Most Users Will Connect To An Open WiFi – If It Is Free

We are a data addicted culture.  This story is a testament to that fact.

Last month the security firm Avast tried an experiment.

They set up a series of open (meaning free and not password protected) WiFi hotspots at the Barcelona Airport as people were arriving for the Mobile World Congress.

Why?  To see if anyone would be foolish enough to connect to these unknown hotspots.

The researchers created WiFi network names like Airport_Free_Wifi_AENA and MWC Free Wifi.  Even Starbucks,.

So, did anyone connect?

Within a few hours, over 2000 users connected to the researchers fake network, so the answer to that question is, apparently, yes.

What did the researchers find out?

  • 50% were Apple users;  43% were Android users, so not much difference there
  • 61% went to Google or GMail
  • 15% visited Yahoo
  • 52% have the Facebook app (I am sure it wanted to phone home)
  • 1% used Tinder or Badoo (dating apps)

In almost 2/3 of the cases, the researchers were able to see the identity of the user and device.

So, what is the moral?

We are data hungry and like the fact that you see many people searching for an outlet at the airport (likely iPhone users;  Android users just swap batteries), users will search for any WiFi connection without thinking about whether they are practicing safe surfing.

And, at least for these 2,000+ users, the answer is that they were not practicing safe surfing.  If the researchers were hackers, they could have captured any unencrypted traffic – which in many cases includes all of your email.

In addition, using a man in the middle attack, they likely could read any encrypted traffic as well – banking, email, facebook, etc.

So just like yesterday’s post talking about Airplane WiFi, connecting to random, free, unprotected WiFi hotspots in public is about as safe as playing Russian Roulette with bullets in 5 chambers.  Generally, not recommended,


Information for this post came from ZDNet.

Leave a Reply

Your email address will not be published. Required fields are marked *