{"id":3523,"date":"2014-06-17T10:04:25","date_gmt":"2014-06-17T14:04:25","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=3523"},"modified":"2020-02-26T18:58:43","modified_gmt":"2020-02-26T14:58:43","slug":"wi-fi-sao-paulo","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/wi-fi-sao-paulo\/3523\/","title":{"rendered":"Bad Guys Are Watching You (via insecure Wi-Fi)"},"content":{"rendered":"

Recent developments in the smartphone world and the emergence of mobile apps for almost every use inevitably led to increased smartphone and tablet usage when dealing with sensitive data. Be it your CV on LinkedIn, private pictures sent to your lover via WhatsApp, Viber or other similar app<\/a>, one-time password for online banking \u2013 you send and receive such data on your mobile device. Unfortunately, most people don\u2019t realize how often and how easily that data, which you would never trust to most people around you, could be intercepted by a complete stranger seated ten meters away.<\/p>\n

\"wifi\"<\/a><\/p>\n

The main pieces of this insecurity puzzle are underprotected Wi-Fi and lack of security inside mobile apps. Cellular internet remains quite expensive in many cases, especially when you\u2019re travelling abroad. That\u2019s why people often use Wi-Fi in airports, cafes and hotels without paying much attention to its security. In case studies, performed by our experts in Sao Paulo just before World Cup<\/a> to discover what kind of encryption people use on their wireless networks, we found that one in four networks use open standard (no encryption).\u00a0<\/p>

26% of Wi-Fi networks in Sao-Paulo are insecure. You must take care especially when using mobile apps.<\/p>Tweet<\/a><\/blockquote>\n

If you use open standard, anyone can sniff your traffic and see what data are you sending. If you\u2019re using WEP, encryption could be cracked in no more than 5 minutes. Many networks around the world can be sniffed by bad guys in a matter of seconds.<\/p>\n

Our recommendation is to only connect to networks that use WPA.<\/p>\n

\"wifisaopaulo\"<\/a><\/p>\n

Many mobile apps transmit your data unencrypted or don\u2019t alert you about dangerous encryption issues.<\/div>\n

The story is different when using mobile apps<\/a>. You really don\u2019t know what protocol app uses. Security experts discovered that many applications still use open protocol for internal communication with their servers \u2013 i.e. HTTP instead of HTTPS, and those connections are vulnerable to session hijacking, password stealing and content eavesdropping. For example, if you\u2019re IM\u2019ing, people can see plaintext of your conversations. And I\u2019m not making stuff up, it\u2019s a real problem that persists in mobile applications. Even Google, Facebook or Twitter had some problems with SSL missing in their mobile apps in 2011. Till summer 2012, WhatsApp, a hugely popular IM mobile app, was transmitting all content unencrypted. If someone still uses Yahoo messenger or ICQ, I have a bad news for them \u2013 it\u2019s still using plaintext protocol so all chats are unencrypted and could be easily eavesdropped over open Wi-FI. It\u2019s hard to imagine how many applications still have plaintext protocol inside, if even some A-level companies don\u2019t implement encryption yet.<\/p>\n

\"insecureapps\"<\/a><\/p>\n

If we get more technical, many mobile apps don\u2019t warn users about problems with SSL certificates, making it almost impossible to spot man-in-the-middle attacks.<\/p>\n

Of course it would be easy to give simple advice like \u201cdon\u2019t use mobile apps for anything sensitive\u201d, \u2013 but it\u2019s hard to follow this advice. Following that, you\u2019re effectively putting yourself back in the XX century. So I would recommend a somewhat less radical approach:<\/p>\n