Recently there was a symposium focussed on connected and automated vehicles and infrastructure. One of the services provided by the venue was WiFi for the attendees. This was a welcomed and well-used service, which was beneficial. The issue, however, was with the WiFi itself. The WiFi that was available to be connected with was not secure in any fashion or form. This should have been red-flagged by the persons present prior to connecting. This should also have been noticeable for the persons as they connected to the WiFi, as it did not include any security. This was notable from the connection itself and the terms and conditions (T&C). As the presentations continued, there was one person located near the rear of the room with his laptop open. He happened to be running an app which monitors and captures packets. From simply looking across a table, anyone was able to watch the activity and note that he had been recording this for a longer amount of time than what was necessary. Others, not aware of him recording their activities, where logging into and reviewing their stock portfolio, work emails (possibly containing sensitive and confidential information), personal emails, and Facebook.
The issues associated with WiFi that had not been secured are well-known. This provides another example that may be used for training purposes for the general staff and others. Anyone in the audience that did not want to use their data plan for these activities unwittingly, as they logged in with their credentials, allowed an unauthorized third party access to their private information.
No comments:
Post a Comment