Politicians get pwned in lesson on public Wi-Fi
Public Wi-Fi is a security risk – if you are reading this website, you probably know that already – but spare a thought for all of those people who don't, including our hapless politicians.
To illustrate the risks to government data, F-Secure, the Helsinki-based security company, teamed up with pen-tester Mandalorian Security Services and the Cyber Security Institute to hack into the devices of three politicians.
To be clear, the politicians had given their permission for this experiment, but having previously received no training or information about cyber-security, they had no idea how easy it was to get hacked on a public Wi-Fi system.
First up was David Davis, Conservative MP for Haltemprice and Howden, well-known for his views on privacy, surveillance and the erosion of civil liberties.
Despite the use of a very strong password, his email was breached by Mandalorian. Asked for his reaction, Davis said, “Well, it's pretty horrifying, to be honest. What you have extracted was a very tough password, tougher than most people use. It's certainly not ‘Password'.”
To prove they had hacked his email, Mandalorian left a calling card in the form of a draft email to the national press announcing his defection to UKIP.
Next up was Mary Honeyball MEP, a member of the Progressive Alliance of Socialists and Democrats in the European Parliament who also sits on the EU committee which oversees the “We Love Wi-Fi” campaign. The attackers caught her in an internet cafe, using public Wi-Fi and sent her a spoofed “Facebook” message inviting her to log back into her account.
She felt that the European Parliament technology office, which had issued her a tablet just days prior to the hack, should have warned her of the danger. "I think something should be done because we all think that passwords make the whole thing secure. I always thought that was the point of passwords. I am surprised and shocked," she said.
And Lord Strasburger helpfully demonstrated how insecure Voice over IP (VoIP) can be when he made a call from a hotel room which was intercepted and recorded using free off-the-web software. “That's very worrying. This is very powerful equipment. The thought that a beginner could be up and running in a very few hours is really worrying. I think it proves that people (when they are using technology) need to know a lot more about it. In the end, they have to look after themselves, because it really is down to you, no one else is going to do it,” he said.
According to F-Secure, the public is becoming increasingly aware that public Wi-Fi is not secure. In a survey in September, 30 percent of respondents knew about the risk while a more recent survey indicates the number has increased to 40 percent.The company plans to work with politicians in the UK and European Parliaments to promote safe Wi-Fi use. F-Secure is also actively working with the Don't Spy On Us coalition to oppose efforts to ban or downgrade encryption.