Technology & Science

How hackers steal personal data from Rio Olympics visitors

According to cybersecurity researchers, Rio is home to a large number of malicious Wi-Fi hotspots designed to steal personal information from travellers. CBC technology columnist Dan Misener offers advice to travellers on how to stay cybersafe.

Researchers say there have been 'security incidents' on Wi-Fi networks in and around Rio

Connecting to a Wi-Fi network in Rio? Security researchers say you should think twice. (AP/David Goldman)

Rio de Janeiro is hosting more than the Olympics this summer. 

According to cybersecurity researchers, Rio is also hosting a large number of malicious Wi-Fi hotspots designed to steal personal information from travellers.

Security firm Skycure recently identified a number of "security incidents" taking place on Wi-Fi networks in and around Rio.

Security experts say that travellers should approach open Wi-Fi networks with caution. (Keith Bedford/Reuters)

These include wireless hotspots at the airport, on public transit, and at shopping malls, coffee shops and hotels. In other words, they're showing up in places where travellers might ordinarily expect to connect to free Wi-Fi.

Skycure says it's relatively inexpensive for hackers to set up a malicious hotspot or to spoof an existing signal. Hackers seem to be capitalizing on all the tourists in Rio right now, and this issue is particularly problematic because travellers often rely on free Wi-Fi connections to avoid expensive data roaming.

The risk of open Wi-Fi networks

Hackers are setting up fake networks for one simple reason: to steal your personal data and sell it.

"They're after all the data they can get their hands on," said Skycure's Varun Kohli, "it can be your financial information, it can be your credit card information, it can be your healthcare records. A healthcare record sells on the black market for ten times the price of a financial record — if they can get their hands on this data, they can make easy money from it."

Some of the suspicious Wi-Fi networks around Rio de Janeiro (Skycure)

Some of these malicious networks are set up to decrypt your encrypted communications. So even if it appears that you're on a secure website, you might not be.

Counterfeit apps 

Malicious Wi-Fi is just one attack vector — Olympic fans should also be keeping an eye on their smartphone apps. 

For instance, there's an Android app called Rio 2016 — it's the official app for the games, it shows up in the Google Play store, and it includes a bunch of features for people who are physically in Rio: spectator guides, event information and maps of the city.

But security researchers have found copies of the Rio 2016 app that have been repackaged with malware. They show up as look-alike or copycat apps in third-party app stores, with slightly different titles, like Olympics Rio 2016 and Rio 2016 Olympics. They look legit, but they're not.

Beware counterfeit apps masquerading as the real thing. (Skycure)

Again, the hackers behind these apps are opportunistic. They're taking advantage of the huge amount of attention and interest in the Olympics right now and using it to their advantage.

How to keep your data safe

According to Varun Kohli, there are a few basic ways to keep your data safe while travelling abroad. 

"Do not connect to free Wi-Fi networks. If you have to, do not do any sensitive business — don't be checking your bank account statement when you're on a free Wi-Fi network you've never been on before." 

Before you hit the road, it's also a good idea to check out Skycure's map of security threats. When you type in a city, it shows you hotspots where suspicious activity has been reported. 

Kohli also recommends people only download apps from stores like Google Play and iTunes and make sure their phones are up to date.

And remember: if your Wi-Fi network seems suspicious, don't connect. It's better to be safe than sorry. 

About the Author

Dan Misener

CBC Radio technology columnist

Dan Misener is a technology journalist for CBC radio and CBCNews.ca. Find him on Twitter @misener.

now