Passengers use WiFi services to surf Internet on mobile gadgets on a flight of China Eastern Airlines. [Photo by Liu Xin / For China Daily] |
Beware the perils of free WiFi.
A security company's recent investigation of the security of free WiFi connections at public venues indicates those joining unknown networks to avoid telecom fees may be paying an unexpectedly high price.
More than 11 percent of the 68,000 plus WiFi networks at major public places-including airports, railway stations, scenic spots and shopping malls in Beijing, Shanghai and Guangzhou-were unsafe, said RainRaid, an independent information security consultancy based in Shanghai.
The company's six-month investigation found users of the unsafe sites risked theft of personal and financial information.
Its team connected smartphones to WiFi services as ordinary users, and its equipment tracked whether a phishing attack ensued.
In some cases, criminals disguised the insecure WiFi access as a government or business center service for the public. "The names may seem pretty similar to regular WiFi services, and users will show little suspicion," said Yao Wei, RainRaid's founder.
The attackers may obtain users' personal information, such as e-mail user names and passwords. More seriously, they may siphon off payments or money transfers meant for others.
Shanghai municipal government issued a warning last week about several bogus WiFi hot spots similar to i-Shanghai, the free wireless Internet service provided by the government at 450 public sites in the city. The fakes included "1-Shanghai", "i-ShangHai" and "i-shanghai".
When residents connect their smartphones to the official i-Shanghai site, they are only required to enter their mobile phone numbers.
The sham sites request names, ID numbers, and social media user names and passwords, which will be stolen by those who set up the fake access, the notice said.
One recommend countermeasure is to avoid free WiFi sites that do not require users to log in.
"A notable characteristic of the phishing WiFi is that people don't need to log in when using them, which is different from regular free WiFi services, which usually require an identifying code or a code sent to users' phones via text message," said Jiang Kaida, who works for the network and information center at Shanghai Jiao Tong University.