UK politicos easily pwned on insecure Wi-Fi networks

Don't get distracted

Sean Sullivan, security advisor at F-Secure, said the attack against Honeyball involved injecting a dialogue into web traffic rather than phishing emails or similar black hat tactics.

The other attacks involved only passive sniffing. The type attack against Davis, for example, was demonstrated years ago with the release of the Firesheep browser add-on, which dumbs down the process of capturing login tokens and other credentials for hackers on the same insecure network as intended targets.

Defending against these risks calls for the use of VPNs, software that can be used on tablets and smartphones as well as computers. The risk of insecure public Wi-Fi networks is well understood by IT pros, if not by the general public.

"What I saw from the attacks against politicians was that even intelligent, security savvy people can be caught out by hacks in a busy environment with lots of distractions," Sullivan told El Reg. "Hackers can rely on coincidence and serendipity to help them."

F-Secure's latest research into Wi-Fi security follows an exercise last year when it discovered that many consumers would happily agree to terms and conditions whereby they agree to give up their firstborn child for in return for free Wi-Fi.

F-Secure markets a VPN service called Freedome and both studies are essentially PR-driven rather than pushing the boundaries of security research. Other VPN services are, of course, available. ®