McDonald’s corporation serves around 68 million customers daily in 119 countries, all of their locations are armed with an access point which allows you to enjoy their free internet connection. On the website of McDonald’s you can see that they use no type of security to secure their customers from cybercriminals. So what does this mean for you?
The website also provides information on which type of SSID the McDonald’s accesspoint will be using to provide the wireless connection. This allows any cybercriminal to setup a rogue accesspoint which will have the name ‘BELLWIFI@McDonalds’ – this method is very popular amongst hackers as a lot of people will simply connect to a free wireless connection. Another name which was used was the ‘McDonalds FREE WIFI’ SSID.
McDonalds did setup their access points in such a way that a VPN will be allowed to tunnel through the access point – this is the only method McDonald used to provide some type of security option. This does mean that you will need to have a VPN account.
If you wish to connect to the McDonald access point you will NOT be asked for a WPA2 or even a WEP password. This could have been done by McDonald’s to ensure that people with no knowledge of internet will be able to connect to the wireless connection but this is just another security option which could have been enabled.
Information gathering by McDonald’s
It surprised me to see that in The Netherlands, McDonald is the only Fast Food chain which is supplying Wireless Connections, BurgerKing and KFC for example are not providing WiFi in The Netherlands.
This brings me to the next thought, the wireless connection that is being provided by McDonald’s could be used to gather sensitive information about the behavior of the McDonald customers, for example what are they searching for? What do they like? This information provides insight on the demands of the McDonalds customers and it will allow McDonald’s to apply marketing strategics and so on, but what if the NSA would be interested in that type of information? Would McDonald say NO to the NSA? I don’t think so. I strongly believe that ‘free wireless connections’ are free because YOU ARE THE PRODUCT.
So how vulnerable is McDonalds?
Well we did a fast search on the internet, and what we found was pretty funny. If you are aware of the ShodanHQ search engine you will know that it is a massive computer search engine which scans the internet for devices. We used the ShodanHQ website to find McDonald devices and guess what? We found some.
Some of the access points of McDonald are allowing robots to index them, this could mean that these devices are vulnerable to an cyber-attack which would alter the setup of the devices in the image above.
If you are using ‘FREE WIFI’ you need to think about the following stuff:
1. Do I have any type of encryption enabled which will secure my traffic?
2. Is this the real WIFI hotspot which is provided by the company?
3. Do I really want to do financial transactions using a free internet connection?
Let us know if you have some other tips and tricks which you use when you are using a free internet connection.