Public WiFi is an ubiquitous addition to consumer connection options today and is prevalent in coffee shops, restaurants, shopping malls and airports, providing a vital link to the Internet for people on the move (quite literally if we consider how many public buses and trains provide WiFi services to passengers).

Unfortunately, convenience requires some sacrifices and where public WiFi networks are concerned and the risks one takes when connecting to these hotspots remain unseen to the vast majority of us. This has become even more of an issue post COVID, as hybrid working means less people are in the office five days a week. According to the 2024 Verizon Mobile Security Index, the number of devices connecting to a risky hotspot has risen to 26%. Despite this, less than one third of organizations (32%) ban the use of public Wi-Fi.

The threat of counterfeit devices

If a counterfeit smartphone connects to a public network, the risks will extend beyond the device. This ultimately emphasizes the importance for public network operators to understand the true dangers associated with these counterfeits. Operators must acknowledge that malware is part of the business model of counterfeit devices and they come pre-provisioned with an array of malware spanning the full range of functionality from invasive adware all the way to ransomware, keyloggers and DDOS hosts. Unfortunately, the threat from counterfeit devices is also increasing for several reasons: they are more sophisticated now than they were even 4/5 years ago, they are more difficult to distinguish from authentic devices, they're far more accessible easy to purchase on the Internet and perhaps most worryingly, the damage they cause is more extreme. Furthermore, they tend to run on older OS versions that are significantly more vulnerable to exploits.

Public WiFi

Individuals can easily fall victim to ransomware from counterfeit devices on the same WiFi network, even if it's in a seemingly reputable location such as a popular cafe or high end hotel. Counterfeit phones can easily reach out to, command, and control servers to obtain the latest malware and instructions. Many varieties of malware will specifically seek out new hosts to infect within the same network. This risk has been described previously by Symantec and Kaspersky Labs but the impact is significantly worsened by the prevalence of counterfeit phones, often used unwittingly by members of the public.

What can be done?

Unfortunately, this issue will not go away on its own; on the contrary, all indications point towards the problem getting bigger and more dangerous. Non-authentic devices are in our future and the only question is how networks will choose to respond to them. Vetting the authenticity of devices that connect to a network is a good first step for controlling the network's security and safety – if a device really is what it is claiming to be, the chances of pre-installed malware are less likely. Counterfeit devices endanger everything they touch, and allowing a counterfeit device to connect to a public WiFi network endangers both the network operator and all of the currently connected members of the public. Operators of public WiFi networks have a duty to both themselves and members of the public to protect against the dangers of non-authentic devices.