Criminals target public WiFi at FIFA games: Kaspersky
Of the approximately 32 000 public WiFi networks in FIFA World Cup 2018 host cities, 7 176 of do not use traffic encryption, meaning that hackers need only be located near an access point to intercept network traffic and steal confidential information.
This was revealed by Kaspersky Lab's analysis of public WiFi spots in 11 FIFA World Cup 2018 host cities, including Saransk, Samara, Nizhny Novgorod, Kazan, Volgograd, Moscow, Ekaterinburg, Sochi, Rostov, Kaliningrad, and Saint Petersburg.
According to the company, global sporting events result in a large number of people connecting to networks to upload posts, communicate with friends and suchlike.
However, public WiFi is also used to transfer financial and other sensitive information across the Internet. "And it's this information that third parties, not necessarily criminals, can intercept and use for their own purposes."
The company said almost two-thirds of all public WiFi networks of the locations analysed use the WiFi Protected Access (WPA/WPA2) protocol family for traffic encryption, a protocol which is considered to be one of the most secure for WiFi use.
However, even reliable WPA/WPA2 networks can allow brute-force and dictionary attacks, as well as key reinstallation attacks, meaning they are not 100% secure.
Denis Legezo, senior security researcher at Kaspersky Lab, says the lack of traffic encryption, together with large-scale events, make WiFi networks a target for criminals who want easy access to user data.
"Despite about two-thirds of all access points in FIFA World Cup host cities using encryption based on the most secure WiFi Protected Access (WPA/WPA2) protocol family, even these access points can't be considered secure if the password is visible to everyone."
Kaspersky research shows, once again, that cyber security involves addressing not just certain aspects, but the entire infrastructure. "FIFA World Cup 2018 has confirmed that the event itself is secure, but users should be aware that clearly its host cities' public WiFi hotspots are often not."
He says people visiting FIFA World Cup 2018 host cities who are planning to use open WiFi networks should follow several simple rules to secure themselves.
"Whenever possible, connect via a virtual private network, which sees encrypted traffic transmitted over a protected tunnel, rendering data unreadable to criminals even if they gain access to it."
Secondly, he says not to trust networks that are not password-protected or have easy-to-guess or easy-to-find passwords.
In addition, even if a network requests a strong password, users should remain vigilant, as criminals can find out the password at a coffee shop for example, and create a fake connection using the same password.
"Only trust network names and passwords given to you by employees of the establishment."
To maximise your protection, he advises to turn off any WiFi connections whenever they are not being used.
"If you are not 100% sure the wireless network you are using is secure, but you still need to connect to the Internet, try to limit activity to basic user actions such as searching for information.
"Refrain from entering login details for social networks or mail services, and definitely do not perform any online banking operations or enter your bank card details anywhere."
Finally, Legezo says to avoid being a target for cyber criminals, enable the "always use a secure connection" (HTTPS) option in the device settings.
"Enabling this option is recommended when visiting any Web site you think may lack the necessary protection."