A new report shows that people in London are willing to give up their first-born child or most beloved pet just to get access to a free Wi-Fi network, highlighting the huge security risks associated with their open networks.
The experiment was conducted on the streets of London and claims that "consumers carelessly use public Wi-Fi without regard for their personal privacy."
Researchers set up a number of public hotspots in locations around London, including Canary Wharf and Westminster, to see who would log onto the network and what information they were freely making available to those in control.
In a 30 minute period, 250 devices connected to the hotspot, most of them probably automatically without their owner realising it.
For a short period during the experiment, a Terms & Conditions document was introduced which had to be agreed to in order to get access to the network. This included a so-called Herod Clause obligating the user "to give up their firstborn child or most beloved pet" in exchange for free access to the Wi-Fi network. In total, the researchers saw six people agreeing to the terms and conditions before the page was disabled
Carried out by Finnish security firm F-Secure in association with the UK's Cyber Security Research Institute and SySS, a German penetration testing company, the study highlights just how uninformed some people are about securing their personal information.
To conduct the study, SySS built a portable Wi-Fi access point from components costing €200 (£155) and requiring little technical know-how.
Of those who connected, 33 people actively sent internet traffic by carrying out web searches and sending data and email. The researchers captured 32MB of traffic and as part of their findings, the researchers found that the text of emails sent over a POP3 network could be read, as could the addresses of the sender and recipient, and even the password of the sender.
"We all love to use free Wi-Fi to save on data or roaming charges," says Sean Sullivan, security advisor at F-Secure. "But as our exercise shows, it's far too easy for anyone to set up a hotspot, give it a credible-looking name, and spy on users' internet activity."
Sullivan went further to warn that hotspots provided by a legitimate source are also potential security risks. "Even if they aren't in charge of the hotspot, criminals can still use 'sniffer' tools to snoop on what others are doing."
Speaking about the report's findings, Troels Oerting, head of the European Cybercrime Centre (EC3), said: "The issue of Wi-Fi security is one that we at the EC3 at Europol are very concerned about. We wholeheartedly support activities which shine light on this everyday risk consumers face."