The increased proliferation of smartphones means more people are going online using their mobile via both 3G and wi-fi.
But those tapping into public wi-fi hotspots such as BT Openzone could be at danger from so-called “evil twin” attacks.
The evil twin in this case is neither Arnold Schwarzenegger or Danny DeVito, but a bogus wi-fi hotspot which looks (and is named) like the real thing to a smartphone. This can be set up using a fairly cheap mobile wi-fi router which members of the public hook up to.
Data can then be hoovered up and decrypted by some simple freeware software, leaving passwords, email and social network accounts, and other personal details exposed.
The Guardian conducted an experiment using volunteers rather than real members of the public, but found the whole process easy to carry out. The newspaper noted that in the case of the iPhone 4 (and other smartphones), the owner didn’t even have to be actively searching, as data could be extracted if the phone was simply turned on.
Jason Hart, CEO of security firm Cryptocard, noted: “An O2 iPhone will automatically connect, because BT Openzone connectivity is usually part of the package for free internet access. It will pass over its credentials and because it can see the internet through the hotspot, it will start sending and receiving data.”
This story isn’t exactly fresh news, as BT itself acknowledges the potential vulnerability has been known about in the industry for years. The company is working on a solution in terms of security measures, but there’s no ETA whatsoever for its arrival.
As smartphones continue to sell in increased volumes, and knowledge of this vulnerability spreads among cyber-ne’er-do-wells, the issue is likely to crop up more regularly.
So the word is to be careful about what you’re hooking up to, wi-fi-wise, when out and about. Connecting to a wi-fi hotspot in anywhere but a location you know to be secure (ie work or home) comes with a slight risk these days.