Public wifi 'easy to hack into'
Published 11/12/2013 | 10:16
Free public wifi is putting users at risk from even the most basic hackers, IT experts have warned.
Random tests on internet systems at 10 prominent hotels across the country found they all have fundamental security flaws, allowing novice cyber-criminals access to anything from email logins to bank and credit card details.
Tech security firm Smarttech.ie carried out inspections in October and November on three, four and five-star hotels and found 100% of tests showed up serious vulnerabilities and risks for users.
The company said it highlights the dangers of using unencrypted logins and passwords on a public internet network and warned that users are oblivious to the dangers.
Ronan Murphy, chief executive of Smarttech.ie, said consumers need to be made aware of the serious security challenges.
"The tests we carried out prove that these risks affect anyone using public wifi. However, there are steps that hotels and restaurants can take to secure their service and therefore protect their customers," he said.
Smarttech.ie has written to each of the 10 hotels that were tested and outlined steps they should take to secure public networks.
The company said that within 20 minutes at each location and with minimal effort, its experts were able to observe customers' email addresses with accompanying passwords and login details to employers' servers.
More worryingly, they were also able to access payment information and PayPal logins and passwords, personal and business credit card details, online banking details including logins, and Vodafone login information for mobile phones.
On a more personal level, they saw Facebook logins and details, member logins for websites and classified sites, and logins for internet dating sites.
Smarttech.ie said one of the checks was carried out from outside the hotel, confirming suspicions that hackers could access information remotely.
The company said the hack test is known as "network sniffer" on the public wifi network and within seconds it shows up a list of devices and grants access.
It said that most public wifi networks share a single internet provider, or IP, subnet and this gives potential hackers the ability to pretend that their laptop or mobile device is the gateway on that subnet. It is known as a Man in the Middle Attack.
According to Smarttech.ie, security on public wifi is bound by rules under the EU directive for public wi-fi directive 2006/24/EC from 2006 which was passed in the wake of the July 7 bombings in London.
Smarttech.ie said hotels had been in contact about the wifi systems and has offered to provide solutions.
"Smarttech.ie has already been contacted by a number of the hotels in question, on foot of the letter which Smarttech.ie sent them, about their wifi security," a spokesman said.
"Smarttech.ie will be speaking to them all on a one-to-one basis, to help improve the situation for them and ultimately for the thousands of customers."