Warnings issued over connecting to public WiFi networks in France

Warnings are being raised over the risk of connecting to public WiFi networks across France, as hackers increasingly target devices using the connections. 

Tech giants including Google, antivirus companies, French telecoms providers as well as France’s cybersecurity agency ANSSI are warning users to be extra vigilant when connected to the networks.

This includes public WiFi in hotels, cafés, airports, train stations, and several other public areas. 

Data from Google suggests more than 90% of Android phone users have faced an attempted online attack, often when connected to a public network, and 20% of all devices connected to a public network have faced an attempted hacking.

Warning over ‘evil twin’ networks

Concerns largely stem from public networks being less secure than private equivalents in homes and workplaces, which typically require passwords for access and include built-in encryption tools by default.

This means anyone can access the space, and while the majority of users are legitimate, this includes hackers. 

Public networks are also usually not encrypted – or only weakly protected – meaning information sent over them is easier to access for hackers. 

This means potentially sensitive information such as email addresses, phone numbers, usernames and passwords for accounts and even credit card information, can be accessible to others on the network. 

Travellers should be vigilant when attempting to connect in areas they are unfamiliar with, particularly if language issues arise or data roaming fees force them to use public networks.

Calls for vigilance over so-called ‘evil-twin’ networks have also been raised.

This sees hackers set up a fake WiFi network with a name that looks official, such as the name of a nearby hotel or store, in the hopes that unwitting users will connect to it. 

People who do then connect are vulnerable to having their private information stolen, including details transmitted when using the network, which can then be sold onto the dark web for phishing scams and other hacking attempts.

Last year saw a landmark case in Australia involving a man being convicted of setting up thousands of fake private networks in airports and other busy locations to trick unsuspecting phones into connecting and unknowingly transmitting data.

What can users do to protect themselves?

Warnings are not intended to scare users away from using their phones in public, but to be more secure in how they do so. 

Tips for safer usage include: 

• Using 4G/5G connections via mobile data where possible. Most phone contracts offer far more data than users go through in a month, and these networks are managed by network providers so have better security measures. Travellers should be aware using these networks abroad may lead to data roaming fees depending on your contract type

• Avoiding ‘evil twin’ networks by connecting to official WiFi networks through QR codes and direct links offered by hotels, airports, etc. Alternatively, check closely that the names of public WiFi networks are correct and do not contain spelling errors (a sign they may be fake networks)

• Use a VPN when connected to any public network 

• If connected to a public network, do not use websites that require you to input personal data such as banking details, and do not make payments. Avoid websites that require you to enter sensitive passwords (for example the tax website or your bank’s website) and stick to apps you are already logged into

• Disable any file sharing applications when connected to the network

• ‘Forget’ the network after using it so you do not reconnect in the future without realising