Security News Kaspersky Lab: A Quarter of Wi-Fi Hotspots Are Unsecured

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Over a quarter of Wi-Fi hotspots around the world are unsecured and pose a major risk to users’ data, according to new research from Kaspersky Lab.

The Russian AV vendor analyzed info on over 31 million such hotspots worldwide and discovered that 25% have no encryption or password protection of any kind – leaving them wide open to abuse by cyber-criminals.

A further 3% are running WEP (Wired Equivalent Privacy) to encrypt data, but this outdated platform can be cracked within minutes, the vendor claimed.

As for the remaining 72% of Wi-Fi-hotpots, they run the harder-to-hack Wi-Fi Protected Access (WPA) protocol. However, they’re still vulnerable to hackers if the password isn’t strong enough, or if it’s publicly available in a shared location like a café or airport.

In fact, as we approach the busy holiday season, travelers would be minded not to use such public hotspots to access any online accounts, as hackers might be ready to pounce.

Kaspersky Lab claimed that the top 20 countries with the highest percentage of non-encrypted Wi-Fi hotspots include many popular tourist destinations such as Thailand, France, and the US.

The vendor’s anti-virus expert, Denis Legezo, urged consumers to remain vigilant when using Wi-Fi out and about.

“Don’t use hotspots without passwords and don’t use public hotspots to perform high-risk activities such as online banking or shopping, logging on to sites or for transferring confidential information,” he advised.

“If that sort of traffic is intercepted by a third party, it could result in serious losses, including financial ones. And of course, we strongly recommend using additional measures to protect traffic, such as Virtual Private Network (VPN) technology.”

It’s not clear the message is getting through, however, with another study by the Russian AV firm claiming 71% of consumers use insecure public Wi-Fi in cafés, bars and fast food restaurants, and 15% use it to shop, bank, or make payments online.

Just 13% said they use a VPN – something all businesses should provide for their mobile workforce today.

The study echoes similar findings from iPass earlier this month, which claimed that nearly half (42%) of mobile workers still access corporate networks via free Wi-Fi hotspots.
 
W

Wave

Another important thing to remember is to never make any form of payment/sensitive information transfer (e.g. even signing into an account) from an unsecured network unless the website is HTTPS secured, since if anyone can connect onto the network and you are not using HTTPS secured websites, they can sniff the network with software such as Wireshark and use this to their advantage to actually sniff out the details you have been sending over to the websites.

For example, if you have an unsecured network in your Home, a neighbour can remotely sniff the network by connecting to it (if they have the range), then steal credentials to websites you've signed into which are not HTTPS secured.

However, best use a secured network as opposed to a free un-secure hotspot/network anyway. Of course, that would be the safer and better option. ;)
 

Myriad

Level 7
Verified
Well-known
May 22, 2016
349
For example, if you have an unsecured network in your Home, a neighbour can remotely sniff the network by connecting to it (if they have the range), then steal credentials to websites you've signed into which are not HTTPS secured.

That is a fact , and maybe for city dwellers there is the added risk from " wardrivers " and they will have the range ,
because they'll be well tooled-up with powerful external network adapters / antennas .

Here's a few easy-to-do things that often get overlooked on router/wi-fi advice sites :-

Disable WPS
It is usually there by default for convenience , but it is also a major security hole .
If you need to add a network device the lazy way then enable WPS , but disable it again immediately after .

Stop broadcasting your SSID
I know a major ISP that ships all of it's routers with the same ( pretty obvious ) admin password !

These are just the kind of things that wardrivers love , and are out looking for .
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
I'm actually at a farm with nobody on 3km around. Should i pass-protect my WiFi? :p

Well its better to be protected and avoid any unwanted connection gathering your browsing speed.

-----------

People should always change your password on router and do not rely on default manufacturer password cause it's easily to crack.
 
  • Like
Reactions: DardiM and Sand

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top