Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    YORKSHIRELASS
    BT Fon not secure?
    • #1
    • 14th Aug 11, 8:27 PM
    BT Fon not secure? 14th Aug 11 at 8:27 PM
    Hi all

    Hoping someone can help us with this. We were away on holiday last week. The kids took their IPods and we went on the internet a few times through BT Fon wifi.

    When we came back we found that my husbands e-mail address had been sending junk e-mails to contacts in his address book. This was nothing to do with our home PC as it was switched off and the e-mails didnt show in the sent folder on his mailbox. We use a BT mail address.

    We can only assume that this is something to do with us using BT Fon while we were away. We have changed all our passwords and no more emails have been sent but it has made us nervous about using wifi in future. Has anyone else had the same problem? Is there anything else we should do?
Page 1
  • fwor
    • #2
    • 14th Aug 11, 9:11 PM
    • #2
    • 14th Aug 11, 9:11 PM
    It's possible that it was just coincidence that it happened while you were away.

    But it's also a possible cause. The issue for FON - unlike other wifi hotspot operators - is that at least a proportion of their hotspots operate from people's homes. In those situations it is possible for people to tamper with the firmware on the FON router - or to tap into the connections to the router - without being detected.

    However, I really don't rate it as something to worry about a great deal. Few people have the skills to do something like that, and of the few that do, very few would have the motivation.

    As a precaution, for any online service that you used via FON while away that needed username and password, you should change the password. It's probably overkill, because any login page of any importance will use Secure Sockets Layer (signified by the page starting with https://) which is still quite a tough one to crack...
  • kwikbreaks
    • #3
    • 15th Aug 11, 8:46 AM
    • #3
    • 15th Aug 11, 8:46 AM
    Few people have the skills to do something like that, and of the few that do, very few would have the motivation.
    Originally posted by fwor
    It doesn't take a lot of skill to set an AP SSID to FON and put up a fake FON landing page.

    I haven't heard of this being done but thinking about it it would be a very simple way to cream off lots of login credentials for all sorts on things.

    Maybe the email hack is a coincidence or maybe it isn't. I'd certainly be inclined to go for a password changing exercise on everything I accessed through FON.
    If you can stay calm while all around you is chaos, then you probably havent completely understood the situation.
  • YORKSHIRELASS
    • #4
    • 15th Aug 11, 9:10 AM
    • #4
    • 15th Aug 11, 9:10 AM
    Thanks for the replies. Luckily we didnt really go on anything other than news/weather sites so no real worries there.

    It has made us a bit more wary about using BT Fon though. I think if I needed to access anything secure I would be changing the password regularly just to be sure.

    My poor hubby has been getting loads of phone calls all weekend from people telling him his email has been sending random messages!! Other than that there doesnt seem to be any harm done.
  • HappyMJ
    • #5
    • 15th Aug 11, 9:14 AM
    • #5
    • 15th Aug 11, 9:14 AM
    Do not ever access anything personal on open wifi networks.... NEVER... As above it is easy to rename access point to BT FON or even just "Free Wi-Fi" then simply take a copy of all usernames and passwords sent over the network. If you absolutely must access anything with a password then set up a VPN to your home P.C or somewhere else so that your usernames and passwords will be sent over an encrypted connection.

    Edit: Then why blame the open wi-fi if all you accessed was the news and weather. Are you sure you didn't read any emails or send your email address in any form. Maybe filled out a competition?
Welcome to our new Forum!

Our aim's to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

4,526Posts Today

8,339Users online

Martin's Twitter