Ride the Lightning

Over 1000 Republican Convention Attendees Connect to Fake Wi-Fi Networks

July 26, 2016

Trust me, this is not a political post. I am sure the Democrats will be equally guilty of negligent mobile security this week.

On July 19^th, Avast Software revealed the results of a Wi-Fi hack experiment conducted at various locations around the Republican National Convention site in Cleveland to demonstrate how risky it can be to connect to public Wi-Fi. The experiment, performed by Avast's security researchers, revealed that over a thousand convention attendees were negligent in their behavior when connecting to public Wi-Fi. Attendees risked the possibility of being spied on and hacked by cybercriminals while they checked their e-mails, banked online, used chat and dating apps, and even while they accessed Pokemon Go.

Why am I not surprised that Pokeman Go was accessed?

For the experiment, Avast researchers set up fake Wi-Fi networks at various locations around the Quicken Loans Arena and at Cleveland Hopkins International Airport with phony network names (SSIDs) like "Google Starbucks", "Xfinitywifi", "Attwifi", "I vote Trump! free Internet" and "I vote Hillary! free Internet" that were either commonplace or looked like they were set up for convention attendees. Out of the people connecting to the candidate-related Wi-Fi in Cleveland, 70% connected to the Trump-related Wi-Fi, 30% to the Clinton-related Wi-Fi. With mobile devices often set to connect to known SSIDs automatically, users occasionally overlook the networks to which they are connecting. While convenient for many, this feature bears the risk of users being spied on by cybercriminals who set up a false Wi-Fi network with a common SSID. Moreover, Web traffic can be visible to anyone on any Wi-Fi network that does not request a password or if the password is a shared key.

Over the course of a day, Avast saw more than 1.6Gbs transferred from more than 1,200 users. Moreover, 68.3% of users' identities were exposed when they connected, and 44.5% of Wi-Fi users checked their e-mails or chatted via messenger apps. To protect attendees' privacy, the researchers scanned the data, but did not store it or collect any personal information. Avast learned the following about the Republican National Convention attendees:

● 55.9% had an Apple device, 28.4% had an Android device, 1.5% had a Windows Phone device, 3.4% had a MacBook laptop and 10.9% had a different device

● 10.8% used Google Chrome, 0.2% Mozilla Firefox and 4.2% Safari

● 39.7% have the Facebook or Facebook messenger app installed, 10.7% have the Twitter app installed, 8.0% have Instagram installed

● 13.1% accessed Yahoo Mail, 17.6% checked their Gmail inbox, and 13.8% used chat apps like WhatsApp, WeChat and Skype

● 6.5% shopped on Amazon, and 1.2% accessed a banking app or banking websites like bankofamerica.com, usbank.com, or wellsfargo.com

● 5.1% played Pokemon Go

● 0.7% used dating apps like Tinder, Grindr, OKCupid, Match and Meetup

● 0.24% visited pornography sites like Pornhub.com

Gagan Singh, president of mobile at Avast, said "Though it is not surprising to see how many people connect to free Wi-Fi, especially in a location with large crowds such as this, it is important to know how to stay safe when connecting. When joining public Wi-Fi, consumers should utilize a VPN service that anonymizes their data while connecting to public hotspots to ensure that their connection is secure."

Thanks again Dave Ries. This topic always bears repeating!

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson