I'm not going to call out Republicans here, but if you were at the Republican National Convention last month, I bet you'd be interested in knowing that Avast knows everything about you. The company put out a press release on July 19 showing worrying behavior at the RNC. At the event, numerous fake WiFi networks were set up by the security makers themselves, aimed at targeting convention-goers to log in and use the Internet as they always would. Here's what they learned while sniffing your packets:
- 70% of RNC attendees logged onto the "I vote Trump! free Internet" network (30% "voted" Hillary)
- 55.9% were using Apple devices, 28.4% were using Android devices, 1.5% had an affinity to the Windows phone, 3.4% were on a MacBook, and 10.9% were on some other device
- 10.8% preferred to use Google Chrome, 4.2% used Safari, and 0.2% preferred Firefox
- 39.7% were using Facebook or Facebook Messenger; 10.7% had the Twitter app installed; 8% had Instagram installed
- 17.6% checked Gmail, 13.1% accessed Yahoo mail, and 13.8% were using chat apps such as WhatsApp, Skype, and WeChat
- 6.5% shopped on Amazon
- 1.2% decided to manage their money at the convention, accessing sites like Bank of America, Wells Fargo, and US Bank
- 5.1% played Pokemon Go
- 4.2% visited government domains or websites (which validates the audience; now we know what our government employees are up to in their free time)
- 0.7% pursued online romance, visiting sites like Tinder, Grinder, OK Cupid, Match, and Meetup (really? Who has time for that?!)
- 0.24% visited pornography websites
Yeah. Thanks for that.
I'd like to consider this negligence to the nth degree--especially knowing how many people accessing that porn, dating content, and social media likely comprise of our current lawmakers and the media.
Do we trust WiFi a little too much? Knowing how easily people can sniff and access our content, is it smart to browse on WiFi networks that are not secure? It begs the question: just as Facebook and Twitter have verified accounts, is it time to get verified (and safe-to-use) WiFi standards that display a "badge of honor" to ensure that they're clear to access by our mobile devices? I'd much rather choose a safe network to connect to over something that'll be able to see my pornographic professional pursuits. And wouldn't you?
When we're offsite, the risk of intrusion and security breaches increase. Which begs the next question: how are IT infrastructures handling it? Should they be mandating VPN usage? Perhaps that would avoid a bit of what we saw today--though we're a bit surprised that government isn't enforcing it right now.
Remote monitoring and management can also be worth the investment--becasue someone will soon be exposed doing something they did not want coming out. Clearly, with the lack of trust we now have toward mobile users, it's time to
pay off Avast to expose the greatest offenders (maybe they can stick the data on WikiLeaks) figure out whether there's an educational program to ensure we surf responsibly. With how easy it is to sniff WiFi traffic, public WiFi is not the answer, though I'm not sure monitoring users' every move is either. But that's the door they just opened to those packet sniffers whose WiFi they connected to!
Then again, while we talk about competitive analysis and getting an edge as IT professionals in our real professional pursuits, it might be time to figure out what the opposition is up to. Just go to their office, set up a public WiFi access point in their lobby, and listen/learn. Rinse and repeat. We're obviously all too trusting of WiFi, so we'd tell you everything.