The dangerous cost of ‘free’ Wi-Fi

If it seems too good to be true, it probably is. Free Wi-Fi is no exception to this adage. Security company Avast tested this theory by setting up a number of free fake Wi-Fi hotspots to see how many people would take the bait. They caught a lot of fish.

So you go to a political convention. Do a little politicking and listen to some speeches. While taking a break from the handshaking and schmoozing you decide to do a little work on your laptop. Then you get hacked.

During the Republican National Convention, IT security company Avast security set up fake Wi-Fi hotspots to see who would fall for their trick. As it turns out, a lot of people fell for it. Avast estimated more than 1,200 people logged into the fake hotspots, some with politically leaning names like "I VOTE TRUMP! FREE INTERNET," and "I VOTE HILLARY! FREE INTERNET," and some with an official ring to them like "Google Starbucks" and ATTWifi at GOP."

Of those, 68.3 percent exposed their identities.

This isn't a new trick for actual hackers, but a popular one in travel friendly spots, or big events. The Democratic National Convention and Olympics are expected to be breeding grounds for fraud.

"There are so many free applications and hardware devices available that almost anyone can do it," said Jerry Irvine, member of the U.S. Chamber of Commerce’s Cybersecurity Leadership Council and CIO of Prescient Solutions.

We're suckers

The ease of creating a fake hotspot is one reason fraudsters keep doing it. "There are freely available tools that allow someone to easily turn their laptop into a Wi-Fi hotspot," said says Gary Davis, chief consumer security evangelist for Intel Security.

The other is that we keep falling for it. "There are so many free public Wi-Fi locations that users have become too comfortable joining them," says Irvine.

It's become such a part of our daily lives -- especially if we travel and are always looking for free Wi-Fi -- that we don't always question that any network, especially one with a name related to a specific event, is there for any other reason than to make our lives more convenient. Time is a factor, too -- and that we don't think we have enough of it to check, especially if we're trying to log on before going onto a zillion other things. "We are always in a hurry and often don’t take the time to consider if a Wi-Fi is malicious or fake. We tend to click on the top free link," says Davis.

The target

Here's what hackers are after if they get you to hook into their fake Wi-Fi network: Everything.

"First, hackers perform Man in the Middle (MitM) attacks, which allows them to copy 100 percent of all traffic that goes from the devices to and from the Internet," says Irvine. "Although some of this traffic may be encrypted if the user is using HTTPS when connecting to websites, much of the data is still readable."

Once in, they can do just about anything. "They can also use the connection to tunnel into your device to access files, drop malware and other bad things," says Davis.

From there, the world is their oyster, says Orlando Scott-Cowley, cyber strategist for Mimecast. "Your personal information, the services and apps you use and the types of devices you use are all easily detected during these attacks." And once they have this information, they have the keys to your kingdom – and will sell to anyone who will pay enough to own them.

Just consider what Avast found out while using its fake Wi-Fi hotspots: 38.7 percent of lures have Facebook or the Facebook messaging app; 13.1 percent accessed Yahoo Mail, 17.6 percent checked Gmail, and 13.8 percent used chat apps like WhatsApp, WeChat or Skype. If the hack had been real, scammers would have had gained access to any of those systems (.24 percent of users also logged into porn sites).

That's bad for you, but the stakes get even higher if you're on a work device and have sensitive information stored there.

The solution

For those who travel often and need Wi-Fi for their devices on the go, Davis recommends buying your own hotspot. That way, you know what you're connecting to, and it's always available when you need it so you don't go hunting around for some possibly unscrupulous other connection.

If opting for public Wi-Fi, he suggests picking a network that doesn't require a login -- and even then, don't do any kind of financial transactions on that connection.

You can also turn your cell phone into a hotspot, which, if there's 4G service available, makes the connection faster than some free Wi-Fi services, says Orlando.

If you're going to use a Wi-Fi hot spot that looks like it's tied to a location -- like one with the name of the coffee shop you're in, Scott-Cowley adds to ask the staff if it's really theirs.

Even if you don't travel, be careful about telling your computer to automatically log into any public Wi-Fi network. Because while you may always work at Revolution Roasters and use their Wi-Fi, Irvine says that someone could come in and set up a Wi-Fi network with a similar name, and your computer may not be able to tell the difference.

A VPN service will shelter the information going in and out of your device to public Wi-Fi. And protect your physical device too, advises Irvine. Sometimes it's easier to take a device or physically put malware onto it when you're not looking than to get in through an internet connection.

"Travelers should be conscious of hackers who will attempt to physically steal laptops, tablets and cell phones from luggage, hotel rooms or coffee shops when they are left unattended," he says. "Also, users should never insert CDs, disks or thumb drives they found into their devices. Hackers drop these items at public places specifically to get unsuspecting individuals to plug them into their devices in order to infect them."

So even if it looks like something from a travel bureau promising discounts don’t stick it into your device. You don't know where it's been.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jen A. Miller

Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?