The European Parliament has shut off its public Wi-Fi after it detected man-in-the-middle attacks scooping up users’ smartphone communications.
In a notice to workers, the European Parliament said people’s inboxes may have been compromised. Affected users have been contacted and told to change their passwords.
The body has also offered software certificates to users, allowing them to securely access the private European Parliament Wi-Fi network.
Man-in-the-middle (MITM) attacks see attackers sit on the same network as targets, sniffing traffic using tools like Wireshark. Hackers can then determine what software users are running to target vulnerabilities on victims’ devices, potentially allowing them to compromise phones.
“On the medium term the Parliament will take additional measures to further secure the communication to the Parliament,” a notice from the body read.
“This kind of attack can be performed at any place where you are connecting through a Wi-Fi network (hotel lobby, airport, train station, etc.) and it is therefore important that you only accept to connect through known secure Wi-Fi networks.”
A spokesperson from the European Parliament said the attack had taken place and that mailboxes of some MEPs and staff had been compromised.
“The Parliament’s internal IT systems were not hacked… The IT services are currently looking into which measures can further enhance the security of using a public Wi-Fi network for MEPs and staff,” the spokesperson said, in an SMS message sent to TechWeekEurope.
European bodies have been caught up in the Edward Snowden leaks, which revealed attacks on European Union offices and on telecoms supplier Belgacom from the US National Security Agency (NSA) and Britain’s GDCHQ
The European Parliament is carrying out an in-depth inquiry into the alleged widespread surveillance.
Jason Steer, EMEA product manager at security firm FireEye, said attacks over public Wi-FI were “a pretty common attack vector today”. “MITM attacks are becoming more and more popular to harvest user details,” Steer told TechWeekEurope.
“Putting up a free Wi-Fi spot today outside a coffee shop would quickly show people are happy to use any network, secure or not.
“We see cases every week of user credentials harvested using techniques as simple as this to begin the process of social engineering people and then attacks begin.”
E-commerce giant faces another unionisation move, with workers at North Carolina warehouse set to vote…
Supreme Court in US on Friday is to hear oral arguments that could well decide…
Jeff Bozos challenge to SpaceX's Falcon-9 heavy lift rocket, the New Glenn rocket, to make…
As US ban looms this month, TikTok faces a buyout offer for its US assets…
Bending the knee continues from the tech industry, as Alphabet's Google becomes latest to make…
Software and cloud giant Microsoft confirms it is cutting a small percentage of jobs across…