Here’s why public WiFi is a public health hazard

Written by

Maurits Martijn, writing for Medium:

In his backpack, Wouter Slotboom, 34, carries around a small black device, slightly larger than a pack of cigarettes, with an antenna on it…Wouter removes his laptop from his backpack, puts the black device on the table, and hides it under a menu. A waitress passes by and we ask for two coffees and the password for the WiFi network. Meanwhile, Wouter switches on his laptop and device, launches some programs, and soon the screen starts to fill with green text lines. It gradually becomes clear that Wouter’s device is connecting to the laptops, smartphones, and tablets of cafe visitors.

On his screen, phrases like “iPhone Joris” and “Simone’s MacBook” start to appear. The device’s antenna is intercepting the signals that are being sent from the laptops, smartphones, and tablets around us.

Part of this is an education problem, teaching people how to be careful. But it’s foolish to think that any public WiFi connection is safe. It’s just far too easy to spoof trusted networks.

More text starts to appear on the screen. We are able to see which WiFi networks the devices were previously connected to. Sometimes the names of the networks are composed of mostly numbers and random letters, making it hard to trace them to a definite location, but more often than not, these WiFi networks give away the place they belong to.

We learn that Joris had previously visited McDonald’s, probably spent his vacation in Spain (lots of Spanish-language network names), and had been kart-racing (he had connected to a network belonging to a well-known local kart-racing center). Martin, another café visitor, had been logged on to the network of Heathrow airport and the American airline Southwest. In Amsterdam, he’s probably staying at the White Tulip Hostel. He had also paid a visit to a coffee shop called The Bulldog.

Recently, Starbucks changed the process by which you access their network. Now, with their Google partnership in place, you must log in to your Google account to access Starbuck’s Google wireless. This means sending out your Google credentials in a public space.

It’s one thing to provide a free WiFi connection, but another to require you to submit important trusted credentials over the public airwaves in order to get in. There are any number of ways for this to go wrong, including Wouter Slotboom’s black box spoofing a Google wireless hot spot, ready to harvest.