In theory, it\u2019s common knowledge that \u201cthere\u2019s no such thing as a free lunch\u201d, but when it comes to practice, some forget about the \u2018free lunch\u2019 proverb and prefer another proverbial saying, which employs a \u2018free ride\u2019 idiom. In today\u2019s story about free WiFi, you will see that when searching for a \u2018free ride\u2019 opportunity with a service provider, you are very likely to inadvertently share your private data, like your social network credentials, with third parties.<\/p>\n
There are a number of real-life examples<\/a> proving you should not be tempted by \u2018free lunch\u2019 offers. One of the most recent stories is a case involving free WiFi hotspots supplied to cafes by Smart Wi-Fi, a Russian company based in St. Petersburg. Conscious users managed to record several videos showing how this approach works when a customer logs into the Smart Wi-Fi network, and posted them on YouTube<\/a>.<\/p>\n The full story is available in this detailed article on Siliconrus.com<\/a> (it\u2019s written in Russian, so feel free to use an online translator), but we\u2019ll explain\u00a0the technology:\u00a0When connecting to a Smart Wi-Fi network, a customer is prompted to authorize via their social network account profile. In this particular case the account would be in VKontakte, which is the most popular social network in Russia.<\/p>\n However, the login and the password are entered not on the vk.com page, but on the Smart Wi-Fi website, through the unencrypted connection, which is the most insecure way of logging in to any site.<\/p>\n \u201cFree\u201d #WiFi in exchange for your social network account #password<\/p>Tweet<\/a><\/blockquote>\n So when users log in with their VK profile, the vk.com password is supplied to the Smart Wi-Fi provider and, coincidently, to any culprit armed with a laptop and lurking nearby.<\/p>\n As far as Smart Wi-Fi is concerned, there is an article<\/a> \u2013 and the aforementioned videos \u2013 which prove that the service stores credentials and uses them to, in one instance, post an ad on the customer\u2019s page on VK.com, and in another instance, to install an app onto a vk.com profile with a very broad scope of permissions, including access to a wide range of personal data and the right to publish updates on behalf of the user.<\/p>\n Whereas in the first case the user is warned about the ad being posted on their \u2018wall\u2019, the second action with app installation is made without any notice at all. In order to find out about this app, a user would have to\u00a0review their list of Vkontakte apps. It goes without saying that the\u00a0number of users who do this on a regular basis is incredibly low.<\/p>\n Why #phishing<\/a> works and how to avoid it \u2013 https:\/\/t.co\/ksAYI9g2Jm<\/a> #security<\/a> #cybercrime<\/a><\/p>\n \u2014 Kaspersky (@kaspersky) October 1, 2014<\/a><\/p><\/blockquote>\n\n