Recently, private data of three UK politicians got hacked after using public Wi-Fi hotspots.
The politicians, MP David Davis, MEP Mary Honeyball and Lord Strasburger, are quite known faces in UK politics. Although holding important posts within the different parliaments, they reportedly admitted of not having any formal training or information on the securtiy measures need to be adopted while using public Wi-Fi.
With their knowledge, a real life demonstration was conducted by security firm F-Secure (along with Mandalorian Security Services and Cyber Security Research Institute) to show how easily someone can compromise their personal data when connected to public Wi-Fi hotspots without adopting necessary security measures.
"Well, it's pretty horrifying, to be honest. What you have extracted was a very tough password, tougher than most people use. It's certainly not 'Password'," said Davis.
Contextually, a password can easily be cracked irrespective of its complexity level as in public Wi-Fi usernames and passwords are shown in plain text in the back of a Wi-Fi access point, making them easy for a hacker to steal.
"The average person will think that a hacker knowing which sports team I follow is a pretty useless piece of information," said Steve Lord, director at Mandalorian. "But once he knows that, he can craft a phishing email specifically for you and your likes, knowing that you will be more likely to open it. Once you click on a link within that email or open an attachment, they have you – they will load malware onto your devices and then you will end up giving away all of your information. Not only that, but your company information too, if you use your devices to access the company network."
An ethical hacker saved a draft in his drafts folder destined for the national press, announcing his defection to UKIP. Following this, his PayPal account was also compromised, which was having identical username and password of his Gmail account.
When Lord Strasburger made a Voice over IP (VoIP) call from a hotel room, it was intercepted and recorded using free-to-download technology tools.
Strasburger said, "That's very worrying. This is very powerful equipment. The thought that a beginner could be up and running in a very few hours is really worrying. I think it proves that people (when they are using technology) need to know a lot more about it. In the end, they have to look after themselves, because it really is down to you, no one else is going to do it."
Each examples remained an eye opener as they demonstrated how easily a hacker can compromise password-protected services and retrieve personal data.
"People shouldn't be afraid to use public Wi-Fi – it's a fantastic service," explained F-Secure security advisor Sean Sullivan. "But they must understand that there are risks and it is their responsibility to protect themselves. This is simply done using a piece of software called a Virtual Private Network (or VPN). For phones and tablets, these are available as an app.
"Our Freedome VPN will encrypt all data travelling from the device to the network, meaning that the hacker will steal nothing of use. Simply turning it on gives you the best protection you can possibly have to stay safe over public Wi-Fi, so you can focus on what you're doing instead of worrying about staying safe," he added.