As data roaming charges for cellphones are generally very expensive, many travellers to the World Cup in Brazil will most likely opt to use free Wi-Fi access points, and probably not give much thought to security issues. This is a very risky approach, however, as all the data that is sent or received on open Wi-Fi networks could be intercepted.
Passwords, PINs and other sensitive data could also fall into the hands of cybercriminals if public charging stations are used - in Brazil these publically available chargers may be malicious.
Insecure Wi-Fi networks
Kaspersky Lab security experts conducted research into Wi-Fi access in São Paulo. They drove 100km around the city and checked out more than 5,000 different access points popular among tourists - parks, malls, airports and other attractions. As a result of the study, it turned out that 26% of the 5,000 open Wi-Fi networks in São Paolo don't use any encryption.
With this in mind, the company's experts prepared a list of recommendations for those travelling to São Paolo for the 2014 World Cup:
- Always access any Wi-Fi network through a VPN connection. If you do not have one, please get one and install it on all your devices - smartphones, tablets, laptops, etc.;
- If a Wi-Fi network blocks your VPN, avoid using that network. If you have no choice, it's better to use the internet via TOR Browser together with your own DNSCrypt settings directly on your device;
- If you own an Access Point, please check if your firmware is the latest version. If not, upgrade it;
- Don't leave your Access Point with vendor default settings; change them and also set strong new passwords;
- Check the encryption your Access Point now has. If it's WPA or WEP, change it to WPA2 with AES settings. Disable SSID broadcasting and make sure your network password is strong; and
- If there is no really secure network where you are, don't worry about posting your pictures right away; wait until you find a secure place to work.
Fake AC/DC charging points
A malicious AC/DC charger in Brazil will still charge your battery, but at the same time it can silently steal information from your smartphone. The interception will happen via a USB connection, as the majority of plugs use this type of connection. In some cases these fake chargers can also install malware capable of tracking your location, stealing notes, contacts, pictures, messages as well as call records, saved passwords and even browser cookies.
Recommendations:
- Never use unknown chargers; instead look for trusted places to charge your devices;
- Use your battery responsibly and try to keep a spare with you, so you can use it if the primary battery dies;
- iOS devices have covers with an extra charging battery, which may also be a good solution; and
- Try to optimise battery life by shutting down unnecessary processes and turning on airplane mode when a cellphone network is not available. You can also disable sounds, vibrations and tones and other resource-hungry features, like animated wallpapers etc.
Dmitry Bestuzhev, Kaspersky Lab's head of global research and analysis team in Latin America, commented: "Malicious AC/DC charging points are a real danger for those travelling to big events and new destinations. Cybercriminals know that when people are away from home and need their smartphones to access maps, routes and all other kinds of information, they tend to use any available charger, even if it's just for a few minutes. Keep in mind that you could fall victim and lose sensitive personal data. The same applies to Wi-Fi, especially if you look for open access points when you want to post pictures, locations and send messages. Your sensitive data can be easily intercepted by cybercriminals, so take appropriate security measures."