to comment.



Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing


Sponsored Links

Your email:

Your password:

remember me


Hitwise Top 10 Website 2010

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.