Free public wifi is putting users at risk from even the most basic hackers, ITexperts have warned.
Random tests on internet systems at 10 prominent hotels across the country found they all have fundamental security flaws, allowing novice cyber-criminals access to anything from email logins to bank and credit card details.
Tech security firm Smarttech.ie carried out inspections in October and November on three-, four-, and five-star hotels, and found 100% of tests showed up serious vulnerabilities and risks for users.
The company said it highlights the dangers of using unencrypted logins and passwords on a public internet network and warned that users are oblivious to the dangers.
Ronan Murphy, chief executive of Smarttech.ie, said consumers need to be made aware of the serious security challenges.
“The tests we carried out prove that these risks affect anyone using publicwifi. However, there are steps that hotels and restaurants can take to secure their service and therefore protect their customers,” he said.
Smarttech.ie has written to each of the 10 hotels that were tested and outlined steps they should take to secure public networks.
The company said that within 20 minutes at each location and with minimaleffort, its experts were able to observe customers’ email addresses with accompanying passwords and login details to employers’ servers.
More worryingly, they were also able to access payment information and PayPal logins and passwords, personal and business credit card details, online banking details including logins, and Vodafone login information for mobile phones.
On a more personal level, they saw Facebook logins and details, member logins for websites and classified sites, and logins for internet dating sites.
Smarttech.ie said one of the checks was carried out from outside the hotel, confirming suspicions that hackers could access information remotely.
The company said the hack test is known as “network sniffer” on the publicwifi network and within seconds it shows up a list of devices and grantsaccess.
It said that most public wifi networks share a single internet provider, or IP, subnet and this gives potential hackers the ability to pretend that their laptop or mobile device is the gateway on that subnet. It is known as a ‘Man in the Middle’ attack.
According to Smarttech.ie, security on public wifi is bound by rules under the EU directive for public wi-fi 2006/24/EC which was passed inthe wake of the Jul 7 bombings in London.
Smarttech.ie said hotels had been in contact about the wifi systems and hasoffered to provide solutions.
“Smarttech.ie has already been contacted by a number of the hotels inquestion, on foot of the letter which Smarttech.ie sent them, about their wifisecurity,” a spokesman said.
“Smarttech.ie will be speaking to them all on a one-to-one basis, to helpimprove the situation for them and ultimately for the thousands of customers.”
Parent should draw up 'phone contract' for child to prevent cyberbullying ^DH http://t.co/8nJTtk1NIK— Irish Examiner (@irishexaminer) December 7, 2013
© Irish Examiner Ltd. All rights reserved