The head of Europol’s cyber crime division, Troels Oerting, has warned against using public Wi-Fi hotspots, after the law enforcement agency has seen an increase in the misuse of public Wi-Fi for identity theft and financial attacks.
Speaking to the BBC, Troels Oerting said, “Everything that you send through Wi-Fi is potentially at risk, and this is something that we need to be very concerned about both as individual users but also as police. We should teach users that they should not access sensitive information while on an open, and insecure Wi-Fi internet connection.”
Oerting said that several member states had reported an increase in cyber attacks using public Wi-Fi hotspots, according to ISP Review’s report. He said that criminals did not tend to employ hi-tech new attacks – instead, they relied on well-known tactics such as setting up fake hotspots, with names resembling real ones, to steal information from unwary users.
Oerting said, “We have seen an increase in the misuse of Wi-Fi in order to steal information, identity or passwords and money from the users who use public or insecure wi-fi connections.
Oerting said that users needed to be educated to only access senstive sites, “From home where they know actually the Wi-Fi and its security – not if you are in a coffee shop somewhere. You shouldn’t access your bank or do things that actually transfer very sensitive information.”
Dr Martyn Thomas from Britain’s Institution of Engineering and Technology (IET) said: “This is another example of the problem that no one has managed to find a way to certify security of systems or to charge for better security. The result is free software and free wi-fi that potentially puts everyone at risk.”
ESET Researcher Stephen Cobb says in a how-to for computing on the go, “Consider using a 3G or 4G hotspot instead of hotel Internet or free public Wi-Fi hotspots. If you are logging into a work network, use a VPN, and do not visit banking or shopping sites.”
Wi-Fi security has been in the spotlight recently after the discovery of a network of 300,000 routers worldwide which had been hijacked by an unknown group of cybercriminals, who have made malicious changes to the devices’ settings, allowing the attackers to misdirect computers to websites of their choice.
Ars Technica reported that the attack, which began in January 2014, affects multiple brands of router, including devices from D-Link, Micronet, Tenda among others. Routers around the world are affected, with many victims in Vietnam, but other affected in Thailand, Colombia and Italy.
Team Cymru, the specialist security company which identified the attack said that the mass attack was the “latest in a growing trend” of cybercriminals targeting SOHO (small office/home office) routers as a way to target victims without compromising PCs directly.
Last week, University of Liverpool researchers demonstrated a virus, Chameleon, which could infect whole cities purely through Wi-Fi networks, harvesting information from access points.
Author Rob Waugh, We Live Security