Wi-Fi users not concerned about hotspot security

Ofcom report uncovers a blasé attitude to wireless security among users

General attitudes to Wi-Fi and mobile security are lax, according to the findings of Ofcom’s Communications Market Report 2014.

Ofcom’s annual survey found growing numbers of business and consumer users relying on wireless connectivity to access the internet when outside the home, with 78% of those who did relying chiefly on free Wi-Fi connections.

Others, 27% and 12% respectively, sought hotspots included with their mobile or home broadband contracts, while 4% used pay-as-you-go Wi-Fi and 4% Wi-Fi with a separate ongoing subscription.

The concerns highlighted in Ofcom’s report centred on free Wi-Fi connections, which are typically provided without encryption, and offer immediate access without a password or key.

Their main drawback is the fact that criminals could monitor open Wi-Fi connectivity and potentially observe and capture sensitive data in transit across the network in what is known as a man in the middle attack.

Ofcom said that most people who use Wi-Fi outside the home are simply not fussed about how secure it is, with 77% saying they disagreed with the statement "I am not concerned about security when accessing Wi-Fi outside the home" and 75% disagreeing with the statement "There are certain things I wouldn’t access or do on the internet when connected to public Wi-Fi".

Levels of concern were lower still among those who use 3G or 4G mobile connections, with 85% saying they were not worried about security outside the home.

Imperva CTO Amichai Shulman said he agreed with the headline statement: “People don’t care much for information security. We as human beings care first and foremost for our comfort. This is true for most of the things we do and we won’t apply any different paradigm for our online behavior.

“It is the role of service providers to put controls in place to reduce risk for their users when accessing applications from ‘unsafe’ locations, based on the potential threat and potential damage.

“It means sensitive applications should ensure SSL transport, others should add certificate pinning and some may resort to restricting functionality when accessed from high-risk networks or requiring additional authentication under such circumstances,” he added.

ESET's Mark James agreed with Ofcom's findings: "Free Wi-Fi is free Wi-Fi, whether it’s secure or not. The general reaction these days is, if the phone connects to it, then I am good to go. Sadly the public have no conception of how potentially bad insecure Wi-Fi can be."

Proofpoint EMEA director Mark Sparshott said that, in an ideal world, users should always ask a staff member working in the public place for details of the official Wi-Fi, and always log into websites using HTTPS.

"Additionally, if individuals have an unlimited mobile data plan then bypass public Wi-Fi altogether even if that means browsing at a slightly slower speed," he said.

James at ESET added: "If you have a choice of connections choose WPA (WPA2/WPA-PSK) or better don’t do any banking on an insecure Wi-Fi and, if you're using a laptop. turn off Windows file and printer sharing. It will limit the ability for someone to access your files. You could also use a VPN if possible, then all your traffic through that will be secure.”

Most Wi-Fi use, however, remained confined to the home, said Ofcom, with research by Kantar Media conducted over the spring showing 81% of adults were using domestic Wi-Fi connections due to widespread fixed broadband take-up, as most services included an ISP-provided router.

Read more on Wireless networking