Global experiment exposes the dangers of using Wi-Fi hotspots

A global Wi-Fi hacking experiment exposed major security issues regarding the browsing habits of users around the globe. Avast mobile security experts traveled to cities in the United States, Europe, and Asia to observe public Wi-Fi activity in nine major metropolitan areas. They were equipped with a Wi-Fi-enabled laptop and an application that monitored local Wi-Fi traffic at 2.4 GHz frequency – a free app that is widely available.

The experiment showed how easy it is to see browsing activity, searches, passwords, videos, emails, and other personal information.

The study revealed that users in Asia are the most prone to attacks. More than half of the Web traffic in Asia takes place on unprotected HTTP sites, 97% of users connect to open, unprotected Wi-Fi networks, and seven out of ten password-protected routers use weak encryption methods, making it simple for them to be hacked.

Users in San Francisco and Barcelona are the most likely to take steps to protect their Wi-Fi sessions, although the number is still very small as only 20% take precautions.

The study found that people around the world overwhelmingly prefer to connect to unsecured and unprotected Wi-Fi networks instead of password-protected networks. Mobile users in Asia were most likely to join open networks, while Europeans and Americans were slightly less so; In Seoul, 99 out of 100 users joined unsecured networks, compared with just 80 out of 100 in Barcelona and San Francisco.

  • 1. Seoul: 99 out of 100
  • 2. Hong Kong: 98 out of 100
  • 3. Taipei: 97 out of 100
  • 4. Chicago: 96 out of 100
  • 5. New York: 91 out of 100
  • 6. Berlin: 88 out of 100
  • 7. London: 83 out of 100
  • 8. Barcelona: 80 out of 100
  • 9. San Francisco: 80 out of 100.

Avast discovered that a significant portion of mobile users browse primarily on unsecured HTTP sites. Nearly half of the Web traffic in Asia takes place on unprotected HTTP sites, compared with one third U.S. traffic and roughly one quarter of European traffic.

Because HTTP traffic is unprotected, the Avast team was able to view all of the users’ browsing activity, including domain and page history, searches, personal login information, videos, emails, and comments.

The majority of the observed Wi-Fi hotspots were protected through some form of encryption. However, often these methods were weak and could be easily hacked. Using WEP encryption in particular can be nearly as risky as forgoing password-protection altogether, as users tend to feel safer entering their personal information, but their data can still be accessed.

San Francisco and Berlin had the lowest percentage of weakly encrypted hotspots, while more than half of password-protected hotspots in London and New York and nearly three quarter of the Asian hotspots were vulnerable to attack.

  • 1. Seoul: 70,1%
  • 2. Taipei: 70,0%
  • 3. Hong Kong: 68,5%
  • 4. London: 54,5%
  • 5. New York: 54,4%
  • 6. Chicago: 45,9%
  • 7. Barcelona: 39,5%
  • 8. Berlin: 35,1%
  • 9. San Francisco: 30,1%