London Underground users can now be hacked at more than 100 Tube stations

But GFI Software is warning users to be particularly careful. It’s not that security issues are any different from those accruing to any public WiFi, it’s just that they are more concentrated – even Starbucks does not have the same number of ‘customers’ as the Northern Line at 5:00pm.

The main problem is that the WiFi offered (free to Virgin Media users, paid-for to other users) is not encrypted. “There is no encryption in place so your wireless data could be intercepted by anyone that may have inexpensive ‘packet sniffing’ software installed,” warns Phil Bousfield, GM of IT operations at GFI Software. “Malware writers are increasingly turning their attention to mobile platforms [and probably Tube platforms as well], with all devices increasingly at risk of physical or wireless data theft.” This, of course, could happen while using any public WiFi service, but the Underground seems particularly vulnerable to data theft through both the volume of people and the psychological tendency for travelers to cocoon themselves in private bubbles, paying little attention to those around them.

“Widespread use of Wi-Fi-enabled devices in a small enclosed area such as a Tube platform risks the devices and their related data traffic being targeted by opportunist hackers,” says Boulsfield, adding bluejacking (where open Bluetooth connections on devices are hijacked or bombarded with unwanted messages) to the potential threats.

Physical theft is just as much a problem. At the end of last year it was reported that 170 phones were stolen in London every day, and that “Police warn people to be aware of their surroundings when using mobile phones, particularly as they leave Tube stations, and to try to avoid texting and walking at the same time.” (Evening Standard.) Without having to reconnect to the internet between platform and street, there will be an increasing likelihood of users browsing while they walk into one of the muggers’ prime hunting areas.

All of these threats can potentially compromise “work email accounts, VPN connections and any work-related data stored or accessed on the devices,” warns Boulsfield. His advice is fairly standard for WiFi hotspots: end-point security on the devices, VPNs for data communication, and simply don’t use public WiFi for really sensitive issues such as mobile banking. But since he’s talking about the London Underground, he adds, “Keep mobile devices concealed on public transport, and avoid using them openly late at night or when platforms are not inhabited. Always sit or stand in close proximity to a CCTV camera or Staff Assistance Call Point when using your device on the Tube for added safety.”

What’s Hot on Infosecurity Magazine?