photo credit: olishaw
The Guardian has recently been doing an experiment into the security of public wi-fi “hotspots” such as BTOpenzone, and has published some worrying findings.
Although this is not a new exploit, the Guardian has demonstrated how a scammer can easily set themselves up as a wireless hotspot and get unsuspecting users to either hand-over their credit card details (to pay for the wi-fi), and/or steal their login details for sites such as Facebook or their email accounts.
Using a £49 piece of communications equipment and software freely available for download from the internet, the investigation established that crooks could set up bogus Wi-Fi “gateways” to which the latest generation of mobile phones would automatically connect. Once a connection is established, all the information passing through the gateway can be either be read directly or decrypted using software that will run on a laptop.
In another test, a fake Wi-Fi hotspot invited people to “pay” for internet access with their credit card – but required them to click a box to accept terms and conditions which clearly stated “you agree we can do anything we like with your credit card details and personal logins”.
The scam isn’t confined to smartphones – laptop users are also potentially at risk, although the settings on smartphones such as the iPhone often make it less obvious what wi-fi hotspot you’re connecting to, and in some cases they will be setup to automatically connect to hotspots it “thinks” it knows are real.
Until this issue is fixed, the best way to avoid the scam is to switch off the wi-fi in your phone when you leave home, and make sure you only use it on networks that you trust (home/work).