Given the fears and issues that Rio de Janeiro faced during the run-up to this year’s Olympics, it should come as no surprise that a few more problems arose just as the games began. Last Thursday, the security firm Skycure issued a travel advisory for all visitors to Rio, warning of hackers setting up “malicious Wi-Fi networks” that could steal encrypted data from unsuspecting internet-users’ phones.
These fake networks, which can cost hackers as little as $100 to set up, are designed to steal information from any connected device—and the threat begins that moment visitors land. A scam network named “_RIO GALEAO WIFI” was found 12 miles from the airport. It’s pretty smart, as many travelers—even those warned to watch out for scams—who used the airport’s free Wi-Fi might not give a second thought to reconnecting just a few miles out. And all it takes is one click. Most of these networks are SSL-decrypting networks, which are created to break encryption to look at any encrypted data. This can result in sensitive information—passwords, credit cards, and anything else private located on your phone—being stolen.
Skycure warns that scammers will often include “Free” in their name to attract connectors. It also highlights hotels and shopping malls as places with risky, misconfigured, or malicious Wi-Fi networks. The firm explains that if your phone is connected to any network that seems out of context (like if you’re 12 miles from the airport and still connected to the “airport’s Wi-Fi”—I mean, I can’t even get my home Wi-Fi in my bedroom), you should disconnect immediately.
It doesn’t end with Wi-Fi, either: Skycure also warned about malicious malware camouflaged as official apps. The legitimate Olympics app, Rio 2016 has had imitators like Rio 2016 Olympics and Olympics Rio 2016. The apps have the potential to take over your device and steal personal information while also delivering excess ads—really putting salt in the wound there.
Anyone visiting should be vigilant, but there are some easy things you can do to protect yourself—and these lessons apply whether you’re hunting for free Wi-Fi in Rio or elsewhere. First of all, if you know there is a legitimate connection—one at your hotel, for instance—make sure that you get the official network name. A false hotspot at the Sheraton in Rio called “Sheraton-GuestRoom” could lure in unsuspecting hotel guests who were promised Wi-Fi with their booking. Just like with the malicious apps, the name is key. Visitors might also considering using a virtual private network, which could help subvert an attacker. Perhaps the easiest to use is Skycure’s own map that looks for suspicious hotspots nearby. The company also has an app that monitors activity and analyzes wireless networks to warn users if they are vulnerable.
Although these solutions are good, you actually have to connect to the Wi-Fi to use them—heck, you have to connect to the Wi-Fi just to read an article like this warning you about connecting to the Wi-Fi. Maybe international roaming charges don’t sound as terrifying now.