Cybersecurity is still a complex subject in the industry, eluding many professionals that are not directly engaged with IT and innovation. Just like train safety, the digital journey is an immensely important part of today's passenger's lives, and it should not be underestimated.
To talk about Wi-Fi safety during train journeys, SmartRail World welcomes Fergus O’Sullivan, chief editor of Cloudwards.net and expert on cybersecurity.
One of the biggest advantages that trains have over cars is that passenger's times are their own. Rather than concentrate on the road, people can let their minds wander while looking at the passing scenery, or even use the travel time to get some work done.
Many transport companies have public WiFi available on trains for travelers looking to make the most of their journey, but these open networks don’t come without risks. In this article, we explain how exactly cybercriminals try and abuse these public WiFi connections and the risk they pose to passengers.
The Risks of Using Public WiFi in Trains
When it comes to using public WiFi on trains, as well as in planes or any local Starbucks, the threat of cybercrime is ever present. There are several methods to breach digital devices, and what most of them have in common is how easy they are to deploy; more often than not, any 11-year-old scriptkiddie can put them together in a matter of minutes.
One of the most common methods is using a penetration testing tool, usually used by cybersecurity experts to test how strong a network is. This tool can find vulnerable devices connected to public WiFi, such as phones, tablets, and laptops, which are usually a perfect target, as most standard pre-installed security software is a joke. The attacker can then log what users are doing on the web, scooping up passwords and even credit card details, and can even install tracking software to keep siphoning information even after the user has disconnect from their fake network. However, hackers will rarely invade the actual device itself -- they often don't hold anything of value, and the chances of being caught are high as users will likely notice when a third party is going through their files.
Another often-used tactic -- and one that’s much more subtle -- is the so-called man-in-the-middle networks. As you can guess from the name, a MitM attacker will hijack a public network by placing his own in the way, using a name that’s almost exactly the same, except containing an extra character. So, instead of using the Amtrak train WiFi, users can accidentally connect to a shady cloned network and have their personal information stolen.
If all the above sounds scary, that’s because it is. While the convenience of public Wi-Fi is beyond question, the assumption that it’s safe is one that will cost you. It is important to operators to educate users on the most common methods, such as for example, a fake network named like a station's wi-fi but with weird characters and spelling mistakes in it (a common tactic to weed out more aware people). Free Wi-Fi on trains is a godsend to passengers, but nothing that’s free comes without risks.
Fergus O’Sullivan is the chief editor of Cloudwards.net, a review site for everything software related. He knows a fair bit about cybersecurity, and takes any opportunity he can get to take the train and get some work done.
If you would like to know more about cybersecurity, join us on the SmartTransit LA conference, on October 28-30th.