Last week, we published an overview of Pakistan’s new Telecommunications Policy (2015). In it we discussed the salient features of the government’s proposed ‘Universal Service Fund’ (USF). Part of this initiative includes the installation of wi-fi hotspots in public areas. Section 5.10.4 of the policy mentioned a brief policy on ensuring security of these hotspots in the following words:
PTA will ensure that consumer protection and other regulatory arrangements that apply to ISPs more generally apply to Wi-Fi hot spots.
Earlier this year on February 26, Punjab Chief Minister Shahbaz Sharif had approved the ‘Khadim-e-Punjab Metro Wi-Fi Network Program’ which would enable free public access to wi-fi facilities at select educational institutions, hospitals, railway stations, airports, Metro Bus routes and bus stands across the province. He was quoted as saying that the project would begin in Multan, Rawalpindi and Lahore and gradually expand. So far, we haven’t heard much about this ambitious project’s progress. What we have witnessed firsthand is free wi-fi inside the metro buses which, according to some citizens, has a decent speed. A source in the Punjab Information Technology Board (PITB) while speaking to PakWired on the condition of anonymity, said that “massive downloads” take place through this facility, while also highlighting “inadequate measures” to ensure user security.
The source, who was part of the Metro Wi-Fi Project team, said that the systems have just been installed as they are without any proper embedding to regulate the sort of devices which use them. For example, if a malicious person were to hack into other people’s devices on the bus, it wouldn’t be impossible.
Perhaps the most serious cyber security threats that could arise through the provision of free Internet connectivity across the urban landscapes is that terrorists could use it as a medium of communication (VoIP and OTT) instead of relying on traditional telecom operator services such as SIM-to-SIM calls, SMS and MMS messages.
Imagine the following worst-case scenario: The city government in a particular zone temporarily shuts down telecom services during the visit of a high-profile foreign dignitary. In such a situation, a group of terrorists seeking to coordinate among themselves will be left practically paralyzed. However, the availability of wi-fi hotspots nearby could enable them to communicate using Viber, Skype, LINE Messenger, Snapchat, Facebook Messenger, Wiper or many other similar services. It must be borne in mind that Pakistani law enforcement agencies haven’t yet found means to intercept and extract communication taking place through the above-mentioned VoIP/OTT services since they are highly-encrypted and take place end to end. More importantly, there are now several apps which promise their users complete secrecy without the risk of man-in-the-middle attacks.
Since wi-fi hotspots are not password-protected, mischievous hackers can be lurking around trying to penetrate into unsuspecting target devices to steal personal and especially financial information, if any. Hacking software such as “sniffer programs” analyzes traffic flowing to and from wireless routers to extract critical information.
Similarly, another means of attack is the setting up of ‘spoof hotspots’ i.e. fake hotspots to fool users into connecting with it after which their personal information can be easily connected. Earlier in July for example, devices used by 3 British politicians (David Davis MP, Mary Honeyball MEP and Lord Strasburger) were hacked after they logged into the Internet through public wi-fi hotspots.
It remains to be seen what security protocols the Government of Pakistan will implement to ensure that user security is not compromised.
Although the WHO has not identified definitive health security risks from exposure to continuous wi-fi signals and is still working to identify research gaps in this domain, there are some findings that are noteworthy:
- Being exposed too much to wi-fi’s non-thermal radio frequencies can disrupt normal cellular development, including fetal development.
- MRI reports of research on a group of individuals identified that those exposed to 4G radiation had several gray areas of reduced brain activity.
- Believe it or not, research has also shown that too much exposure to wi-fi frequencies can reduce sperm movement (both humans and animals).
- Increased exposure to 3G and LTE cell phones can increase the heart rate (as it does under stress).
Some of the tried-and-tested methods users can adopt for protection against hacking threats through public wi-fi are as follows:-
- Use of Virtual Private Networks (VPNs) to strongly encrypt user data.
- Use of SSL connections by enabling access of HTTPS-only website.
- Turning off sharing option from system preferences or the settings manager.
- Turning Wi-Fi connection off when it isn’t required.
Featured image credit: shutterstock.com