Cybersecurity experts warn that wireless connectivity in crowded spaces makes it easier to extract personal and banking information.
The everyday use of options such as WiFi and Bluetooth in public spaces such as restaurants, shopping centres or airports can transform these places into scenarios conducive to the theft of personal and banking data.
Cybersecurity experts warn that keeping these features active outside the home increases the vulnerability of devices to digital surveillance tactics and attacks by cybercriminals.
Why it is dangerous to keep WiFi turned on in a public place
The convenience of always being connected has led many users to leave wireless connections enabled throughout the day. This practice, while facilitating interaction with nearby networks and devices, exposes phones to risk.
Open WiFi networks allow cybercriminals to intercept messages and passwords in crowded places.
According to the Community of Madrid, the use of open WiFi allows nearby devices to attempt to connect to unprotected networks, making it easier for third parties to intercept transmitted data, such as messages or passwords.
In addition, malicious administrators of these networks can observe the information exchanged, a common situation in cafés, airports and shops. The danger is not limited to passive data interception. Attacks using ‘intermediary devices’ pose an additional threat.
A malicious user connected to the same network can interfere with communication between the phone and the requested service, ‘reading the information we are handling,’ according to the Community of Madrid. This technique allows attackers to access sensitive information without the victim’s knowledge.
What happens if your mobile phone connects to a public WiFi network
Cybercriminals create fake WiFi access points to steal users’ data and banking credentials.
Connecting to open or unknown networks, although attractive because they are free, involves serious risks. Sometimes, cybercriminals themselves create access points with names similar to those of well-known establishments to deceive users.
According to the Community of Madrid, ‘we may believe that they belong to a hotel or restaurant, but in reality they have been created by a cyberattacker to access our data.’
This tactic not only facilitates surveillance, but also compromises the integrity of the data stored on the device, including emails and bank credentials, which can be stolen and used in financial fraud.
Exposure to these risks increases when the device connects to a public network with other users present. ‘When we access a public network where other users are connected, our device is exposed and visible to other users,’ warns the Community of Madrid.
What are the dangers of keeping Bluetooth enabled in public places?
Failures in Bluetooth protocols and a lack of security updates increase exposure to intrusions.
Bluetooth is a significant attack vector. Spain’s National Cybersecurity Institute (INCIBE) warns about ‘Bluesnarfing,’ a technique that exploits flaws in Bluetooth connection protocols.
The widespread use of Bluetooth to connect everyday accessories increases exposure. According to INCIBE, ‘the protocols responsible for allowing devices to connect to each other may have flaws in their design or implementation,’ which facilitates unauthorised access to files, contacts and online accounts.
If the phone remains visible or does not have the necessary security updates, attackers can access personal information without the user noticing.
Detecting Bluesnarfing attacks is difficult, but symptoms such as rapid battery drain, unexpected crashes, and unknown connections can alert the user.
The range required for this type of attack rarely exceeds 15 metres, making crowded places highly vulnerable.
How to tell if a cybercriminal has accessed a phone via Bluetooth
Detecting a Bluesnarfing attack can be difficult. INCIBE indicates that some symptoms include unexpected phone crashes, messages sent from unauthorised applications, and high battery consumption for no apparent reason.
Another warning sign is the appearance of unknown connections in the Bluetooth device history on your mobile phone, which may indicate unauthorised access to personal, banking or social media accounts.
INCIBE stresses that ‘if you detect unrecognised logins, unauthorised purchases or suspicious activity in your bank accounts or online profiles, it could be the result of data extraction through Bluesnarfing’.
