Wi-Fi is easily one of the most important technologies developed when it comes to the widespread adoption of the Internet. When combined with smartphones and 4G technology, it has allowed for always-on connectivity. However, it is remarkably easy to access user data over Wi-Fi networks, even if with a secured connection.
In an article from Maurits Martijn, a technology and surveillance correspondent for the Dutch online journalism platform De Correspondent, we see just how easy it can be to mine the data from anyone using a public Wi-Fi connection. Martijn talked to ethical hacker Wouter Slotboom as he harvested the data from users in an Amsterdam coffee shop.
Slotboom’s method was to use a small router that captured user data once he was connected to the cafe’s Wi-Fi. He was able to access all sorts of data from users’ phones, tablets and laptops by acting as a man in the middle. He would’ve also been able to create a fake network name using the collected data in order to route a user’s connection by tricking a smartphone into thinking it was connecting to the user’s home network.
An even simpler solution was to broadcast a network ID named something like “Starbucks,” because users were willing to trust a name like that. Through the use of programs that search deeper, Slotboom and Martijn could have accessed passwords and other sensitive user data.
Information comes flooding in, even from visitors who are not actively working or surfing. Many email programs and apps constantly make contact with their servers—a necessary step for a device to retrieve new emails. For some devices and programs, we are able to see what information is being sent, and to which server.
Other software allows for encryption cracking, and the malicious insertion of alternate data, such as child pornography.
Combine widespread access, and user trust in a service like LinkNYC for example, and hackers may be able to get their hands on mass amounts of data with relatively little effort. Martijn wrote another article, suggesting ways for users to protect their data, but not connecting is still the safest bet.
One way to mitigate this problem would be to increase the prevalence of end-to-end encryption within the Internet ecosystem, especially within the smartphone environment. If decryption keys are generated and decoded only by user devices at either end, as is now the default for Whatsapp, then a lot of damage could be avoided.