A sign promoting free access to public WiFi in Fenghuang, Hunan Province. (Photo : www.wantchinatimes.com)
A security company investigating free WiFi connections in public places warned that users may be paying an unexpectedly high price, instead of saving on telecom fees, by joining unknown networks.
RainRaid, an independent information security consultancy based in Shanghai, said over 11 percent of over 68,000 WiFi networks in major public places are unsafe or not secure for users. These places include airports, railway stations, tourist spots and shopping malls in Beijing, Shanghai and Guangzhou.
A six-month investigation conducted by the company also found that users of the unsafe sites risked theft of personal and financial information.
The team connected smartphones to WiFi services as ordinary users and used their tracking equipment to monitor a phishing attack, the report said.
The investigating team said that the insecure WiFi access is disguised as a government or business center service for the public. "The names may seem pretty similar to regular WiFi services, and users will show little suspicion," said Yao Wei, RainRaid's founder.
Yao added that the attackers may obtain users' personal information, such as email user names and passwords, and more seriously, divert to themselves payments or money transfers meant for others.
Last week, the Shanghai municipal government issued a warning about several false WiFi hot spots similar to i-Shanghai, the free wireless Internet service provided by the government at 450 public sites in the city. The fakes included "1-Shanghai", "i-ShangHai" and "i-shanghai."
According to the local government, residents are only required to enter their mobile phone numbers when they connect their smartphones to the official i-Shanghai site. In contrast, the bogus sites request names, ID numbers, and social media user names and passwords, which will be stolen by those who set up the fake access.
The government recommended and advised users to avoid free WiFi sites that do not require them to log in.
"A notable characteristic of the phishing WiFi is that people do not need to log in when using them, which is different from regular free WiFi services, which usually require an identifying code or a code sent to users' phones via text message," Jiang Kaida, who works for the network and information center at Shanghai Jiao Tong University, said.
