A cybersecurity firm has successfully pranked US Republican National Convention delegates by tricking them into connecting to insecure public Wi-Fi hotspots near the convention site in Cleveland, Ohio, in order to make a point about how ignorant regular people, even politicians, are about cybersecurity risks.
Security researchers from Czech anti-virus software firm Avast set up open Wi-Fi networks at various locations around the Quicken Loans Arena and at Cleveland Hopkins International Airport during the recent GOP convention, and assigned network names each of the Wi-Fi networks that either imitated real public Wi-Fi hotspots or played on political sensitivities.
The hotspots were given names like "Google Starbucks", "Xfinitywifi" and "Attwifi" that looked like they could be real services on offer, or network names that made it look like convention staff set the networks up and changed the network name as a joke, featuring phrases like "I vote Trump! free Internet" and "I vote Hillary! free Internet".
Avast found that over 1,200 GOP delegates connected to these fake Wi-Fi networks in just one day, transmitting more than 1.6Gbps, with 70% of the users connecting to the Trump-themed Wi-Fi hotspot, while 30% of the delegates connected to the Clinton-themed hotspot.
And while connected, 68.3% of the 1,200 users' identities were exposed to the researchers, and the researchers could see when 44.5% of the users were checking their emails or chatting using messenger apps.
Avast didn't store or collect any personal information from the attendees, but it was able to see exactly what apps and services the delegates used. For example, 5.1% of the delegates logged onto the hugely popular Pokemon Go game during the convention, while 6.5% of users went shopping on Amazon and 1.2% of delegates checked their online banking, which is a huge no-no on public Wi-Fi.
The researchers could see that 55.9% of the users were using Apple devices, while 28.4% were on Android devices, 1.5% used Windows Phone devices and 3.4% accessed the internet using MacBook laptops.
Google Chrome was by far the most popular web browser, used by 10.8% of delegates, followed by Safari, used by 4.2% of users and Mozilla Firefox, used by 0.2% of users. And although there weren't many people doing this, 0.7% of the delegates checked dating apps like Tinder, Grindr, OKCupid and Match as well as the social group event app Meetup, and 0.24% of the delegates had time to visit pornographic websites like Pornhub.
The point of this exercise was not to spy on GOP delegates, but more to demonstrate how people take cybersecurity for granted when they are actually at high risk of being spied on and hacked by cybercriminals, since anyone on any Wi-Fi network can see all web traffic passing on the network if it is not secured with a password.
And while traffic on many messenger apps is encrypted, so a hacker wouldn't be able to see what you were talking about, they can still see the websites you access and the apps and services you logon to.
"With Washington heatedly discussing cybersecurity issues virtually every week, we thought it would be interesting to test how many people actually practice secure habits," said Gagan Singh, president of mobile at Avast.
"Understanding the talking points behind these privacy issues is very different from implementing secure habits on a daily basis. Though it is not surprising to see how many people connect to free Wi-Fi, especially in a location with large crowds such as this, it is important to know how to stay safe when connecting. When joining public Wi-Fi, consumers should utilise a virtual private network (VPN) service that anonymises their data while connecting to public hotspots to ensure that their connection is secure."