Login

Register

Login

Register

Why ‘free’ Wi-Fi isn’t really free – Naked Security


How much would you ‘pay’ for ‘free’ Wi-Fi?

Would you give away your birthday? Your travel details? Your home address? Your phone number?

Well, a couple of weeks ago, a security researcher in the UK was looking around online, as you do…

…when he came across yet another company that had joined the 100 million club.

That’s the name we jokingly coined – we hoped we were making a joke at the time, though we quickly realised we weren’t – back in 2013 when Adobe infamously suffered a breach that exposed 150,000,000 encrypted password records in one go.

Despite the encryption – which Adobe hadn’t gone about in the right way – a significant minority of the passwords in the list could be figured out. (Adobe had stored the password hints in plaintext, and lots of users had just repeated their passwords in the hint field, as absurd as that sounds.)

Big breach society

Back then, we rather naively assumed that membership of this notional “100 million club” would remain thankfully rare.

But the low cost and ready availablity of cloud storage has, sadly, made it easier than ever for just about anyone to leak just about as many records as they care to share.

And that’s what seemed to have happened in the case that Jeremiah Fowler of Security Discovery stumbled upon in mid-February 2020.

Although the data, 146 million records’ worth of it, didn’t include deeply sensitive details such as as passwords (or even password hashes), payment card details or financial transactions, Fowler could see what looked like travel details in there.

He quickly tracked the source back through domain names in the data to a company that turns out to operate ‘free’ Wi-Fi’ hotspots, including at a number of train stations in England.

The company reacted quickly to Fowler’s report by sealing off the data it had accidentally exposed in the cloud – though it didn’t tell Fowler, leaving him to worry that his report wouldn’t get looked at until the following week).

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW