Avast security researchers conducted a Wi-Fi hack experiment at various locations around the Republican National Convention site in Cleveland to demonstrate how risky it can be to connect to public Wi-Fi.
The experiment revealed that over a thousand convention attendees were negligent in their behavior when connecting to public Wi-Fi. Attendees risked the possibility of being spied on and hacked by cybercriminals while they checked their emails, banked online, used chat and dating apps, and even played Pokémon GO.
Wi-Fi hack experiment setup
For the experiment, researchers set up fake Wi-Fi networks at various locations around the Quicken Loans Arena and at Cleveland Hopkins International Airport with phony SSIDs like “Google Starbucks”, “Xfinitywifi”, “Attwifi”, “I vote Trump! free Internet” and “I vote Hillary! free Internet” that were either commonplace or looked like they were set up for convention attendees.
Out of the people connecting to the candidate-related Wi-Fi in Cleveland, 70% connected to the Trump-related Wi-Fi, 30% to the Clinton-related Wi-Fi. With mobile devices often set to connect to known SSIDs automatically, users occasionally overlook the networks to which they are connecting. While convenient for many, this feature bears the risk of users being spied on by cybercriminals who set up a false Wi-Fi network with a common SSID. Moreover, Web traffic can be visible to anyone on any Wi-Fi network that does not request a password.
Wi-Fi traffic insight
Over the course of a day, Avast saw more than 1.6Gbs transferred from more than 1,200 users. Moreover, 68.3% of users‘ identities were exposed when they connected, and 44.5% of Wi-Fi users checked their emails or chatted via messenger apps. To protect people’s privacy, the researchers scanned the data, but did not store it or collect any personal information.
Avast learned the following about the Republican National Convention attendees:
- 55.9% had an Apple device, 28.4% had an Android device, 1.5% had a Windows Phone device, 3.4% had a MacBook laptop and 10.9% had a different device
- 10.8% used Google Chrome, 0.2% Mozilla Firefox and 4.2% Safari
- 39.7% have the Facebook or Facebook messenger app installed, 10.7% have the Twitter app installed, 8.0% have Instagram installed
- 13.1% accessed Yahoo Mail, 17.6% checked their Gmail inbox, and 13.8% used chat apps like WhatsApp, WeChat and Skype
- 6.5% shopped on Amazon, and 1.2% accessed a banking app or banking websites like bankofamerica.com, usbank.com, or wellsfargo.com
- 5.1% played Pokémon GO
- 4.2% visited government domains or websites
- 0.7% used dating apps like Tinder, Grindr, OKCupid, Match and Meetup
- 0.24% visited pornography sites like Pornhub.com.
“With Washington heatedly discussing cybersecurity issues virtually every week, we thought it would be interesting to test how many people actually practice secure habits,” said Gagan Singh, president of mobile at Avast. “Understanding the talking points behind these privacy issues is very different from implementing secure habits on a daily basis. Though it is not surprising to see how many people connect to free Wi-Fi, especially in a location with large crowds such as this, it is important to know how to stay safe when connecting. When joining public Wi-Fi, consumers should utilize a VPN service that anonymizes their data while connecting to public hotspots to ensure that their connection is secure.