Sometimes it’s best to disconnect.
While athletes head to Rio de Janeiro, Brazil to compete for medals in the 2016 Summer Olympic Games, hackers in the area have their eyes on a different prize: the personal information of unsuspecting travelers.
According to a new report from mobile security firm Skycure, visitors to the former capital of Brazil are being targeted by malicious actors who have set up fake Wi-Fi hotspots designed to steal information from connected devices. These phony wireless networks were spotted by Skycure around the city, but they were most prominent in locations where travelers were most likely to look for a place to connect, like shopping malls, well-known coffee shops, and hotels.
Skycure also suggested that travelers taking the Rio Metro—the underground railway that makes stops throughout the city—may be at risk when connecting to the complimentary Wi-Fi offered by the city in partnership with IT giant Cisco.
The vulnerabilities actually begin the second travelers set foot in the city. According to Skycure, the Rio Galeão Airport, the international hub for the Olympics, was found to host many networks that are capable of decrypting Secure Sockets Layer (SSL) traffic—undoing a protocol put in place to keep data protected.
“SSL decrypting Wi-Fi networks break encryption to look into the encrypted data,” Varun Kohli, vice president of marketing at Skycure, explained to the Daily Dot. He noted that while this is sometimes done intentionally by networks to charge for the data used on the network. Other times, it can be the result of a misconfigured router that decrypts traffic when it isn’t meant to.
“In both cases, sensitive information such as passwords and credit card information is shared in clear text and can be stolen by hackers,” he warned.
According to Kohli, any and every piece of data that is transmitted via the Wi-Fi network could be compromised. The information is even accessible to a malicious actor connected to the network “while the device is still in user’s pocket or purse and is not actively being used.”
Unsecure hotspots are dangerous enough for those connecting to them, but Skycure pointed out that fake networks aren’t difficult to set up for the initiated. Kohli said for less than $100, hackers can set up a router designed to trick tourists into connecting to it. The devices are “smaller than a sandwich from your favorite deli.”
Skycure warned that the malicious networks often are labeled with the word “Free,” as it’s an easy way to draw users to connect. However, some hackers have been more inventive in their methods. For example, Skycure found a network named “_RIO GALEAO WIFI” located 12 miles from the airport. The company theorized it to be a rogue access point configured to take advantage of people coming from the airport who used the public Wi-Fi.
Another hotspot that Skycure detected was one labeled “Sheraton-GuestRoom.” The network was found at the Sheraton Grand Rio Hotel and Resort, a popular hotel that offers 538 rooms, 61 suites, and is set to be packed over the course of the Olympics. On the website for the hotel, it touts “wireless internet access” as one of its primary amenities.
Skycure isn’t alone in pointing out the potential pitfalls for travelers trying to stay connected in Rio. Security firm Kaspersky noted that while a massive event like the Olympics is bound to generate fraudulent tickets, promotions, and phishing efforts, Wi-Fi networks are a preferred method of cybercriminals who hope to score some personal information from those who connect without proper protection.
In Kaspersky’s analysis of over 4,500 unique wireless access points, it found that 18 percent of the available networks in the area were insecure and openly configured—meaning all data sent and received on the networks is not protected by any encryption access key. Another 7 percent were protected by an obsolete security method that can be cracked with relative ease. In other words, about a quarter of all Wi-Fi networks available around the Olympics are insecure or vulnerable.
It’s not just attempts to access websites via these malicious networks that could put a user at risk, though. According to additional research from Skycure, malware and adware masquerading as official apps have begun populating app stores.
Risky apps sport innocuous names like “Olympics Rio 2016,” “Rio 2016 Olympics,” or “Rio 2016,” but they hide code that can hijack personal information. Researchers at RiskIQ noted similar findings in its research of apps, finding that Portuguese, Spanish, and English-language stores have been targeted. A popular disguise for these trojan-like attacks include apps that claim to spread information about the Zika virus.
While screening processes for apps have tightened over the years—Google implemented a system for sifting out malicious apps in 2015—it’s still possible for malicious apps to sneak through the protections of official app stores.
The Google Play Store was found by RiskIQ to be vulnerable to some fakes, but Skycure suggested third-party stores with less checks were the biggest origin point for infected apps. According to the company’s research, users were 72 times more likely to find malware in third-party app store Aptoide than the official Google Play Store.
For those who will call Rio their temporary home for the duration of the Olympic games—or for those who are now panicked about the public networks they connect to elsewhere—there are a variety of tools that can be utilized to mitigate the threats that lurk on unprotected hotspots.
The first piece of protection any person should equip is a virtual private network (VPN). When using a VPN, data from a device is bounced between encrypted data channels before landing on the internet. This hides the true location of the connection, allowing the user to bypass firewalls and potentially subvert an attacker.
Additional security tools like Lookout Mobile Security offer a suite of tools to protect mobile users, doing everything from catching suspicious traffic and preventing the opening of fraudulent links to scanning downloads before allowing them to install on the device.
Skycure offers its own prescriptions for any problem networks as well, including an online map that offers a look at suspicious hotspots nearby. The map is available on the web via mobile or desktop, but the company also has a mobile app that analyzes wireless networks and monitors activity to alert users if they are vulnerable.
