Revealed: the malicious WiFi networks that can exploit MPs’ phones

A survey of central London appears to show clusters of attacks around parliament and Whitehall.

Sign Up

Get the New Statesman's Morning Call email.

Security experts have warned that MPs could be at increased risk of cyber-attacks after it emerged that a number of malicious WiFi hotspots have been operating in Westminster.

Analysis shared exclusively with the New Statesman indicates that the networks delivered at least a dozen attempted smartphone attacks in the area immediately surrounding the Houses of Parliament between August 2018 and August 2019.

Produced by a mobile security provider as part of a broader analysis, the findings do not show that MPs have been successfully breached or that any specific individuals were the targets of these attacks. But the positioning of the networks has raised fears that politicians could be vulnerable.

“There appears to be a particular concentration [of attacks] in areas where politicians and those advising them are active,” said Alan Woodward, a professor of cyber security at Surrey University. “At this time, we need to be particularly alert.”

In June 2017, hackers believed to be working on behalf of a hostile state carried out a “brute force” attack on parliament's email network, compromising dozens of accounts. The National Cyber Security Centre has since revealed details of its “defending democracy” programme. In its annual review last month, it said that “the foundations of liberal democracy are under increasing threat from cyber-attacks and the NCSC plays a key role in defending the UK’s political process.” NCSC officials meet with politicians every three months, and provide regular advice to parties during election campaigns.

Over the 12-month period in which the study was carried out, at least 1,569 malicious WiFi networks were in operation across the capital, according to Zimperium, a US security company that produces antivirus software for smartphones. The highest concentration of attempted attacks, all of which Zimperium claims to have foiled, were in London's busiest tourist and shopping areas, including Oxford Street, Regent Street and Tottenham Court Road, as well as around Piccadilly Circus, Leicester Square and Trafalgar Square.

But the survey also showed a cluster of malicious WiFi networks around the Palace of Westminster, with four on Parliament Square and two immediately outside Portcullis House, where many MPs have their offices. Recent advances in web security, such as the encryption of most major websites, have made it harder for WiFi operators to see how people use their networks – but the research indicates that hackers have not stopped trying.

Woodward says hackers can work around encryption by setting up copycat sites. “You redirect [users] to a spoof site, where you control the encryption certificate,” he explained. The hackers could, for example, imitate a login screen which harvests a users' password before directing them to the legitimate site. In the most sophisticated network attacks, hackers can trick users into downloading malware, which remains on their mobile device and can later be used to infiltrate a corporate WiFi network once they have returned to work. 

Zimperium defines an attack as an instance in which a user has logged into a WiFi router and the traffic has been redirected through a hackers' device. A spokesperson said it uses machine learning to distinguish between benign and malicious redirects and claims that its false positive rate on network attacks is “infinitesimally small”. But they refused to go into further detail about the methodology, citing intellectual property concerns.

NCSC discourages the use of third-party security products for smartphones, instead advocating that mobile operating systems such as iOS and Android are constantly updated by users. Woodward, meanwhile, said public WiFi networks should only be accessed via virtual private networks (VPN). 

The House of Commons said it does not comment on security issues.

Oscar Williams is editor of the New Statesman's sister site NSTech.