Data transmitted over a wireless network can either be encrypted or unencrypted. It appears that the use of open, unprotected Wi-Fi networks has become increasingly popular around the world.
A global study of public Wi-Fi activity in nine major metropolitan areas has revealed how easy it is to see other users’ browsing activity, searches, passwords, videos, emails and other personal information.
The survey was conducted in Chicago, New York, San Francisco, Barcelona, Berlin, London, Hong Kong, Seoul and Taipei.
The study shows that users in Asia are the most exposed to being hacked via public Wi-Fi networks, with more than 50% of web traffic taking place on unprotected HTTP sites. In addition, the researchers found that 97% of users in Asia connect to open, unprotected Wi-Fi networks, and seven out of ten password-protected routers use weak encryption methods.
The study also reveals that people all over the world “overwhelmingly prefer” using unsecured, public Wi-Fi networks rather than password-protected networks.
Researchers also discovered that a large proportion of mobile users browse primarily on unsecured HTTP sites – nearly 50% in Asia, approximately 30% in the US and 25% in Europe. Due to the fact that HTTP traffic is unprotected, the researchers were able to access all of the users’ browsing activity, including such data as page history, web searches, personal login information, videos, emails and comments.
Despite the fact that most of the observed Wi-Fi hotspots were protected through some form of encryption, these methods were usually weak and could be easily hacked.
54% of password-protected Wi-Fi hotspots in London and New York were weak and vulnerable to attack.
Are your Wi-Fi networks prone to an attack? Regular vulnerability assessments and penetration testing should now be a fundamental part of your monthly and quarterly security routine. Wireless network scans ensure that you can identify and fix vulnerabilities and security holes as quickly as possible, and that your cyber security controls are working as effectively as they need to.
Penetration testing is also an essential component in any ISO 27001-compliant information security management system (ISMS), from initial development to ongoing maintenance and continual improvement.
vsRisk™ provides a framework for repeatable, consistent risk assessments and facilitates compliance with ISO 27001. vsRisk includes six different control sets, including ISO 27001:2013, the PCI DSS, NIST SP 800-53 and the Cloud Controls Matrix.
Purchase vsRisk now and take advantage of our special 50% discount offer!