More than 1,200 of RNC attendees unknowingly connect to Avast’s bogus Wi-Fi hotspot outside the Republican National Convention
REDWOOD CITY, Calif., July 19, 2016 – Avast
Software, maker of the world’s most trusted mobile and PC security,
today revealed results of a Wi-Fi hack experiment conducted at various
locations around the Republican National Convention site in Cleveland to
demonstrate how risky it can be to connect to public Wi-Fi. The experiment,
performed by Avast’s security researchers, revealed that over a thousand convention
attendees were negligent in their behavior when connecting to public Wi-Fi.
Attendees risked the possibility of being spied on and hacked by cybercriminals
while they checked their emails, banked online, used chat and dating apps, and
even while they accessed Pokemon Go.
For the experiment, Avast researchers set up fake Wi-Fi networks at various locations around the Quicken Loans Arena and at Cleveland Hopkins International Airport with phony network names (SSIDs) like “Google Starbucks”, “Xfinitywifi”, “Attwifi”, “I vote Trump! free Internet” and “I vote Hillary! free Internet” that were either commonplace or looked like they were set up for convention attendees. Out of the people connecting to the candidate-related Wi-Fi in Cleveland, 70% connected to the Trump-related Wi-Fi, 30% to the Clinton-related Wi-Fi. With mobile devices often set to connect to known SSIDs automatically, users occasionally overlook the networks to which they are connecting. While convenient for many, this feature bears the risk of users being spied on by cybercriminals who set up a false Wi-Fi network with a common SSID. Moreover, Web traffic can be visible to anyone on any Wi-Fi network that does not request a password.
Over the course of a day, Avast saw more than 1.6Gbs transferred from more than 1,200 users. Moreover, 68.3% of users‘ identities were exposed when they connected, and 44.5% of Wi-Fi users checked their emails or chatted via messenger apps. To protect people’s privacy, the researchers scanned the data, but did not store it or collect any personal information. Avast learned the following about the Republican National Convention attendees:
● 55.9% had an Apple device, 28.4% had an Android device, 1.5% had a Windows Phone device, 3.4% had a MacBook laptop and 10.9% had a different device
● 10.8% used Google Chrome, 0.2% Mozilla Firefox and 4.2% Safari
● 39.7% have the Facebook or Facebook messenger app installed, 10.7% have the Twitter app installed, 8.0% have Instagram installed
● 13.1% accessed Yahoo Mail, 17.6% checked their Gmail inbox, and 13.8% used chat apps like WhatsApp, WeChat and Skype
● 6.5% shopped on Amazon, and 1.2% accessed a banking app or banking websites like bankofamerica.com, usbank.com, or wellsfargo.com
● 5.1% played Pokemon Go
● 4.2% visited government domains or websites
● 0.7% used dating apps like Tinder, Grindr, OKCupid, Match and Meetup
0.24% visited pornography sites
“With Washington heatedly discussing cybersecurity issues virtually
every week, we thought it would be interesting to test how many people actually
practice secure habits,” said Gagan Singh, president of mobile at Avast.
“Understanding the talking points behind these privacy issues is very different
from implementing secure habits on a daily basis. Though it is not surprising
to see how many people connect to free Wi-Fi, especially in a location with
large crowds such as this, it is important to know how to stay safe when
connecting. When joining public Wi-Fi, consumers should utilize a VPN service
that anonymizes their data while connecting to public hotspots to ensure that
their connection is secure.
Avast SecureLine VPN for Android and iOS devices encrypts connections on unsecured public Wi-Fi and allows users to browse anonymously. The app also lets users choose the server location they would like to connect with, enabling users to access content from their home country that may otherwise be restricted by geo-location.