Mobile Industry Bigwigs Fooled By Bogus Starbucks Wi-Fi

Wifi_logo

You’d think delegates at Mobile World Congress would be security conscious with their phones. However, one security firm says it found more than 2,000 users who fell for a pretty basic trick.

Avast researchers went to Barcelona, host city for the event, and set up three Wi-Fi networks in the airport at a peak time for delegates passing through. They gave the networks the highly misleading names of “Starbucks”, “Airport_Free_Wifi_AENA“ and “MWC Free WiFi.”

The networks had no password protection, meaning anyone could connect to them, but the web traffic was visible. Avast says more than 2,000 people connected to the networks in the space of four hours.

In some cases this will have been people looking through the list of available networks and trusting what they assumed to be a free service. However, Avast also believes many of the connections may have come from phones that have previously used a network with the same name and are set (often by default) to automatically connect to any network it “recognizes.”

Exactly how much detail Avast was able to access from the web traffic is unclear; the company says it only scanned the traffic and made a point of not storing anything. It does say it was able to identify 63.5 percent of users by both their device and their user ID.

The company also says the user base was split with 50.1 percent on Apple devices, 43.4 percent on Android and 6.5 percent on Windows Phone. It doesn’t explain why no laptops are among this statistic.

The rest of the stats mainly covered the sites visited and apps used while connected to the networks, with the unsurprising news that most people used either Gmail or Google search, but only a few people used Tinder.

What Avast doesn’t address is whether any of the data it scanned revealed accessible confidential or personal information. It’s also quiet on how many people were using https connections, or how straightforward it would have been to overcome this had it wanted to make the experiment a more realistic portrayal of hacking possibilities.

Avast does recommend that people using unsecured public networks do so with a secure VPN, which, wouldn’t you know, they just happen to offer.