Kaspersky experts analysed nearly 25,000 free Wi-Fi spots in Paris prior to the opening of the Summer Olympic Games and Paralympic games. Their analysis has revealed that almost 25% of these networks had weak or no encryption, making users vulnerable to personal and banking data theft. Just 6% of the networks employ the latest WPA3 security protocol.
The Paris Olympics, the first in-person summer Games since pandemic restrictions were lifted, have attracted thousands of tourists. Kaspersky’s GReAT (Global Research and Analysis Team) researchers have mapped and assessed the security of the open Wi-Fi networks that visitors might encounter.
The researchers analysed 47,891 signal records across popular locations and Olympic venues in Paris, identifying 24,766 unique Wi-Fi access points. The analysis areas include Arc de Triomphe, Avenue des Champs-Élysées, Louvre Museum, Eiffel Tower, Notre dame Cathedral, Seine river, Trocadéro, and Stade de France
They found that a quarter (25%) of these networks had serious security weaknesses, such as weak or nonexistent encryption, making them vulnerable to interception, decryption, or cracking attacks.
Additionally, almost one-in-five (20%) were configured with WPS (Wi-Fi Protected Setup), an outdated and easily compromised algorithm, rendering them highly susceptible to WPS attacks that could result in data loss. Only six percent of the analysed networks used the latest WPA3 (Wi-Fi Protected Access 3) security protocol.
“Like the sportspeople training for the summer of sport in France, cybercriminals have also prepared an unsavoury welcome for the millions of people heading for Paris hotels, fan zones and events,” says Amin Hasbini, director of META Research Center, GReAT, at Kaspersky. “They might set up fake access points or compromise legitimate networks to intercept and manipulate data transfers. Open and misconfigured Wi-Fi networks are particularly attractive to criminals, as they enable the theft of passwords, credit card details, and other sensitive user data.”
Using a Virtual Private Network (VPN), such as Kaspersky VPN Secure Connection, provides an extra layer of security for those accessing open Wi-Fi networks. A VPN encrypts the Internet connection, creating a secure tunnel between the device and the Internet. This encryption prevents cybercriminals from intercepting data, even on unsecured networks. By masking the IP address and encrypting all transmitted data, a VPN ensures that personal and financial information remains protected while using public Wi-Fi.
To stay safe while using public Wi-Fi, Kaspersky experts also recommend following these tips:
- Avoid sensitive transactions: Refrain from accessing banking or other sensitive accounts while on public Wi-Fi.
- Verify the network: Ensure the network is legitimate by confirming with the establishment offering it.
- Enable firewall: Make sure your device’s firewall is active to block unauthorised access.
- Use strong passwords: Always use strong, unique passwords and enable two-factor authentication for extra security.
- Keep software updated: Regularly update your operating system, apps, and antivirus software to protect against the latest threats.
- Disable file sharing: Turn off file sharing and AirDrop on your device to prevent unauthorised access.
US identity monitoring company IDStrong has also warned about public Wi-Fi Scams in Paris.
“Tourists are more likely to access public, unprotected Wi-Fi channels,” IDStrong said in a guide to Olympics scams last week. “They’re far from their home network and have no other option. So, scammers create fake networks to steal information, using the Olympic sporting arenas as bait.”
Surrounding cafes, hotels, and retailers often provide free Wi-Fi with a distinguishable name, such as “Store-1999-5G”, according to IDStrong. Scammers will name their network similarly and steal all the data that passes through, including bank logins, communications, and credit card numbers.
“It’s easy to say not to use public Wi-Fi when you’re out of the country, but that’s not actionable advice. A strong connection is necessary to look up the Olympic schedule, access tickets, or send real-time photos of your trip back home.”
While you can’t eliminate the risk of public networks, says the company, you can substantially mitigate it with the following tips:
- Verify Wi-Fi names with staff members to avoid spoofed networks
- Don’t log into financial accounts or perform financial transactions on Wi-Fi
- Disable the auto-connect feature and “forget” networks when you’re done using them
These habits will do a lot to protect you but aren’t foolproof. Emergencies happen, and you may need to break one of these rules. In these situations, IDStrong recommends preinstalling a VPN program and turning on two-factor authentication for all sensitive accounts.
- For a guide to avoiding other scams during the Paris Olympics, visit: https://www.idstrong.com/sentinel/avoiding-scams-during-the-paris-olympics/.