Avast Exposes Huge Security Risks in Open Wi-Fi Habits

Public Wi-Fi Experiment Conducted Across the Globe Reveals Major Security Flaws in Wi-Fi Hotspots – Asian Users More at Risk than Europeans and Americans

Mobile World Congress, Barcelona, Spain, March 2, 2015Avast Software, maker of the most trusted mobile and PC security in the world, today unveiled the results of a global Wi-Fi hacking experiment that exposed major security issues regarding the browsing habits of users around the globe. Avast mobile security experts traveled to cities in the United States, Europe, and Asia to observe public Wi-Fi activity in nine major metropolitan areas. They were equipped with a Wi-Fi-enabled laptop and an application that monitored local Wi-Fi traffic at 2.4 GHz frequency – a free app that is widely available. The experiment showed how easy it is to see browsing activity, searches, passwords, videos, emails, and other personal information.

The study revealed that users in Asia are the most prone to attacks. More than half of the Web traffic in Asia takes place on unprotected HTTP sites, 97% of users connect to open, unprotected Wi-Fi networks, and seven out of ten password-protected routers use weak encryption methods, making it simple for them to be hacked. Users in San Francisco and Barcelona are the most likely to take steps to protect their Wi-Fi sessions, although the number is still very small as only 20% take precautions.

“This experiment revealed that most mobile users aren’t taking adequate steps to protect their personal data and privacy from cybercriminals”, said Jude McColgan, president of Mobile at Avast. “People wear a seat belt in the car to be safe, and they should use a security app when using public Wi-Fi.”

Beware of Unprotected Wi-Fi Networks

The study found that people around the world overwhelmingly prefer to connect to unsecured and unprotected Wi-Fi networks instead of password-protected networks. Mobile users in Asia were most likely to join open networks, while Europeans and Americans were slightly less so; In Seoul, 99 out of 100 users joined unsecured networks, compared with just 80 out of 100 in Barcelona and San Francisco.

  1. Seoul: 99 out of 100
  2. Hong Kong: 98 out of 100
  3. Taipei: 97 out of 100
  4. Chicago: 96 out of 100
  5. New York: 91 out of 100
  6. Berlin: 88 out of 100
  7. London: 83 out of 100
  8. Barcelona: 80 out of 100
  9. San Francisco: 80 out of 100

Dangers of HTTP Browsing

Avast discovered that a significant portion of mobile users browse primarily on unsecured HTTP sites. Nearly half of the Web traffic in Asia takes place on unprotected HTTP sites, compared with one third U.S. traffic and roughly one quarter of European traffic.  

Because HTTP traffic is unprotected, the Avast team was able to view all of the users’ browsing activity, including domain and page history, searches, personal login information, videos, emails, and comments. Websites like eBay, Amazon, Wikipedia, Craigslist, and Bing don’t use the HTTPS standard unless the user logs in. In every city, Avast was able to see examples of users looking at medical sites, insurance pages, banking, and adult videos—all on unsecured public Wi-Fi networks.

Weak Encryption

The majority of Wi-Fi hotspots Avast observed were protected through some form of encryption. However, often these methods were weak and could be easily hacked. Using WEP encryption in particular can be nearly as risky as forgoing password-protection altogether, as users tend to feel safer entering their personal information, but their data can still be accessed.

San Francisco and Berlin had the lowest percentage of weakly encrypted hotspots, while more than half of password-protected hotspots in London and New York and nearly three quarter of the Asian hotspots were vulnerable to attack.

  1. Seoul: 70,1%
  2. Taipei: 70,0%
  3. Hong Kong: 68,5%
  4. London: 54,5%
  5. New York: 54,4%
  6. Chicago: 45,9%
  7. Barcelona: 39,5%
  8. Berlin: 35,1%
  9. San Francisco: 30,1%

Avast will be demonstrating a live Wi-Fi hack at their Mobile World Congress booth, and visitors can connect to the Avast Wi-Fi hotspot to experience a hack in action. Avast will also demonstrate its new Avast SecureMe app, which protects people from Wi-Fi threats. For more information on the Wi-Fi experiment, please visit Avast at booth 5K29, hall 5 at Mobile World Congress.

Note to Media: Avast mobile president, Jude McColgan, and Avast head of worldwide mobile sales and marketing, Daniel Cheng, will be available to discuss mobile threats, Avast’s mobile business, and new mobile applications. If you are interested in speaking to an Avast expert at Mobile World Congress, please contact PR@avast.com.