This week, Avast security researchers conducted an exciting, unique experiment at the Republican National Convention in Cleveland to demonstrate how risky it can be to connect to public Wi-Fi. The experiment revealed that over a thousand convention attendees were negligent in their behavior when connecting to public Wi-Fi at the event. Attendees risked the possibility of being spied on and hacked by cybercriminals while they used online banking services, social media, dating apps, and even while they played Pokémon Go.

In the experiment, our researchers set up fake Wi-Fi networks at various locations around Quicken Loans Arena and at Cleveland Hopkins International Airport with phony network names (SSIDs) like “Google Starbucks”, “Xfinitywifi”, “Attwifi”, “I vote Trump! free Internet” and “I vote Hillary! free Internet”.

These hotspots were designed to appear as commonplace or as if they had been set up for convention attendees. Out of the people connecting to the candidate-related Wi-Fi in Cleveland, 70% connected to the Trump-related Wi-Fi, 30% to the Clinton-related Wi-Fi.

Fake Wi-Fi networks show that convenience doesn’t always equate to security

Users often don’t pay too much attention to the networks that they connect to, since their mobile devices are often set to connect to known SSIDs automatically. While convenient for many, this feature bears the risk of users being spied on by cybercriminals who set up a false Wi-Fi network with a common SSID. Web traffic can be visible to anyone on any Wi-Fi network that does not request a password.

Over the course of a day, Avast saw more than 1.6Gbs transferred from more than 1,200 users. Moreover, 68.3% of users‘ identities were exposed when they connected, and 44.5% of Wi-Fi users checked their emails or chatted via messenger apps.

To protect people’s privacy, the researchers scanned the data, but did not store it or collect any personal information.

Avast learned the following about the Republican National Convention attendees:

• 55.9% had an Apple device, 28.4% had an Android device, 1.5% had a Windows Phone device, 3.4% had a MacBook laptop and 10.9% had a different device
• 10.8% used Google Chrome, 0.2% Mozilla Firefox and 4.2% Safari
• 39.7% have the Facebook or Facebook messenger app installed, 10.7% have the Twitter app installed, 8.0% have Instagram installed
• 13.1% accessed Yahoo Mail, 17.6% checked their Gmail inbox, and 13.8% used chat apps like WhatsApp, WeChat and Skype
• 6.5% shopped on Amazon, and 1.2% accessed a banking app or banking websites like bankofamerica.com, usbank.com, or wellsfargo.com
• 5.1% played Pokémon Go
• 4.2% visited government domains or websites
• 0.7% used dating apps like Tinder, Grindr, OKCupid, Match and Meetup
• 0.24% visited pornography sites like Pornhub.com
  
  

“With Washington heatedly discussing cybersecurity issues virtually every week, we thought it would be interesting to test how many people actually practice secure habits,” said Gagan Singh, president of mobile at Avast.

“Understanding the talking points behind these privacy issues is very different from implementing secure habits on a daily basis. Though it is not surprising to see how many people connect to free Wi-Fi, especially in a location with large crowds such as this, it is important to know how to stay safe when connecting. When joining public Wi-Fi, consumers should utilize a VPN service that anonymizes their data while connecting to public hotspots to ensure that their connection is secure.”

Avast SecureLine VPN for PC,  Android, and iOS devices encrypts connections on unsecured public Wi-Fi and allows users to browse anonymously. The app also lets users choose the server location they would like to connect with, enabling users to access content from their home country that may otherwise be restricted by geo-location.