As public WiFi badly shielded hackers can spy on Londoners
Millions of users connecting every day to public WiFi networks in the UK’s capital are placing their sensitive data at threats as more than a half of those wireless hotspots use poor protection hackable by ‘every IT college student,’ world’s leading cyber security company said.
Presenting the findings of its own world-wide WiFi hack experiment, Prague-headquartered Avast, the manufacturer of the world’s most famous antivirus applications, said London scored the worst of the three European cities analyzed in the experiment but do considerably better than a threesome of Asian metropolises included.

“In that experiment, our specialists flew into nine cities around the world,” described Avast representative Marina Ziegler. “In Europe it was London, Barcelona and Berlin and in London our experts found that 54 per cent of routers were weakly encrypted and readily accessible to hackers.”

According to Filip Chytry Avast’s virus analyst, many routers that are public use default passwords enabling hackers to obtain private data broadcast through the network including e-mails, passwords and browsing history.

“Many routers are either wholly unsecured or have really poor or even default passwords,” Chytry said. “That means that if a hacker walks into a pub, he is able to get the router’s settings and for example reroute the traffic via another malicious server. That is hardly difficult. Every every student can do that.”

Skilled hackers can perform a similar operation remotely through the net with indistinguishable results.

“If you’ve got a router with an open IP address, it may be obtained from outside the Internet and in the event that you maintain a default password, the hacker can then readily find it, alter the DNS to reroute the traffic via his server and you as a user will not see any difference but you’re in trouble,” Chytry described.

The vulnerabilities are of an even more serious concern as the experiment revealed that a large part of the internet browsing still occurs via unguarded HTTP sites that show all data to the attacker including usernames and passwords with no encryption in the shape of a plain text.

According to Avast, the specific situation is the most serious in Asia were 97 per cent of sites was found to run the HTTP protocol that is poor. For comparison, one quarter of the European traffic and just one third of the US was discovered to use HTTP.

“If you’re transferring your data through the HTTP protocol, for example for those who own a website, which you believe does not need to be fixed correctly, you’ll be using your e-mail and your password to log in,” Chytry described. “And together with the HTTP those data might be read as plain text with no encryption as well as the qualifications may be utilized in various systems. Even though everyone lets you know that you should not be using the same qualifications for distinct services, the truth is that the majority of folks do just that.”