Most will connect to an unsecured Wi-Fi hotspot if it's free: study

Almost two-thirds who used the honeypot Wi-Fi network could be identified.
Written by Zack Whittaker, Contributor

Nothing in this world is free, except a Wi-Fi hotspot run by a hacker.

(Image: stock photo)

Earlier this week, Czech security and antivirus firm Avast set out to highlight some of the dangers with accessing open, unsecured Wi-Fi hotspots.

The company, which has a commercial interest in the security space, set up a series of open Wi-Fi network at Barcelona Airport, as hundreds were arriving to attend Mobile World Congress. (We have full coverage here, and from our sister-site CNET.)

The goal? See who would be gullible enough to join an unsecured network for a quick jolt of internet, while forsaking their security and risking being targeted by hackers.

Turns out, more than you'd think.

The researchers created networks with names like were "Airport_Free_Wifi_AENA", "MWC Free WiFi", and even "Starbucks." In just a few hours, more than 2,000 users connected to the honeypot network.

Avast noted:

  • 50.1 percent had an Apple device, 43.4 percent had an Android device
  • 61.7 percent searched information on Google or checked their emails on Gmail
  • 14.9 percent visited Yahoo
  • 2 percent visited Spotify
  • 52.3 percent have the Facebook app installed, 2.4 percent have the Twitter app installed
  • 1 percent used dating apps (Tinder or Badoo)

Crucially, the researchers were able to see the identity of the device and user in almost two-thirds of cases. The study's bottom line is that you can't always identify the source of a Wi-Fi network, or verify its integrity.

"Many individuals recognize that surfing over open Wi-Fi isn't secure. However, some of these same people aren't aware that their device might automatically connect to a Wi-Fi network unless they adjust their settings," said Gagan Singh, president of mobile at Avast.

Singh said hotspots that connect with passwords are more secure, and some VPN services -- such as Hotspot Shield -- can be used to mask the identity and protect the user's privacy.

Editorial standards