How safe is Wi-Fi in Paris?

Kaspersky experts examined the security of public Wi-Fi hotspots in Paris on the eve of the Olympics.

Paris Wi-Fi Security Study

The upcoming Paris Olympics — the world’s biggest sporting event since pandemic restrictions were lifted — are expected to attract over 15 million tourists to Paris — which is something scammers are already actively preparing for. Almost certainly, each of these tourists/spectators will need access to the internet, and this is where public Wi-Fi hotspots come to the rescue. However, this approach has its risks: cybercriminals may use public access points to intercept your data.

On the eve of the Olympics, our researchers have mapped and assessed the security of the open Wi-Fi networks that visitors might use. We’ve analyzed around 25,000 public Wi-Fi hotspots in Paris, and found that every fourth one is unsafe — making their users vulnerable to personal and banking data theft. For how to safely use Wi-Fi during the Paris Olympics — read on…

Heat map of all the examined public access points in Paris. Red indicates a high concentration of hotspots; green — a low concentration

Heat map of all the examined public access points in Paris. Red indicates a high concentration of hotspots; green — a low concentration

What we found out

In total, we recorded 47,891 signal records from 24,766 unique Wi-Fi access points across popular locations and Olympic venues in Paris. Around 25% (6083) of the examined Wi-Fi hotspots turned out to have serious security weaknesses — such as weak or nonexistent encryption, use of outdated devices and protocols, or misconfiguration — making them vulnerable to interception, decryption, or cracking attacks.

Not all of these hotspots are accessible to all passersby; to connect to some, you need to enter a password or PIN. However, in general, we classified as unsafe both completely open networks without any protection (we found 3176 of them), as well as those that are either misconfigured or use compromised protocols and are easily hacked using widely-known algorithms.

This means that when using such access points, users are at great risk: without reliable protection, cybercriminals can steal passwords, banking data and other personal information of users.

How many Wi-Fi points use WPS and WPA3?

Approximately 20% (4864) of the public Wi-Fi access points we investigated in Paris use the notoriously vulnerable WPS protocol, which is outdated and easily compromised. This makes them susceptible to WPS attacks, which can lead to data loss.

And below just 6% (1373) of all the hotspots are protected by the modern WPA3 security protocol, which has built-in protection against brute-force attacks, individual data encryption, and other features that make Wi-Fi access points secured by this protocol safe.

This result is disappointing. The main problems we found are either the incorrect configuration of access points (making them vulnerable to attacks), or the use of outdated equipment that doesn’t support modern security standards and protocols.

How we researched

Experts from Kaspersky’s GReAT (Global Research and Analysis Team) swapped their office chairs for benches, cafes, parks, and other public spaces in Paris for several days — all to study the most popular places in the city that Olympic spectators are likely to visit:

  • Arc de Triomphe
  • Champs-Élysées
  • The Louvre
  • The Eiffel Tower
  • Notre-Dame
  • The Seine River embankments
  • The Trocadéro
  • Stade de France
Heat map showing the distribution of both safe and unsafe public access points in Paris. Red indicates a high concentration of unsafe hotspots; green — safe ones

Heat map showing the distribution of both safe and unsafe public access points in Paris. Red indicates a high concentration of unsafe hotspots; green — safe ones

From a Wi-Fi security standpoint, leading the way are the embankments along the Seine. However, in and around the Trocadéro, it’s better to walk around without connecting to public Wi-Fi. The same goes for the Champs-Élysées and the Arc de Triomphe, where there are usually a great many folks milling about — even without the Olympics being on — so it’s worth keeping an eye on both your digital and physical safety (for the latter — e.g., against pickpocketing). We, of course, will help maintain the confidentiality of your digital identity, but we can do nothing if someone tries to steal your smartphone. Although with the help of Kaspersky for Android it’s easy to find a lost Android smartphone.

The Olympics will start at the Stade de France, where there are also many unsafe Wi-Fi access points. There are unprotected networks both right next to the stadium and in the surrounding area, so be careful whenever you want to post something directly from the stadium.

Connecting to Wi-Fi near the stadium is likely unsafe

Connecting to Wi-Fi near the stadium is likely unsafe

What’s the result

Thus, 25% of (central) Parisian Wi-Fi access points are unsafe — including both open ones and those that require a password or PIN to connect. Moving around the city, you’ll be constantly switching between available hotspots. So how can you use public Wi-Fi and not worry about your digital security?

It’s difficult to determine on your own how dangerous a particular Wi-Fi access point is — of course, except for open hotspots without any protection, connecting to which is definitely unsafe. Therefore, when using any public access point, it’s necessary to protect your Wi-Fi connection with a VPN.

If your device doesn’t have a VPN installed and you’re forced to connect to public Wi-Fi in Paris (or any other city), follow these rules:

  • Do not pay for purchases online: your banking data can be intercepted
  • Do not transmit any important information without a secure connection
  • Do not log into personal accounts that aren’t protected by two-factor authentication (2FA)
  • Use only strong passwords and store them securely
  • Disable file sharing and AirDrop (if you have it) on your devices to prevent unauthorized access to your files
  • Enable the firewall on your laptop
  • Regularly update the operating system and applications on all your devices to patch new vulnerabilities

But it’s much easier to use maximum protection on all your devices, which will keep your digital identity safe even in another country. And don’t forget to subscribe to our blog and/or Telegram channel: take care of your digital safety today!

Tips

How to travel safely

Going on vacation? We’ve compiled a traveler’s guide to help you have an enjoyable safe time and completely get away from the routine.