An investigation conducted in London has shown the ease with which personal data can be hacked when the target is using public Wi-Fi. Security and privacy software company F-Secure teamed up with penetration testing expert Mandalorian Security Services and the Cyber Security Research Institute to conduct the test – in this case, hacking into the devices of three politicians.
The politicians, deliberately selected from the most powerful chambers in UK politics, were Rt. Hon. David Davis MP, Mary Honeyball MEP and Lord Strasburger. The exercise was carried out with the permission of the politicians who, despite holding important positions within the different parliaments, admitted that they had received no formal training or information about the relative ease with which computers can be breached while using public Wi-Fi – a service they all admitted to using regularly.
Commenting on his email being accessed, Davis said: “Well, it’s pretty horrifying, to be honest. What you have extracted was a very tough password, tougher than most people use. It’s certainly not ‘Password‘.” Alarmingly, the password would have been broken no matter how strong it was. Public Wi-Fi is inherently insecure – usernames and passwords are shown in plain text in the back of a Wi-Fi access point, making them simple for a hacker to steal.
To underline the risk, an email was drafted by ethical hackers Mandalorian and left in his drafts folder destined for the national press, announcing his defection to UKIP. His PayPal account was then compromised, as it used the same username and password as his Gmail – a common habit.