A white hat hacker managed to break into multiple email accounts thereby forcing the European Parliament to cutoff its public Wi-Fi access.
The French security researcher apparently performed man-in-the-middle attacks on multiple email accounts in a bid to expose the poor security at the Parliament. Through an internal mailer, members of the Parliament were informed that a “hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).”
The public Wi-Fi has been cut-off indefinitely and users at located at Brussels, Strasbourg and Luxembourg have been advised to apply for certificates and switch to more secure networks.
“As a precaution, the Parliament has therefore decided to switch-off the public Wi-Fi network until further notice, and we invite you to contact the ITEC Service Desk in order to install an EP software certificate on all the devices that you use to access the EP IT systems (email, etc..).” reads the email.
Users have been advised not to accept connections through insecure public networks specifically “public Wi-Fi of the Parliament, EP-EXT.” Further users have been asked to change their passwords as soon as possible – even those on their portable devices.
In a second mailer, it was revealed that credentials of 14 users were harvested using an evil twin Wi-Fi router.