markrubens - Fotolia

One in four Wi-Fi hotspots vulnerable to attack, study finds

At least one in four Wi-Fi hotspots are open to attack, a study by Kaspersky Lab reveals

More than a quarter of Wi-Fi hotspots worldwide are not secured and pose a risk to users’ personal data, according to Kaspersky Lab.

The finding is based on the analysis of information on more than 31 million Wi-Fi hotspots around the world, which showed that traffic over 28% could be intercepted easily by hackers.

According to analysis by the cloud-based Kaspersky Security Network, 25% of Wi-Fi networks have no encryption or password protection of any kind.

This means the data passing through them is completely open and can be read by third parties. Another 3% of hotspots use WEP (Wired Equivalent Privacy) to encrypt data, which is an unreliable protocol that can be “cracked” in minutes using tools that are freely available on the internet.

The rest of the nearly three-quarters of Wi-Fi hotspots use a more reliable form of encryption based on the family of Wi-Fi Protected Access (WPA) protocols.

The effort required to hack these networks depends on the settings, including the strength of the password. For example, if it is a weak or publicly accessible password, a criminal will also be able to decrypt any traffic that is transmitted.

Security experts say all Wi-Fi connections should use strong encryption, such as the WPA2 encryption standard. Without strong encryption, there is a threat that if an attacker gains access to a wireless network, they can cause a lot of damage.

If attackers can intercept usernames/passwords, they could take control of computers on the Wi-Fi network, change browsing to websites that deliver malware or capture credentials, or use the Wi-Fi network to perform various anonymous or illegal activities.

Kaspersky Lab said the top 20 countries with the highest percentage of non-encrypted Wi-Fi hotspots includes many popular tourist destinations such as Thailand, France, Israel and the US.

Another study by the security firm shows that only 57% of internet users are concerned about their data being intercepted during a Wi-Fi session.

Read more about Wi-Fi security

  • Enterprise wireless security issues are popping up left and right, wreaking havoc on individuals and enterprises alike.
  • An IEEE group advocates random MAC addresses for increased Wi-Fi security, while networking pros say enterprise security is not strong enough for moving applications to the cloud.
  • A Wi-Fi deployment is the preferred method for network access for most enterprises; it is the InfoSec’s job to make that Wi-Fi secure.

“We advise all users to remain vigilant when connecting to Wi-Fi,” said Denis Legezo, antivirus expert at Kaspersky Lab.

“Don’t use hotspots without passwords and don’t use public hotspots to perform high-risk activities such as online banking or shopping, logging on to sites or for transferring confidential information,” he said.

Legezo warned that if transactional traffic is intercepted by a third party, it could result in serious financial and other losses.

“We strongly recommend using additional measures to protect traffic, such as VPN [Virtual Private Network] technology,” he said.

In 2014, Europol issued a warning about sending sensitive information over public Wi-Fi hotspots.

The warning was issued in the light of a growing number of cyber attacks using personal information stolen through public Wi-Fi hotspots, Europol said.

Europol also highlighted the risk of rogue Wi-Fi hotspots to dupe victims into mistaking them for official public Wi-Fi hotspots and connecting to them.

This means attackers are able to monitor all communications through the rogue Wi-Fi access points and steal data exchanged with banks, retailers and other online service providers.

Kaspersky Lab recommends that to reduce the risk of attack when using public Wi-Fi, all users should:

  • Use only trusted and secure Wi-Fi networks when doing anything confidential that involves typing a username and password, or transmitting confidential data.
  • Use a VPN whenever possible.
  • Make sure, before signing in to any web site, that it is secure by looking for ‘https’ in the URL and the unbroken padlock symbol, as well as checking the security certificate.
  • Secure the computer used to access public Wi-Fi with a reputable internet security product.
  • Protect all devices, including laptops, tablets and smartphones.

Read more on Privacy and data protection