We often shift between a phone signal, private internet connections, and public Wi-Fi networks. You pass by your local Starbucks, for example, and the phone remembers you’ve been there in the past and latches on to its signal—without you thinking too much about it. In June, the European law enforcement agency, Europol, backed an experiment in which a mobile hotspot was created in central London. People who logged on to it, thinking it a legit free Wi-Fi network, were asked to agree to terms and conditions, including a Herod clause that “the recipient agreed to assign their first-born child to us for the duration of eternity.” Six people signed up.
To see what could be done with the data floating around from all these public Wi-Fi networks, an “ethical hacker” named Wouter Slotboom was taken by a reporter from De Correspondent, a crowd-funded Dutch journalism site, to cafes around Amsterdam. The results weren’t comforting.
Using a small device he hides under a menu and his laptop at one cafe, Slotboom is able to pick up the historical data from the devices of the people sitting around him. So not only does he see “iPhone Joris,” but he can tell that Joris had been to McDonald’s from having logged on to the Wi-Fi network, had probably been to Spain recently and had been kart-racing in Amsterdam. Another person was likely an American—he had come via Heathrow and flown on Southwest—was staying in a local hostel and had recently visited one of the city’s famed “coffee” shops. Not the sort of thing you want leaking to your employer. He gathers that one person is gay—he has Grindr installed on his phone.
In another cafe, Slotboom created a fake Wi-Fi network at a cafe with an understandable name (“Starbucks” rather than “BT201238″), which makes more people likely to jump on to his network. He gets 20 devices in a short space of time, and is able to look at the traffic coming to and from their phones, laptops, and tablets and exploit bugs if the devices have outdated operating systems. “Many devices are sending documents using WeTransfer, some are connecting to Dropbox, and some show activity on Tumblr,” De Correspondent’s Maurits Martijn writes. “We see that someone has just logged on to Foursquare. The name of this person is also shown, and, after Googling his name, we recognize him as the person sitting just a few feet away from us.”
Some 70 percent of tablet owners and 53 percent of phone owners said in a survey that they use public Wi-Fi hotspots, which are set to rise globally to 5.8 million by next year, which means many of them are a target for these kinds of attacks. De Correspondent has its own article on protecting yourself from hackers, titled “How to safely use a public Wi-Fi network.” The first piece of advice? “Do not make use of public Wi-Fi networks.”
That’s probably a bit much. The risks of any of these sorts of attacks happening are extremely low—especially when balanced out against the incredible convenience of internet on demand in more public spaces than ever. And Apple and Google’s embrace of end-to-end encryption by default makes a horrendous outcome to your coffee run that much less likely. But when using a public Wi-Fi spot, do keep in mind the barrier to entry for hackers is extremely low. “All you need is €70, an average IQ, and a little patience,” says Slotboom, the Dutch hacker.