Members of the public unknowingly agreed to give up their firstborn child or most beloved pet in exchange for Wi-Fi use, as part of an investigation on privacy.
The Europol-supported investigation, conducted by the UK’s Cyber Security Research Institute and SySS in London on behalf of security software vendor F-Secure, found that consumers ‘recklessly expose’ their personal details via public Wi-Fi and carelessly agree to outlandish terms and conditions.
In the experiment, which involved setting up a ‘poisoned’ Wi-Fi hotspot, unsuspecting users also exposed their internet traffic, personal data and the contents of their emails. SySS built a portable Wi-Fi access point from components costing around €200 and requiring little technical knowhow.
Researchers set the device up in prominent business and political districts of London. They then watched as people connected, unaware their Internet activity was being spied on.
In half an hour, 250 devices connected to the hotspot, most of them probably automatically without their owner realising it. 33 people actively sent internet traffic by carrying out web searches and sending data and email. 32MB of traffic was captured (and promptly destroyed in the interest of consumer privacy).
Researchers found that the text in emails sent over a POP3 network could be read, as could the addresses of the sender and recipient, and even the password of the sender.
For a short period, the researchers introduced a Terms & Conditions (T&C) page that needed to be accepted in order to use the hotspot. The T&C included an outlandish clause that obligated the user to give up their firstborn child or most beloved pet in exchange for Wi-Fi use. In total, six people agreed to the T&C before the page was disabled.
“We all love to use free Wi-Fi to save on data or roaming charges,” said Sean Sullivan, Security Advisor at F-Secure. “But as our exercise shows, it’s far too easy for anyone to set up a hotspot, give it a credible-looking name, and spy on users’ Internet activity.”
"Either stay away from public Wi-Fi – or use Wi-Fi security," added F-Secure in a statement. "With Wi-Fi security, your connection is invisible in the wi-fi network and your data made unreadable by encryption. So even if someone tries, they can’t tap into your data.
"F-Secure Freedome is a Wi-Fi security product, or VPN, that creates a secure, encrypted connection from your device and protects you from snoops and spies, wherever you go and whatever Wi-Fi you use."
Check out the experiment in the video below or the report titled “Tainted Love: How Wi-Fi Betrays Us”.