It was already known for many years that people should be careful when using the “free” internet provided in public places, such as in bars and coffee shops. You might inadvertedly connect with a hacker’s access point, for example, who can then collect all sorts of private information about you. Your facebook username and password, your online banking details; information you definitely don’t want falling in the hands of the wrong people. But in a trusted environment, when you are certain you’ve connected to the correct access point, you would think that you are reasonably safe.
And you would also think that a large organisation like the Dutch railway would definitely have sufficient IT-resources to provide just such a safe internet connection to its passengers. But according to a report published on the Dutch news site “De Correspondent” today, nothing could be farther from the truth (the article is only available to paying subscribers, so unfortunately I am unable to share it here).
The article relates how a Dutch computerscientist (Hannes Mühleisen), who lives in close proximity to the railway near Amsterdam central station, noticed on his laptop that he was able to ‘see’ the wireless access point of an intercity train passing by. That surprising discovery sparked his interest. He set up some cheap antennas to boost the reception and began collecting and analysing all the wireless data he could receive from the passing trains. As the data poured in, he was astonished; he observed that the connections between the train’s access points and the passengers’ mobile devices are not encrypted. See for yourself.
This is obviously a major network security problem. So the first thing he did was to warn the railway company, numerous times. But his warnings appear to have been lost in a burocratic machine of Kafkaesque proportions. It’s been months now since the NS was alerted and still nothing has been done to protect their unsuspecting passengers from this enormous network vulnerability. Typical. Untill that changes, I would strongly advise against using the free WiFi connection on Dutch intercity trains.