Security Alert Kaspersky Lab: A Quarter of Wi-Fi Hotspots Are Unsecured


Community Manager
Staff member
Oct 23, 2012
Over a quarter of Wi-Fi hotspots around the world are unsecured and pose a major risk to users’ data, according to new research from Kaspersky Lab.

The Russian AV vendor analyzed info on over 31 million such hotspots worldwide and discovered that 25% have no encryption or password protection of any kind – leaving them wide open to abuse by cyber-criminals.

A further 3% are running WEP (Wired Equivalent Privacy) to encrypt data, but this outdated platform can be cracked within minutes, the vendor claimed.

As for the remaining 72% of Wi-Fi-hotpots, they run the harder-to-hack Wi-Fi Protected Access (WPA) protocol. However, they’re still vulnerable to hackers if the password isn’t strong enough, or if it’s publicly available in a shared location like a café or airport.

In fact, as we approach the busy holiday season, travelers would be minded not to use such public hotspots to access any online accounts, as hackers might be ready to pounce.

Kaspersky Lab claimed that the top 20 countries with the highest percentage of non-encrypted Wi-Fi hotspots include many popular tourist destinations such as Thailand, France, and the US.

The vendor’s anti-virus expert, Denis Legezo, urged consumers to remain vigilant when using Wi-Fi out and about.

“Don’t use hotspots without passwords and don’t use public hotspots to perform high-risk activities such as online banking or shopping, logging on to sites or for transferring confidential information,” he advised.

“If that sort of traffic is intercepted by a third party, it could result in serious losses, including financial ones. And of course, we strongly recommend using additional measures to protect traffic, such as Virtual Private Network (VPN) technology.”

It’s not clear the message is getting through, however, with another study by the Russian AV firm claiming 71% of consumers use insecure public Wi-Fi in cafés, bars and fast food restaurants, and 15% use it to shop, bank, or make payments online.

Just 13% said they use a VPN – something all businesses should provide for their mobile workforce today.

The study echoes similar findings from iPass earlier this month, which claimed that nearly half (42%) of mobile workers still access corporate networks via free Wi-Fi hotspots.


Another important thing to remember is to never make any form of payment/sensitive information transfer (e.g. even signing into an account) from an unsecured network unless the website is HTTPS secured, since if anyone can connect onto the network and you are not using HTTPS secured websites, they can sniff the network with software such as Wireshark and use this to their advantage to actually sniff out the details you have been sending over to the websites.

For example, if you have an unsecured network in your Home, a neighbour can remotely sniff the network by connecting to it (if they have the range), then steal credentials to websites you've signed into which are not HTTPS secured.

However, best use a secured network as opposed to a free un-secure hotspot/network anyway. Of course, that would be the safer and better option. ;)


Level 7
May 22, 2016
For example, if you have an unsecured network in your Home, a neighbour can remotely sniff the network by connecting to it (if they have the range), then steal credentials to websites you've signed into which are not HTTPS secured.

That is a fact , and maybe for city dwellers there is the added risk from " wardrivers " and they will have the range ,
because they'll be well tooled-up with powerful external network adapters / antennas .

Here's a few easy-to-do things that often get overlooked on router/wi-fi advice sites :-

Disable WPS
It is usually there by default for convenience , but it is also a major security hole .
If you need to add a network device the lazy way then enable WPS , but disable it again immediately after .

Stop broadcasting your SSID
I know a major ISP that ships all of it's routers with the same ( pretty obvious ) admin password !

These are just the kind of things that wardrivers love , and are out looking for .


Level 85
Mar 15, 2011
I'm actually at a farm with nobody on 3km around. Should i pass-protect my WiFi? :p

Well its better to be protected and avoid any unwanted connection gathering your browsing speed.


People should always change your password on router and do not rely on default manufacturer password cause it's easily to crack.
  • Like
Reactions: DardiM and Sand