Londoners agreed to give away their first-born child in exchange for free wi-fi in an experiment exposing an “utter disregard” for security by smartphone users.
Security firm F-Secure set up a hotspot offering free internet in Canary Wharf to see who would agree to a “Herod clause” in the terms and conditions.
In just half an hour, 33 people attempted to connect and six, probably unwittingly, said they would “render up their eldest child for the duration of eternity”.
F-Secure, which has disabled the network and will not attempt to enforce the contract, said the hotspot let them identify devices, read emails and take usernames and passwords.
The firm’s security advisor, Sean Sullivan, said: “Free, open wi-fi is unsecure.
“It wasn’t designed for the 21st Century and it’s leaking information about us to people that we don’t have any knowledge of an they’re collecting data on us that we’re not consenting to.”
The report, called “Tainted love: How wi-fi betrays us”, was endorsed by the Information Commissioner’s Office and found a “reckless” attitude to security by people going online on their phones.
Troels Oerting, Europol’s Assistant Director and a cybercrime specialist, said while some criminals exploit the public weakness for free wi-fi by hacking networks, others create their own hotspots to lure users in.
“We have found that the security on many wi-fi hotspots is rather low,” he added.
“So because they are not set up in the proper way, the criminals don’t even need to set up their own service. They can simply look into the service that is providing the wi-fi to get what they want.”
Mr Sullivan said that although many people were suspicious of computers in internet cafes and other public computers, they did not consider their personal devices in the same way.
“And just as you wouldn't trust some computer in a lobby somewhere, you shouldn't trust some wi-fi that‘s just sitting there to connect to your personal device," he added.
“At best, your device is only leaking information about you – at worst, your passwords are being spilled into a publicly accessible space, and it’s not just spilling details to those that control the network – anybody on the network can see your information.”
The report called for more awareness about security, as well as greater transparency from internet providers about what is being collected from users.
F-Secure used the experiment to advertise their Freedome security tool, which creates a secure and encrypted connection and blocks tracking attempts.
No personal data gathered during the experiment was logged and a lawyer was present to ensure all privacy laws were adhered to.